sublime-rules icon indicating copy to clipboard operation
sublime-rules copied to clipboard

Published 20 hours ago verified publisher icon sublime-security

Update impersonation_dropbox.yml

Open aidenmitchell opened this issue 1 year ago • 2 comments
trafficstars

Description

Adding link check to flag on display URL == dropbox.com but with a mismatch.

Associated samples

  • https://platform.sublimesecurity.com/messages/3dca3712fbb6994e5a0401f9330ed444e640c9a32bfd3feadc0d0bbb2fea984d

aidenmitchell avatar Jul 30 '24 17:07 aidenmitchell

/update-test-rules

morriscode avatar Aug 02 '24 13:08 morriscode

Added to test rules, I'm guessing this is fine but just wanted to double check since a mismatch could be for a few reasons?

morriscode avatar Aug 02 '24 13:08 morriscode

looks OK in test rules 3 new matches compared to existing version (4 matches total) but, I think there's a chance of FPs on URL rewriters for which there are not decoders. I did run a hunt, which turned up nothing, so maybe not as big of a concern as I think.

https://platform.sublime.security/hunts/8e094495-eec7-4e0c-9902-eef441df9f5b

zoomequipd avatar Aug 07 '24 21:08 zoomequipd

Just in case, I added a Mimecast negation.

aidenmitchell avatar Aug 07 '24 21:08 aidenmitchell