Medium Severity
Spam: BlackBaud infrastructure abuse
Description
Malvertising campaign has been observed abusing a compromised account with BlackBaud. These campaigns have been leveraging brands like Disney+, Netflix, Paramount+, Peacock, UPS, and impersonating the likeness of Elon Musk.
References
No references.
Sublime Security
Created Jan 17th, 2024 • Last updated Jan 17th, 2024
Feed Source
Sublime Core Feed
Source
type.inbound
and regex.imatch(sender.email.email, 'communications[a-z]{4,}@.+')
and any(headers.hops, any(.fields, strings.ilike(.name, "x-campaignid")))
and any(headers.domains, strings.contains(.domain, "blackbaud.com"))
and regex.imatch(subject.subject, 'RE\s?:.*')
and (
length(headers.references) == 0
or not any(headers.hops, any(.fields, strings.ilike(.name, "In-Reply-To")))
)
and any(body.links, .display_text is null)
Playground
Test against your own EMLs or sample data.