High Severity

Observed IOC: Malicious sender root domains

Labels

BEC/Fraud
Credential Phishing
Malware/Ransomware
Impersonation: Domain
Social engineering
Sender analysis
Header analysis

Description

Detects inbound messages sent from known malicious sender root domains. IOC list is automatically managed and hashed by the IOC pipeline from the private threat intelligence feed.

References

No references.

Sublime Security
Created Apr 24th, 2026 • Last updated Apr 24th, 2026
Feed Source
Sublime Core Feed
Source
GitHub
// AUTO-GENERATED IOC LIST - DO NOT EDIT MANUALLY
// Managed by automated IOC system
type.inbound
and hash.sha256(sender.email.domain.root_domain) in (
  'bca881482859b1d19364b40f36d9287fc56a073266ea2a6800f3f48cd927535f', // Subscription renewal callback
  'fed6d9c30d5d05ac9112171af40e3f217d546d89af8ff60fd0a7f05ba423aa06' // Subscription renewal callback
)
MQL Rule Console
DocsLearning Labs

Playground

Test against your own EMLs or sample data.

Share

Post about this on your socials.

Get Started. Today.

Managed or self-managed. No MX changes.

Get Started
Deploy and integrate a free Sublime instance in minutes.
Get Started