Skip to content

Update observed IOC rules - 2026-04-24#4350

Merged
IndiaAce merged 59 commits intomainfrom
automated-ioc-updates
Apr 24, 2026
Merged

Update observed IOC rules - 2026-04-24#4350
IndiaAce merged 59 commits intomainfrom
automated-ioc-updates

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot commented Apr 15, 2026
edited
Loading

Summary

Automated IOC update (Last updated: 2026-04-24)

Cumulative Changes Since Last Merge

  • Total Active IOCs: 18
  • Added: 4 IOCs
  • Expired: 1 IOCs

New IOCs

  • ae17c9b46750752e... (sender_domains) — Observed malicious sender domain
  • e9c66e037a06bd8e... (sender_domains) — Observed malicious sender domain
  • bc470dca9be34cef... (body_links_root_domains) — Encrypted Message fake Dropbox Lure
  • 2b3a899b37c99e1b... (body_links_root_domains) — Invoice themed cred theft

Testing

  • MQL syntax validated
  • SHA-256 hashes verified
  • Expiration dates calculated correctly

Update History

  • 2026-04-24: Added 4 IOC(s) — 18 active IOC(s)
  • 2026-04-24: Added 4 IOC(s) — 18 active IOC(s)
  • 2026-04-24: Added 3 IOC(s) — 17 active IOC(s)
  • 2026-04-24: Added 0 IOC(s) — 14 active IOC(s)
  • 2026-04-22: Added 0 IOC(s) — 15 active IOC(s)
  • 2026-04-21: Added 2 IOC(s) — 15 active IOC(s)
  • 2026-04-17: Added 2 IOC(s) — 12 active IOC(s)

Generated by automated IOC management system
Source: Private threat intel repository

@github-actions github-actions Bot requested a review from a team April 15, 2026 17:43
@github-actions github-actions Bot requested a review from a team as a code owner April 15, 2026 17:43
@github-actions
Copy link
Copy Markdown
Contributor Author

github-actions Bot commented Apr 15, 2026

Test Rules Sync - Action Required

This PR was not automatically synced to test-rules because the author is not a member of the sublime-security organization.

To enable syncing, an organization member can comment /update-test-rules on this PR.

Once triggered, the rules will be synced on the next scheduled run (every 10 minutes).

@IndiaAce IndiaAce marked this pull request as draft April 15, 2026 18:13
@IndiaAce IndiaAce marked this pull request as draft April 15, 2026 18:13
@github-actions github-actions Bot changed the title chore: Update observed IOC rules - 2026-04-15 Update observed IOC rules - 2026-04-15 Apr 15, 2026
@github-actions
Copy link
Copy Markdown
Contributor Author

github-actions Bot commented Apr 15, 2026

Automated update — 2026-04-15
Rules regenerated from latest IOC CSVs. Force-pushed to automated-ioc-updates.

@github-actions
Copy link
Copy Markdown
Contributor Author

github-actions Bot commented Apr 15, 2026

Automated update — 2026-04-15
Rules regenerated from latest IOC CSVs. Force-pushed to automated-ioc-updates.

IndiaAce and others added 2 commits April 15, 2026 15:40
@IndiaAce @claude
chore: Remove redirect target IOC rules
a6ac407 
These rule types have been removed from the IOC management config.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Auto-format MQL and add rule IDs
52bc71e
@github-actions
Copy link
Copy Markdown
Contributor Author

github-actions Bot commented Apr 24, 2026

Automated update — 2026-04-24
Rules regenerated from latest IOC CSVs. Force-pushed to automated-ioc-updates.

@IndiaAce IndiaAce enabled auto-merge April 24, 2026 16:39
@IndiaAce IndiaAce added this pull request to the merge queue Apr 24, 2026
github-actions Bot added a commit that referenced this pull request Apr 24, 2026
@github-actions
[Test Rules] [PR #4350] modified rule: Observed IOC: Malicious root d…
2537265 
…omains in body links
@IndiaAce IndiaAce removed this pull request from the merge queue due to a manual request Apr 24, 2026
@github-actions
Copy link
Copy Markdown
Contributor Author

github-actions Bot commented Apr 24, 2026

Automated update — 2026-04-24
Rules regenerated from latest IOC CSVs. Force-pushed to automated-ioc-updates.

@IndiaAce
Copy link
Copy Markdown
Member

IndiaAce commented Apr 24, 2026

https://platform.sublime.security/messages/hunt?huntId=019dc087-c54d-7629-ae24-96cbab44187a

@IndiaAce IndiaAce added this pull request to the merge queue Apr 24, 2026
Merged via the queue into main with commit 3054b6e Apr 24, 2026
5 checks passed
@IndiaAce IndiaAce deleted the automated-ioc-updates branch April 24, 2026 17:34
github-actions Bot added a commit that referenced this pull request Apr 24, 2026
@github-actions
[Test Rules] [PR #4350] Delete detection rule
7602d6f
github-actions Bot added a commit that referenced this pull request Apr 24, 2026
@github-actions
[Test Rules] [PR #4350] Delete detection rule
8427696
github-actions Bot added a commit that referenced this pull request Apr 24, 2026
@github-actions
[Test Rules] [PR #4350] Delete detection rule
18d7c78
github-actions Bot added a commit that referenced this pull request Apr 24, 2026
@github-actions
[Test Rules] [PR #4350] Delete detection rule
f12822c
github-actions Bot added a commit that referenced this pull request Apr 24, 2026
@github-actions
[Test Rules] [PR #4350] Delete detection rule
3a1470e
github-actions Bot added a commit that referenced this pull request Apr 24, 2026
@github-actions
[Test Rules] [PR #4350] Delete detection rule
e4a1e22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@IndiaAce IndiaAce IndiaAce approved these changes

Assignees

No one assigned

Labels

in-test-rules PR is in our testing suite to collect telemetry review-needed Indicates that a PR is waiting for review shared-samples:excluded:author_membership

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@IndiaAce @zoomequipd