heroui logo

Open Redirect: LearningApps

Sublime Rules

View Source
Summary
This rule targets the use of open redirects associated with LearningApps, a platform that has previously been exploited in various phishing attacks by redirecting users through seemingly trusted domains. The detection mechanism analyzes inbound messages for URLs that match specific criteria involving the LearningApps domain and certain query parameters that may indicate malicious intent. It applies additional filters based on sender profiles to distinguish between legitimate and potentially harmful messages. The rule negates highly trusted sender domains unless they fail DMARC authentication to minimize false positives. Thus, this rule aids in identifying messages that may use open redirects to facilitate credential phishing or malware distribution, ensuring better protection against these attack vectors.
Categories
  • Web
  • Cloud
  • Identity Management
Data Sources
  • User Account
  • Web Credential
  • Network Traffic
Created: 2024-08-22