sublime-rules icon indicating copy to clipboard operation
sublime-rules copied to clipboard

Published 20 hours ago verified publisher icon sublime-security

Create generic_service_abuse_reply_to.yml

Open aidenmitchell opened this issue 7 months ago • 1 comments

Description

Detects messages from services that write the true sender to the reply-to field, where the sender has no prior legitimate message history and is newly registered. Indicative of service abuse.

Associated samples

  • https://platform.sublime.security/messages/hunt?huntId=01961678-7e78-70a6-8e94-f3cce55d4975

aidenmitchell avatar Apr 08 '25 17:04 aidenmitchell