• Sublime Core Feed

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Mar 1st, 2024
Feed Source
GitHub
Rule Name & Severity
Author
Last Updated
Labels
Adobe branded PDF file linking to a password-protected file from untrusted sender
Sublime Security
8 days ago
Feb 23rd, 2024
/feeds/core/detection-rules/adobe-branded-pdf-file-linking-to-a-password-protected-file-from-untrusted-sender-5ea75469
Advance Fee Fraud (AFF) from freemail provider or suspicious TLD
Sublime Security
8 days ago
Feb 23rd, 2024
/feeds/core/detection-rules/advance-fee-fraud-aff-from-freemail-provider-or-suspicious-tld-6a5af373
AnonymousFox Indicators
Sublime Security
6 months ago
Aug 21st, 2023
/feeds/core/detection-rules/anonymousfox-indicators-2506206e
Attachment: Adobe image lure with suspicious link
Sublime Security
2 months ago
Dec 19th, 2023
/feeds/core/detection-rules/attachment-adobe-image-lure-with-suspicious-link-1d7add81
Attachment: Any HTML file (unsolicited)
Sublime Security
4 months ago
Nov 14th, 2023
/feeds/core/detection-rules/attachment-any-html-file-unsolicited-ef36763f
Attachment: Any HTML file (untrusted sender)
Sublime Security
a month ago
Jan 23rd, 2024
/feeds/core/detection-rules/attachment-any-html-file-untrusted-sender-57a8f5c5
Attachment: Any HTML file within archive (unsolicited)
Sublime Security
4 months ago
Nov 14th, 2023
/feeds/core/detection-rules/attachment-any-html-file-within-archive-unsolicited-6a67c02c
Attachment: Archive containing disallowed file type
Sublime Security
a month ago
Jan 30th, 2024
/feeds/core/detection-rules/attachment-archive-containing-disallowed-file-type-3859e3e7
Attachment: Archive contains DLL-loading macro
Sublime Security
2 months ago
Dec 28th, 2023
/feeds/core/detection-rules/attachment-archive-contains-dll-loading-macro-3a193f5f
Attachment: Archive with embedded CHM file
Sublime Security
6 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-archive-with-embedded-chm-file-5280e94d
Attachment: Archive with embedded EXE file
Sublime Security
4 days ago
Feb 27th, 2024
/feeds/core/detection-rules/attachment-archive-with-embedded-exe-file-e2b0ad86
Attachment: Archive with pdf, txt and wsf files
Sublime Security
6 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-archive-with-pdf-txt-and-wsf-files-16b2e239
Attachment: Callback Phishing solicitation via image file
@vector_sec
3 months ago
Nov 30th, 2023
/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36
Attachment: Callback Phishing solicitation via pdf file
Sublime Security
4 months ago
Nov 7th, 2023
/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097
Attachment: .csproj with suspicious commands
Sublime Security
6 months ago
Aug 17th, 2023
/feeds/core/detection-rules/attachment-csproj-with-suspicious-commands-fe45b81d
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability
Sublime Security
2 months ago
Dec 19th, 2023
/feeds/core/detection-rules/attachment-cve-2021-40444-mshtml-remote-code-execution-vulnerability-8cefcf7f
Attachment: CVE-2023-21716 - Microsoft Office Remote Code Execution Vulnerability
Sublime Security
2 months ago
Dec 19th, 2023
/feeds/core/detection-rules/attachment-cve-2023-21716-microsoft-office-remote-code-execution-vulnerability-23714cca
Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d
Sublime Security
4 months ago
Oct 26th, 2023
/feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282
Attachment: DocX embedded Binary
Sublime Security
4 days ago
Feb 27th, 2024
/feeds/core/detection-rules/attachment-docx-embedded-binary-feff0241
Attachment: Double Base64-encoded Zip File in HTML Smuggling Attachment
@ajpc500
5 months ago
Oct 4th, 2023
/feeds/core/detection-rules/attachment-double-base64-encoded-zip-file-in-html-smuggling-attachment-61ebb07b
Attachment: Dropbox image lure with no Dropbox domains in links
Sublime Security
a month ago
Jan 23rd, 2024
/feeds/core/detection-rules/attachment-dropbox-image-lure-with-no-dropbox-domains-in-links-500eee2d
Attachment: EICAR String Present
@ajpc500
6 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-eicar-string-present-592e2319
Attachment: Embedded Javascript in SVG file (unsolicited)
Sublime Security
5 months ago
Oct 4th, 2023
/feeds/core/detection-rules/attachment-embedded-javascript-in-svg-file-unsolicited-f70293bc
Attachment: Embedded VBScript in MHT file (unsolicited)
Sublime Security
5 months ago
Oct 4th, 2023
/feeds/core/detection-rules/attachment-embedded-vbscript-in-mht-file-unsolicited-b30353a6
Attachment: EML containing a base64 encoded script
Sublime Security
a month ago
Jan 30th, 2024
