sublime-rules icon indicating copy to clipboard operation
sublime-rules copied to clipboard

Published 20 hours ago verified publisher icon sublime-security

Update link_fake_storage_alert.yml

Open peterdj45 opened this issue 2 months ago • 1 comments

Description

broadening scope of cred theft NLU check to include medium confidence samples

adding additional subject keyword

Associated samples

  • https://platform.sublime.security/messages/4f78da1602ab6ced1e4e6b924bbdb41311da070b03d19232557bbf372419bd1e
  • https://platform.sublime.security/messages/4f7b8075f39eb377115495a5d43edc39e9ca479edf728c78a00e36e22b73e0f4

Associated hunts

hunt for medium confidence cred_theft samples

  • https://platform.sublime.security/hunts/019977ae-4f5f-78ad-a591-05cc17866e1f

  • https://platform.sublime.security/messages/hunt?huntId=0199789f-8172-7898-83f0-d05d567dbd65

peterdj45 avatar Sep 23 '25 22:09 peterdj45

Some likely benign noted in test rules, maybe take a look and confirm: https://app.mode.com/sublimesecurity/reports/d3ba05360b64/runs/569d3ea8d41f

aidenmitchell avatar Sep 24 '25 21:09 aidenmitchell