Bryan Campbell

A more recent [hunt](https://platform.sublime.security/messages/hunt?huntId=01977d35-5972--99b7-d38da1ad2ab1)

Hunting has identified some domains that are identified as part of the Levenshtein logic, i will add a negation in for the legitimate ones.

https://platform.sublime.security/messages/hunt?huntId=0198144c-8f1e-7d4a-b520-97cb9f307658 This hunt includes some negation for a legitimate platform.

/update-test-rules

/update-test-rules

Logo is in, adding in another negation.

Hunting with some additional edits. 1. https://platform.sublime.security/hunts/019874f1-d82e-7576-9ba0-f501f6edb273 2. https://platform.sublime.security/messages/hunt?huntId=019875cd-806c-7b19-b152-feb88a956dd6 The second hunt includes the requested detection i've been waiting on using logo.

Added in a couple more negations, this may well benefit from adding a list from newsletters.

All samples i checked today are malicious, i think this can be merged at this point after another peer review. 1. https://platform.sublime.security/messages/4f5ca64b12d015f90644c17b420d966519a53d70fe56342fae712658aa41e1a4?preview_id=0198b4be-192d-78a8-ac6a-539020c56c65 2. https://platform.sublime.security/messages/4f6078202356672a90ead611d6476a5537455de1cdad34587afa0937be1767d2?preview_id=0198c4e6-f372-73bb-8683-a20935be87c5

Added in some changes following feedback.