Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Spam: SMTP & Proxy Communications in Email Body | Sublime Security | 1mo ago Dec 2nd, 2025 | /feeds/core/detection-rules/spam-smtp-and-proxy-communications-in-email-body-2bdc6a3b | |
Spam: Unsolicited malformed PDF | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/spam-unsolicited-malformed-pdf-f0c50031 | |
Spam: URL shortener with short body content and emojis | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/spam-url-shortener-with-short-body-content-and-emojis-b7797e4c | |
Spam: Website errors solicitation | Sublime Security | 1mo ago Dec 11th, 2025 | /feeds/core/detection-rules/spam-website-errors-solicitation-122ea794 | |
Spoofable internal domain with suspicious signals | Sublime Security | 6mo ago Jul 23rd, 2025 | /feeds/core/detection-rules/spoofable-internal-domain-with-suspicious-signals-40089d69 | |
Subject and sender display name contains matching long alphanumeric string | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/subject-and-sender-display-name-contains-matching-long-alphanumeric-string-a8a0c831 | |
Subject: Suspicious bracketed reference | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/subject-suspicious-bracketed-reference-663dbce4 | |
Suspected cross-site scripting (XSS) found in subject | Sublime Security | 4mo ago Sep 4th, 2025 | /feeds/core/detection-rules/suspected-cross-site-scripting-xss-found-in-subject-8a946cfa | |
Suspected lookalike domain with suspicious language | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspected-lookalike-domain-with-suspicious-language-3674ced0 | |
Suspected WordPress abuse with cross-site scripting (XSS) indicators | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/suspected-wordpress-abuse-with-cross-site-scripting-xss-indicators-9c21225b | |
Suspicious attachment with unscannable Cloudflare link | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-attachment-with-unscannable-cloudflare-link-00f92b6f | |
Suspicious DocuSign share from new domain | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/suspicious-docusign-share-from-new-domain-d430a1f3 | |
Suspicious invoice reference with missing or image-only attachments | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-invoice-reference-with-missing-or-image-only-attachments-466c1680 | |
Suspicious link to Looker Studio (lookerstudio.google.com) from a new and unsolicited sender | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-link-to-looker-studio-lookerstudiogooglecom-from-a-new-and-unsolicited-sender-dbb50cb4 | |
Suspicious message with unscannable Cloudflare link | Sublime Security | 4mo ago Sep 22nd, 2025 | /feeds/core/detection-rules/suspicious-message-with-unscannable-cloudflare-link-70ea21f9 | |
Suspicious message with unscannable Vercel link | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/suspicious-message-with-unscannable-vercel-link-b5acffe7 | |
Suspicious newly registered reply-to domain with engaging financial or urgent language | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-newly-registered-reply-to-domain-with-engaging-financial-or-urgent-language-db4d9bb3 | |
Suspicious recipient pattern and language with low reputation link to login | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-recipient-pattern-and-language-with-low-reputation-link-to-login-a8ea0402 | |
Suspicious recipients pattern with NLU credential theft indicators | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-recipients-pattern-with-nlu-credential-theft-indicators-8e121c3e | |
Suspicious recipients pattern with no Compauth pass and suspicious content | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-recipients-pattern-with-no-compauth-pass-and-suspicious-content-34fb65f6 | |
Suspicious request for financial information | Sublime Security | 1mo ago Dec 6th, 2025 | /feeds/core/detection-rules/suspicious-request-for-financial-information-4ebdaa4d | |
Suspicious sender display name with long procedurally generated text blob | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/suspicious-sender-display-name-with-long-procedurally-generated-text-blob-2a40b043 | |
Suspicious SharePoint file sharing | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/suspicious-sharepoint-file-sharing-971c3d9c | |
Suspicious subject with long procedurally generated text blob | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-subject-with-long-procedurally-generated-text-blob-e819593d | |
Truth Social infrastructure abuse via link redirect | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/truth-social-infrastructure-abuse-via-link-redirect-aaaa30a8 | |
Twitter infrastructure abuse via link shortener | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/twitter-infrastructure-abuse-via-link-shortener-99ca165e | |
Unicode QR code | Sublime Security | 5mo ago Aug 25th, 2025 | /feeds/core/detection-rules/unicode-qr-code-1a0bdd25 | |
URL with Unicode U+2044 (⁄) or U+2215 (∕) characters | @delivr_to | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/url-with-unicode-u2044-or-u2215-characters-12069f5b | |
Vendor impersonation: Thread hijacking with typosquat domain | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/vendor-impersonation-thread-hijacking-with-typosquat-domain-9c2f38ed | |
Venmo payment request abuse | Sublime Security | 4mo ago Sep 5th, 2025 | /feeds/core/detection-rules/venmo-payment-request-abuse-4450639a | |
VIP impersonation: Fake thread with display name match, email mismatch | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/vip-impersonation-fake-thread-with-display-name-match-email-mismatch-11cc3e28 | |
VIP Impersonation via Google Group relay with suspicious indicators | Sublime Security | 2mo ago Nov 12th, 2025 | /feeds/core/detection-rules/vip-impersonation-via-google-group-relay-with-suspicious-indicators-57f9cd3b | |
VIP impersonation with BEC language (near match, untrusted sender) | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/vip-impersonation-with-bec-language-near-match-untrusted-sender-303081da | |
VIP impersonation with charitable donation fraud | Sublime Security | 2mo ago Nov 12th, 2025 | /feeds/core/detection-rules/vip-impersonation-with-charitable-donation-fraud-35a56b8e | |
VIP impersonation with invoicing request | Sublime Security | 2y ago Apr 23rd, 2024 | /feeds/core/detection-rules/vip-impersonation-with-invoicing-request-a60f89a0 | |
VIP impersonation with urgent request (strict match, untrusted sender) | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/vip-impersonation-with-urgent-request-strict-match-untrusted-sender-0dd1fa60 | |
Xero infrastructure abuse | Sublime Security | 2mo ago Nov 3rd, 2025 | /feeds/core/detection-rules/xero-infrastructure-abuse-918c4bd3 | |
Xero invoice abuse | Sublime Security | 1mo ago Dec 17th, 2025 | /feeds/core/detection-rules/xero-invoice-abuse-6538c600 |