New rule: Startup investment solicitation with suspicious indicators#4013
Open
missingn0pe wants to merge 11 commits intomainfrom
Open
New rule: Startup investment solicitation with suspicious indicators#4013missingn0pe wants to merge 11 commits intomainfrom
missingn0pe wants to merge 11 commits intomainfrom
Conversation
…icious indicators This rule detects investment fraud messages related to startups by identifying specific keywords and suspicious indicators in the sender's email and message content.
github-actions
Bot
added
the
in-test-rules
github-actions Bot
added a commit
that referenced
this pull request
Feb 12, 2026
…ion with suspicious indicators
github-actions Bot
added a commit
that referenced
this pull request
Feb 12, 2026
…t solicitation with suspicious indicators
github-actions Bot
added a commit
that referenced
this pull request
Feb 17, 2026
…d: Startup investment solicitation with suspicious indicators
github-actions Bot
added a commit
that referenced
this pull request
Feb 17, 2026
…stment solicitation with suspicious indicators
Added subject.is negation
github-actions Bot
added a commit
that referenced
this pull request
Feb 18, 2026
…d: Startup investment solicitation with suspicious indicators
Limits FP's on investor outreach for POC help.
github-actions Bot
added a commit
that referenced
this pull request
Feb 18, 2026
…stment solicitation with suspicious indicators
github-actions Bot
added a commit
that referenced
this pull request
Feb 18, 2026
…stment solicitation with suspicious indicators
github-actions Bot
added a commit
that referenced
this pull request
Feb 18, 2026
…d: Startup investment solicitation with suspicious indicators
Removed 'VC' from money keywords and added new, more targeted, keywords instead. Added 2 negations typically only seen with legitimate investor relations & investor pitches.
github-actions Bot
added a commit
that referenced
this pull request
Feb 19, 2026
…stment solicitation with suspicious indicators
github-actions Bot
added a commit
that referenced
this pull request
Feb 19, 2026
…d: Startup investment solicitation with suspicious indicators
Negating topics & keywords for irrelevant FP's
github-actions Bot
added a commit
that referenced
this pull request
Mar 2, 2026
…stment solicitation with suspicious indicators
github-actions Bot
added a commit
that referenced
this pull request
Mar 2, 2026
…d: Startup investment solicitation with suspicious indicators
Added language variables
github-actions Bot
added a commit
that referenced
this pull request
Mar 2, 2026
…d: Startup investment solicitation with suspicious indicators
github-actions Bot
added a commit
that referenced
this pull request
Mar 2, 2026
…stment solicitation with suspicious indicators
Accounting for verbiage variable on FP's.
github-actions Bot
added a commit
that referenced
this pull request
Mar 3, 2026
…d: Startup investment solicitation with suspicious indicators
github-actions Bot
added a commit
that referenced
this pull request
Mar 3, 2026
…stment solicitation with suspicious indicators
Member
Author
|
Low FP rate on benign messages. Possibly needs to be as ASR rule. Largest FP vector is sales pitches targeting start-ups and loose unsubscribe phrasing. |
Reducing severity of rule name for broader scope
github-actions Bot
added a commit
that referenced
this pull request
Mar 6, 2026
…itation with suspicious indicators
github-actions Bot
added a commit
that referenced
this pull request
Mar 6, 2026
…nvestment solicitation with suspicious indicators
Member
|
Hey @missingn0pe! Let's review this live together! |
github-actions Bot
added a commit
to IndiaAce/sublime-rules
that referenced
this pull request
Apr 8, 2026
…estment solicitation with suspicious indicators
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This rule detects investment fraud messages related to startups by identifying specific keywords and suspicious indicators in the sender's email and message content.
Associated samples
- Sample 1
- Sample 2
- Sample 3
Associated hunts
- Hunt 1