sublime-rules icon indicating copy to clipboard operation
sublime-rules copied to clipboard

Published 20 hours ago verified publisher icon sublime-security

Create vendor_compromise_microsoft.yml

Open aidenmitchell opened this issue 8 months ago • 6 comments
trafficstars

Description

Message contains suspicious links and Microsoft impersonation from a sender common to your environment. Indicative of vendor compromise.

Associated samples

  • https://platform.sublime.security/messages/88497823a501feb43fb1de2a71417f7551b63a9436a28167d078e648a5737cc1?preview_id=019565e2-8c2a-713d-9351-eb68745fad30

aidenmitchell avatar Mar 12 '25 18:03 aidenmitchell

/update-test-rules

aidenmitchell avatar Mar 12 '25 18:03 aidenmitchell

/update-test-rules

aidenmitchell avatar Mar 27 '25 16:03 aidenmitchell

/update-test-rules

aidenmitchell avatar Apr 01 '25 15:04 aidenmitchell

/update-test-rules

aidenmitchell avatar Apr 01 '25 15:04 aidenmitchell

/update-test-rules

zoomequipd avatar Apr 07 '25 13:04 zoomequipd

will let the latest rev work for a couple days

zoomequipd avatar Apr 07 '25 14:04 zoomequipd

A more recent hunt

brycampbell avatar Jun 17 '25 09:06 brycampbell

Closing this rule is no closer to deployment

morriscode avatar Aug 04 '25 21:08 morriscode