Skip to content

Add detection rule for Claude impersonation #4683

Open
cybher0808 wants to merge 5 commits into
mainfrom
cybher0808.fn.esc-15623.fakeclaude
Open

Add detection rule for Claude impersonation #4683
cybher0808 wants to merge 5 commits into
mainfrom
cybher0808.fn.esc-15623.fakeclaude

Conversation

@cybher0808

@cybher0808 cybher0808 commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Member

Description

This rule detects impersonation of Anthropic or Claude using newly registered domains. It flags messages based on sender display names and checks for domain age and specific content in the message.

Associated samples

Associated hunts

@cybher0808
Add detection rule for Claude impersonation with domains
e04b4b4 
This rule detects impersonation of Anthropic or Claude using newly registered domains. It flags messages based on sender display names and checks for domain age and specific content in the message.
@cybher0808 cybher0808 requested a review from a team June 16, 2026 18:15
@cybher0808 cybher0808 requested a review from a team as a code owner June 16, 2026 18:15
@cybher0808 cybher0808 self-assigned this Jun 16, 2026
@cybher0808 cybher0808 added the in-test-rules PR is in our testing suite to collect telemetry label Jun 16, 2026
github-actions Bot added a commit that referenced this pull request Jun 16, 2026
@github-actions
[Test Rules] [PR #4683] added rule: Brand impersonation: Claude with …
622e6e8 
…newly registered domains
github-actions Bot added a commit that referenced this pull request Jun 16, 2026
@github-actions
[Shared Samples] [PR #4683] added rule: PR# 4683 - Brand impersonatio…
5a93f6d 
…n: Claude with newly registered domains
@cybher0808
Remove commented-out body link conditions
94847e2 
Removed commented-out conditions for body links in impersonation detection rule.
github-actions Bot added a commit that referenced this pull request Jun 16, 2026
@github-actions
[Test Rules] [PR #4683] modified rule: Brand impersonation: Claude wi…
22bd87d 
…th newly registered domains
github-actions Bot added a commit that referenced this pull request Jun 16, 2026
@github-actions
[Shared Samples] [PR #4683] modified rule: PR# 4683 - Brand impersona…
b8c72a4 
…tion: Claude with newly registered domains
github-actions Bot added a commit that referenced this pull request Jun 18, 2026
@github-actions
[Shared Samples] [PR #4683] modified rule: PR# 4683 - Brand impersona…
9e9485b 
…tion: Claude with newly registered domains
github-actions Bot added a commit that referenced this pull request Jun 18, 2026
@github-actions
[Test Rules] [PR #4683] modified rule: Brand impersonation: Claude wi…
0a4b02e 
…th newly registered domains
github-actions Bot added a commit that referenced this pull request Jun 18, 2026
@github-actions
[Test Rules] [PR #4683] modified rule: Brand impersonation: Claude wi…
4b8fcb6 
…th newly registered domains
github-actions Bot added a commit that referenced this pull request Jun 19, 2026
@github-actions
[Shared Samples] [PR #4683] modified rule: PR# 4683 - Brand impersona…
5d69b38 
…tion: Claude with newly registered domains
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@cybher0808 cybher0808

Labels

in-test-rules PR is in our testing suite to collect telemetry

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cybher0808