Skip to content

Update body_advance_fee_new_sender.yml#4600

Open
JFarina5 wants to merge 1 commit into
mainfrom
JFarina5.FN.ESC-14790.body.advance.fee.new.sender
Open

Update body_advance_fee_new_sender.yml#4600
JFarina5 wants to merge 1 commit into
mainfrom
JFarina5.FN.ESC-14790.body.advance.fee.new.sender

Conversation

@JFarina5

@JFarina5 JFarina5 commented Jun 3, 2026
edited
Loading

Copy link
Copy Markdown
Member

Description

Adding logic to look for sender/reply-to mismatch and length of recipients.to is equal to 0

Associated samples

Associated hunts

@JFarina5 JFarina5 requested a review from a team June 3, 2026 14:41
@JFarina5 JFarina5 requested a review from a team as a code owner June 3, 2026 14:41
@github-actions github-actions Bot added the in-test-rules PR is in our testing suite to collect telemetry label Jun 3, 2026
github-actions Bot added a commit that referenced this pull request Jun 3, 2026
@github-actions
[Test Rules] [PR #4600] added rule: Advance Fee Fraud (AFF) from free…
b8b74a5 
…mail provider or suspicious TLD
github-actions Bot added a commit that referenced this pull request Jun 3, 2026
@github-actions
[Shared Samples] [PR #4600] added rule: PR# 4600 - Advance Fee Fraud …
c51346c 
…(AFF) from freemail provider or suspicious TLD
github-actions Bot added a commit to IndiaAce/sublime-rules that referenced this pull request Jun 3, 2026
@github-actions
[Test Rules] [PR sublime-security#4600] added rule: Advance Fee Fraud…
ccae4fc 
… (AFF) from freemail provider or suspicious TLD
@JFarina5

JFarina5 commented Jun 5, 2026

Copy link
Copy Markdown
Member Author

Results look solid, hunt in description has been updated. Marking r4r

@JFarina5 JFarina5 added the review-needed Indicates that a PR is waiting for review label Jun 5, 2026
@IndiaAce IndiaAce self-assigned this Jun 8, 2026
@IndiaAce

IndiaAce commented Jun 9, 2026

Copy link
Copy Markdown
Member

This logic is great and the results speak for themselves, I wanted to surface this FP and see what your thoughts on it are. Fine with accepting this as an FP and approving the rule but wanted to run it by you. I understand you're out rn so just HMU when you're back for a re-review https://platform.sublime.security/messages/506a1ee50bf2336dccdc95b188591e7af418a6d263b799252f256b8a2e08587f?preview_id=019eac94-da1b-7225-9233-6ab3e72cfffb

1 similar comment
@IndiaAce

IndiaAce commented Jun 9, 2026

Copy link
Copy Markdown
Member

This logic is great and the results speak for themselves, I wanted to surface this FP and see what your thoughts on it are. Fine with accepting this as an FP and approving the rule but wanted to run it by you. I understand you're out rn so just HMU when you're back for a re-review https://platform.sublime.security/messages/506a1ee50bf2336dccdc95b188591e7af418a6d263b799252f256b8a2e08587f?preview_id=019eac94-da1b-7225-9233-6ab3e72cfffb

@IndiaAce IndiaAce removed the review-needed Indicates that a PR is waiting for review label Jun 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@IndiaAce IndiaAce

Labels

in-test-rules PR is in our testing suite to collect telemetry

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JFarina5 @IndiaAce