/feeds/core/detection-rules/attachment-eml-containing-a-base64-encoded-script-fc3d9445
Attachment: EML file contains HTML attachment with login portal indicators
Sublime Security
4 months ago
Oct 19th, 2023
/feeds/core/detection-rules/attachment-eml-file-contains-html-attachment-with-login-portal-indicators-6e4df158
Attachment: EML file with HTML attachment (unsolicited)
Sublime Security
4 months ago
Nov 14th, 2023
/feeds/core/detection-rules/attachment-eml-file-with-html-attachment-unsolicited-c24fd191
Attachment: EML file with IPFS links
Sublime Security
3 months ago
Nov 16th, 2023
/feeds/core/detection-rules/attachment-eml-file-with-ipfs-links-1fe9d7e7
Attachment: EML with link to credential phishing page
Sublime Security
3 months ago
Nov 22nd, 2023
/feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca
Attachment: Emotet heavily padded doc in zip file
Sublime Security
5 months ago
Oct 4th, 2023
/feeds/core/detection-rules/attachment-emotet-heavily-padded-doc-in-zip-file-9a5332ed
Attachment: Encrypted Microsoft Office file (unsolicited)
Sublime Security
2 months ago
Dec 19th, 2023
/feeds/core/detection-rules/attachment-encrypted-microsoft-office-file-unsolicited-1e47e953
Attachment: Excel Web Query File (IQY)
@jkcoote
6 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-excel-web-query-file-iqy-510412b5
Attachment: Fake attachment image lure
Sublime Security
15 days ago
Feb 16th, 2024
/feeds/core/detection-rules/attachment-fake-attachment-image-lure-96b8b285
Attachment: Fake Slack installer
Sublime Security
3 months ago
Nov 29th, 2023
/feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f
Attachment: Fake Zoom installer
Sublime Security
3 months ago
Nov 29th, 2023
/feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6
Attachment: File execution via Javascript
Sublime Security
2 months ago
Dec 19th, 2023
/feeds/core/detection-rules/attachment-file-execution-via-javascript-627ae0b1
Attachment: Filename Containing Unicode Right-to-Left Override Character
@vector_sec
6 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-filename-containing-unicode-right-to-left-override-character-357c57a1
Attachment: HTML Attachment with Javascript location
@vector_sec
6 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-attachment-with-javascript-location-e0611295
Attachment: HTML Attachment with Login Portal Indicators
@ajpc500
a month ago
Jan 30th, 2024
/feeds/core/detection-rules/attachment-html-attachment-with-login-portal-indicators-3aabf4a7
Attachment: HTML file contains exclusively Javascript
Sublime Security
a month ago
Feb 1st, 2024
/feeds/core/detection-rules/attachment-html-file-contains-exclusively-javascript-b6d38168
Attachment: HTML file with excessive padding and suspicious patterns
Sublime Security
6 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-file-with-excessive-padding-and-suspicious-patterns-0a6aee1e
Attachment: HTML file with reference to recipient and suspicious patterns
Sublime Security
23 days ago
Feb 7th, 2024
/feeds/core/detection-rules/attachment-html-file-with-reference-to-recipient-and-suspicious-patterns-5333493d
Attachment: HTML smuggling 'body onload' linking to suspicious destination
Sublime Security
5 months ago
Sep 22nd, 2023
/feeds/core/detection-rules/attachment-html-smuggling-body-onload-linking-to-suspicious-destination-c1e2beed
Attachment: HTML smuggling 'body onload' with high entropy and suspicious text
Sublime Security
5 months ago
Sep 25th, 2023
/feeds/core/detection-rules/attachment-html-smuggling-body-onload-with-high-entropy-and-suspicious-text-329ac12d
Attachment: HTML Smuggling Microsoft Sign In
Sublime Security
a month ago
Jan 31st, 2024
/feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385
Attachment: HTML smuggling - QR Code with suspicious links
Sublime Security
3 months ago
Nov 27th, 2023
/feeds/core/detection-rules/attachment-html-smuggling-qr-code-with-suspicious-links-010e757d
Attachment: HTML smuggling with atob and high entropy
Sublime Security
2 months ago
Jan 14th, 2024
/feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-03fcac11
Attachment: HTML smuggling with auto-downloaded file
Sublime Security
6 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-auto-downloaded-file-abf724f5
Attachment: HTML smuggling with base64 encoded JavaScript function
Sublime Security
6 months ago
Aug 27th, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-base64-encoded-javascript-function-4e8a12ec
Attachment: HTML smuggling with concatenation obfuscation
@vector_sec
6 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-concatenation-obfuscation-108ab346
336 Rules
Page 1 of 7