Detecting malicious AnonymousFox email messages sent from compromised sites

AnonymousFox is a threat actor group active since 2019, targeting vulnerabilities in CMS platforms like WordPress, Drupal, Joomla, and OpenCart through tools such as FoxAuto and Fox-CGI, which grant full control over compromised websites for malicious activities including password resets, script uploads, and phishing attacks. Despite available prevention resources, these attacks persist, with recent spikes in activity, leading to compromised sites sending out phishing emails that bypass spam filters. Sublime's AI-powered detection engine effectively identifies and mitigates these threats by analyzing email headers for specific artifacts like "anonymousfox" or "smtpfox," ensuring such malicious messages are kept out of mailboxes. The software uses a combination of open-source detection rules and advanced AI techniques to combat evolving threats, offering users tools to protect their email systems from these persistent attacks.