Skip to content

Update impersonation_microsoft_credential_theft.yml ESC-5582 #3733

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
IndiaAce wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Update impersonation_microsoft_credential_theft.yml ESC-5582 #3733

IndiaAce wants to merge 2 commits into from

Conversation

@IndiaAce
Copy link
Member

@IndiaAce IndiaAce commented Jan 5, 2026

Description

From a runner, adding auth checks to the benign message checks.

Associated samples

Associated hunts

  • Rules rely on $org_domains list so hunts can be found in the ticket. This should be a low-volume change, but I want to see what test-rules looks like

Screenshot (insights)

@IndiaAce IndiaAce requested a review from a team as a code owner January 5, 2026 19:59
@github-actions github-actions bot added the in-test-rules PR is in our testing suite to collect telemetry label Jan 5, 2026
github-actions bot added a commit that referenced this pull request Jan 5, 2026
@github-actions
[PR #3733] added rule: Brand impersonation: Microsoft with embedded l…
9d33d6c 
…ogo and credential theft language
@IndiaAce
Copy link
Member Author

IndiaAce commented Jan 6, 2026

Early results looking okay for this actually... gonna let it sit for the rest of today and check back

github-actions bot added a commit to aidenmitchell/sublime-rules that referenced this pull request Jan 16, 2026
@github-actions
[PR sublime-security#3733] added rule: PR# 3733 - Brand impersonation…
e9553ae 
…: Microsoft with embedded logo and credential theft language
github-actions bot added a commit to aidenmitchell/sublime-rules that referenced this pull request Jan 16, 2026
@github-actions
[PR sublime-security#3733] added rule: Brand impersonation: Microsoft…
cfc0e6f 
… with embedded logo and credential theft language
github-actions bot added a commit to aidenmitchell/sublime-rules that referenced this pull request Jan 16, 2026
@github-actions
[PR sublime-security#3733] Delete detection rule
e332ceb
github-actions bot added a commit to aidenmitchell/sublime-rules that referenced this pull request Jan 16, 2026
@github-actions
[PR sublime-security#3733] Delete detection rule
5ed2946
github-actions bot added a commit to aidenmitchell/sublime-rules that referenced this pull request Jan 16, 2026
@github-actions
[PR sublime-security#3733] added rule: PR# 3733 - Brand impersonation…
3bf6f93 
…: Microsoft with embedded logo and credential theft language
github-actions bot added a commit to aidenmitchell/sublime-rules that referenced this pull request Jan 16, 2026
@github-actions
[PR sublime-security#3733] added rule: Brand impersonation: Microsoft…
d59f95c 
… with embedded logo and credential theft language
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

in-test-rules PR is in our testing suite to collect telemetry

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@IndiaAce @aidenmitchell