Brand impersonation: Exodus | Sublime Security

Sublime Core Feed
Brand impersonation: Exodus
Sublime Core Feed
Login to Sublime
Low Severity
Brand impersonation: ExodusLabelsCredential Phishing
Impersonation: Brand
Social engineering
Header analysis
Natural Language Understanding
Sender analysis
DescriptionAttack impersonating Exodus Wallet.
Referenceshttps://exodus.com
Sublime Security
Created Aug 17th, 2023 • Last updated Jan 12th, 2026
Feed Source
Sublime Core Feed
Source
GitHub
type.inbound
and (
  strings.ilike(sender.display_name, "*exodus*")
  or (
    strings.ilike(sender.email.domain.root_domain, "*exodus*")
    and network.whois(sender.email.domain).days_old <= 30
  )
)
and sender.email.domain.root_domain not in (
  "exodus.com",
  "exodus.io",
  "exodusescaperoom.com"
)
and sender.email.email not in $recipient_emails
and (
  any(ml.nlu_classifier(body.current_thread.text).intents, .name != "benign")
  or any(ml.nlu_classifier(body.current_thread.text).entities,
         .text == "wallet"
  )
)
MQL Rule Console
•Docs•Learning Labs
PlaygroundTest against your own EMLs or sample data.
SharePost about this on your socials.
Get Started. Today.Managed or self-managed. No MX changes.
Get Started
Deploy and integrate a free Sublime instance in minutes.
Get Started