Skip to content

Create link_credential_theft_with_tycoon_url_struct#3879

Merged
hadojae merged 9 commits intomainfrom
hadojae.fn.na.tycoon_effective_url_struct_via_redirector
Mar 10, 2026
Merged

Create link_credential_theft_with_tycoon_url_struct#3879
hadojae merged 9 commits intomainfrom
hadojae.fn.na.tycoon_effective_url_struct_via_redirector

Conversation

@hadojae
Copy link
Copy Markdown
Member

@hadojae hadojae commented Jan 27, 2026

Description

this is just another way to find the tycoon uri struct when its hidden behind a redirect

Associated hunts

@hadojae hadojae requested a review from a team as a code owner January 28, 2026 00:18
@github-actions github-actions Bot added test-rules:excluded:link_analysis Link analysis in rule, excluding from test rules hunting-required Hunts needed to validate rule efficacy labels Jan 28, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jan 28, 2026

Test Rules Sync - Excluded

This PR contains rules that use ml.link_analysis, which is not supported in the test-rules environment.

The hunting-required label has been applied. These rules will need to be tested through alternative methods.

github-actions Bot added a commit that referenced this pull request Jan 28, 2026
@github-actions
[PR #3879] added rule: PR# 3879 - Link: Credential theft with tycoon …
7deeebf 
…URL structure
@hadojae hadojae requested a review from a team February 2, 2026 19:35
github-actions Bot added a commit that referenced this pull request Feb 2, 2026
@github-actions
[PR #3879] modified rule: PR# 3879 - Link: Credential theft with tyco…
994297e 
…on URL structure
github-actions Bot added a commit that referenced this pull request Feb 3, 2026
@github-actions
[PR #3879] modified rule: PR# 3879 - Link: Credential theft with tyco…
635a122 
…on URL structure
github-actions Bot added a commit that referenced this pull request Feb 11, 2026
@github-actions
[PR #3879] modified rule: PR# 3879 - Link: Unsolicited email contains…
5ca13e0 
… link leading to Tycoon URL structure
github-actions Bot added a commit that referenced this pull request Feb 24, 2026
@github-actions
[Shared Samples] [PR #3879] modified rule: PR# 3879 - Link: Unsolicit…
a20a2bd 
…ed email contains link leading to Tycoon URL structure
@hadojae hadojae enabled auto-merge February 24, 2026 19:35
@hadojae
Copy link
Copy Markdown
Member Author

hadojae commented Feb 24, 2026

testing well, looks good to go

@hadojae hadojae added review-needed Indicates that a PR is waiting for review and removed review-needed Indicates that a PR is waiting for review labels Feb 24, 2026
IndiaAce
IndiaAce requested changes Mar 5, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@IndiaAce IndiaAce left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One small nit/consideration - I like this rule! I was wondering if you had this attached to a manual escalation / or if you could spawn one for tracked work on this. Would be nice to be able to review some of the customer hunts you ran for this given the fact that it's a LA excluded rule!

Comment thread detection-rules/link_credential_theft_with_tycoon_url_struct.yml
Comment thread detection-rules/link_credential_theft_with_tycoon_url_struct.yml
@hadojae
Copy link
Copy Markdown
Member Author

hadojae commented Mar 5, 2026

One small nit/consideration - I like this rule! I was wondering if you had this attached to a manual escalation / or if you could spawn one for tracked work on this. Would be nice to be able to review some of the customer hunts you ran for this given the fact that it's a LA excluded rule!

Shared notion link via DM

@hadojae hadojae requested a review from IndiaAce March 5, 2026 20:52
@hadojae
Copy link
Copy Markdown
Member Author

hadojae commented Mar 6, 2026

gonna hold off on this for a bit to see what happens with the takedown

@hadojae hadojae closed this Mar 6, 2026
auto-merge was automatically disabled March 6, 2026 18:29

Pull request was closed

@hadojae
Copy link
Copy Markdown
Member Author

hadojae commented Mar 6, 2026

still active

@hadojae hadojae reopened this Mar 6, 2026
@hadojae hadojae enabled auto-merge March 10, 2026 16:12
@hadojae hadojae added this pull request to the merge queue Mar 10, 2026
Merged via the queue into main with commit 85d714a Mar 10, 2026
3 checks passed
@hadojae hadojae deleted the hadojae.fn.na.tycoon_effective_url_struct_via_redirector branch March 10, 2026 17:24
github-actions Bot added a commit that referenced this pull request Mar 10, 2026
@github-actions
[Shared Samples] [PR #3879] Delete detection rule
ab82977
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@IndiaAce IndiaAce IndiaAce approved these changes

Assignees

No one assigned

Labels

hunting-required Hunts needed to validate rule efficacy review-needed Indicates that a PR is waiting for review test-rules:excluded:link_analysis Link analysis in rule, excluding from test rules

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hadojae @IndiaAce