Skip to content

Refine rule for Social Security Impersonation#4640

Open
cybher0808 wants to merge 3 commits into
mainfrom
cybher0808.fn.esc-14140.socialsec-1
Open

Refine rule for Social Security Impersonation#4640
cybher0808 wants to merge 3 commits into
mainfrom
cybher0808.fn.esc-14140.socialsec-1

Conversation

@cybher0808

@cybher0808 cybher0808 commented Jun 9, 2026
edited
Loading

Copy link
Copy Markdown
Member

Description

Adding a description for the body.link and body.current_thread.text to flag on additional malicious emails.

Associated samples

Associated hunts

@cybher0808 cybher0808 requested a review from a team June 9, 2026 16:57
@cybher0808 cybher0808 requested a review from a team as a code owner June 9, 2026 16:57
@cybher0808 cybher0808 self-assigned this Jun 9, 2026
@cybher0808 cybher0808 added the in-test-rules PR is in our testing suite to collect telemetry label Jun 9, 2026
github-actions Bot added a commit that referenced this pull request Jun 9, 2026
@github-actions
[Shared Samples] [PR #4640] added rule: PR# 4640 - Brand impersonatio…
4099100 
…n: Social Security Administration
github-actions Bot added a commit that referenced this pull request Jun 9, 2026
@github-actions
[Test Rules] [PR #4640] added rule: Brand impersonation: Social Secur…
7171c26 
…ity Administration
@cybher0808

cybher0808 commented Jun 10, 2026
edited
Loading

Copy link
Copy Markdown
Member Author

Ran hunt today to review additional samples in SS, there were a few additional hunts that were found from mode. Marking R4R.

@cybher0808 cybher0808 added the review-needed Indicates that a PR is waiting for review label Jun 10, 2026
IndiaAce
IndiaAce requested changes Jun 10, 2026
View reviewed changes
Comment thread detection-rules/impersonation_social_SA.yml Outdated
@IndiaAce IndiaAce removed the review-needed Indicates that a PR is waiting for review label Jun 10, 2026
github-actions Bot added a commit that referenced this pull request Jun 11, 2026
@github-actions
[Shared Samples] [PR #4640] modified rule: PR# 4640 - Brand impersona…
8f2bffd 
…tion: Social Security Administration
github-actions Bot added a commit that referenced this pull request Jun 11, 2026
@github-actions
[Test Rules] [PR #4640] modified rule: Brand impersonation: Social Se…
f696d3e 
…curity Administration
@cybher0808

cybher0808 commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown
Member Author

Made the change based on the last peer-review. Additional malicious samples found. Great tweak. Submitting for a R4R.

@cybher0808 cybher0808 added the review-needed Indicates that a PR is waiting for review label Jun 11, 2026
@cybher0808 cybher0808 requested a review from IndiaAce June 11, 2026 18:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@IndiaAce IndiaAce Awaiting requested review from IndiaAce

Requested changes must be addressed to merge this pull request.

Assignees

@cybher0808 cybher0808

Labels

in-test-rules PR is in our testing suite to collect telemetry review-needed Indicates that a PR is waiting for review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cybher0808 @IndiaAce