sublime-rules icon indicating copy to clipboard operation
sublime-rules copied to clipboard

Published 20 hours ago verified publisher icon sublime-security

Updating Fake Password Expiration from New and Unsolicited sender and Fake thread with suspicious indicators

Open aidenmitchell opened this issue 1 year ago • 1 comments
trafficstars

Description

Credential Phishing: Fake Password Expiration from New and Unsolicited sender:

  • added additional phrase for suspicious language
  • added additional body logic
  • replaced all subject.subject and body.current_thread.text with strings.replace_confusables()
  • added check for excessive whitespace in the event the body is longer than previously observed

Fake thread with suspicious indicators:

  • added additional regex for excessive whitespace detection

Associated samples

  • https://platform.sublimesecurity.com/messages/9073b88dc09472b286a3d4f71349bfd625b8be9b03e170f0d6392aa06a8af030

Hunts

  • https://platform.sublimesecurity.com/hunts/ae1a654c-4881-4133-8c6f-8c79d7279c90

aidenmitchell avatar Jul 18 '24 22:07 aidenmitchell

/mql-mimic-exempt: 254213, 191778, 252066, 343227, 367853, 361869, 367968, 479127, 518792

Not applicable

morriscode avatar Jul 23 '24 15:07 morriscode