Open redirect: Atdmt

Message contains use of the Atdmt (Facebook) open redirect.

Sublime rule (View on GitHub)

 1name: "Open redirect: Atdmt"
 2description: |
 3    Message contains use of the Atdmt (Facebook) open redirect.
 4references:
 5  - "https://en.wikipedia.org/wiki/Atdmt"
 6type: "rule"
 7authors:
 8  - twitter: "vector_sec"
 9severity: "medium"
10source: |
11  type.inbound
12  and any(body.links,
13          .href_url.domain.domain == 'ad.atdmt.com' and strings.ilike(.href_url.path, '*/c*')
14  )  
15attack_types:
16  - "Credential Phishing"
17  - "Malware/Ransomware"
18tactics_and_techniques:
19  - "Open redirect"
20detection_methods:
21  - "URL analysis"
22id: "fafbd230-bb09-5306-b652-3060639b8660"
to-top