Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Attachment: Fake voicemail via PDF | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/attachment-fake-voicemail-via-pdf-d3587209 | |
Attachment: Fake Zoom installer | Sublime Security | 3y ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6 | |
Attachment: Fictitious invoice using LinkedIn's address | Sublime Security | 4mo ago Sep 3rd, 2025 | /feeds/core/detection-rules/attachment-fictitious-invoice-using-linkedins-address-aeee3d9f | |
Attachment: File execution via Javascript | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-file-execution-via-javascript-627ae0b1 | |
Attachment: Filename containing Unicode braille pattern blank character | @vector_sec | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/attachment-filename-containing-unicode-braille-pattern-blank-character-c230ca86 | |
Attachment: Filename containing Unicode right-to-left override character | @vector_sec | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-filename-containing-unicode-right-to-left-override-character-357c57a1 | |
Attachment: HTML attachment with Javascript location | @vector_sec | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/attachment-html-attachment-with-javascript-location-e0611295 | |
Attachment: HTML attachment with login portal indicators | @ajpc500 | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-attachment-with-login-portal-indicators-3aabf4a7 | |
Attachment: HTML file contains exclusively Javascript | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-file-contains-exclusively-javascript-b6d38168 | |
Attachment: HTML file with excessive 'const' declarations and abnormally long timeouts | Sublime Security | 2mo ago Nov 3rd, 2025 | /feeds/core/detection-rules/attachment-html-file-with-excessive-const-declarations-and-abnormally-long-timeouts-66f8a07a | |
Attachment: HTML file with excessive padding and suspicious patterns | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-file-with-excessive-padding-and-suspicious-patterns-0a6aee1e | |
Attachment: HTML file with reference to recipient and suspicious patterns | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-file-with-reference-to-recipient-and-suspicious-patterns-5333493d | |
Attachment: HTML smuggling 'body onload' linking to suspicious destination | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-smuggling-body-onload-linking-to-suspicious-destination-c1e2beed | |
Attachment: HTML smuggling 'body onload' with high entropy and suspicious text | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-smuggling-body-onload-with-high-entropy-and-suspicious-text-329ac12d | |
Attachment: HTML smuggling Microsoft sign in | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385 | |
Attachment: HTML smuggling with atob and high entropy | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-03fcac11 | |
Attachment: HTML smuggling with atob and high entropy via calendar invite | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-via-calendar-invite-94d84614 | |
Attachment: HTML smuggling with auto-downloaded file | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-smuggling-with-auto-downloaded-file-abf724f5 | |
Attachment: HTML smuggling with base64 encoded JavaScript function | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-smuggling-with-base64-encoded-javascript-function-4e8a12ec | |
Attachment: HTML smuggling with base64 encoded ZIP file | Sublime Security | 2mo ago Nov 20th, 2025 | /feeds/core/detection-rules/attachment-html-smuggling-with-base64-encoded-zip-file-47e388de | |
Attachment: HTML smuggling with concatenation obfuscation | @vector_sec | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-smuggling-with-concatenation-obfuscation-108ab346 | |
Attachment: HTML smuggling with decimal encoding | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-smuggling-with-decimal-encoding-f99213c4 | |
Attachment: HTML smuggling with embedded base64-encoded executable | Sublime Security | 2y ago Mar 25th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-executable-b00c4527 | |
Attachment: HTML smuggling with embedded base64-encoded ISO | Sublime Security | 3y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-iso-294ecd2d | |
Attachment: HTML smuggling with embedded base64 streamed file download | Sublime Security | 3y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-streamed-file-download-e04de4e2 | |
Attachment: HTML smuggling with eval and atob | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-smuggling-with-eval-and-atob-9f521ca2 | |
Attachment: HTML smuggling with eval and atob via calendar invite | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-smuggling-with-eval-and-atob-via-calendar-invite-597c2edd | |
Attachment: HTML smuggling with excessive line break obfuscation | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-smuggling-with-excessive-line-break-obfuscation-7e901440 | |
Attachment: HTML smuggling with excessive string concatenation and suspicious patterns | Sublime Security | 2y ago Aug 27th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-excessive-string-concatenation-and-suspicious-patterns-e34fce8d | |
Attachment: HTML smuggling with fromCharCode and other signals | Sublime Security | 3y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-fromcharcode-and-other-signals-a68ce0ef | |
Attachment: HTML smuggling with hex strings | @ajpc500 | 3y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-hex-strings-b4208ed6 | |
Attachment: HTML smuggling with high entropy and other signals | Sublime Security | 3y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-high-entropy-and-other-signals-be157288 | |
Attachment: HTML smuggling with raw array buffer | Sublime Security | 3y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-raw-array-buffer-a0d5c3dc | |
Attachment: HTML smuggling with RC4 decryption | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-smuggling-with-rc4-decryption-3a46d765 | |
Attachment: HTML smuggling with ROT13 | @Kyle_Parrish_ | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-smuggling-with-rot13-6eacc4cf | |
Attachment: HTML smuggling with setTimeout | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-smuggling-with-settimeout-4e0b2c32 | |
Attachment: HTML smuggling with unescape | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-smuggling-with-unescape-0b0fed36 | |
Attachment: HTML with emoji-to-character map | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/attachment-html-with-emoji-to-character-map-3119d086 | |
Attachment: HTML with hidden body | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-with-hidden-body-b059a781 | |
Attachment: HTML with JavaScript functions for HTTP requests | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/attachment-html-with-javascript-functions-for-http-requests-01e679fd | |
Attachment: HTML with obfuscation and recipient's email in JavaScript strings | Sublime Security | 4mo ago Sep 25th, 2025 | /feeds/core/detection-rules/attachment-html-with-obfuscation-and-recipients-email-in-javascript-strings-1aff486b | |
Attachment: ICS calendar with embedded file from internal sender with SPF failure | Sublime Security | 3mo ago Oct 22nd, 2025 | /feeds/core/detection-rules/attachment-ics-calendar-with-embedded-file-from-internal-sender-with-spf-failure-d9ce9db8 | |
Attachment: ICS file with non-Gregorian calendar scale | Sublime Security | 2mo ago Nov 4th, 2025 | /feeds/core/detection-rules/attachment-ics-file-with-non-gregorian-calendar-scale-9315bbf5 | |
Attachment: ICS with embedded document | Sublime Security | 4mo ago Sep 22nd, 2025 | /feeds/core/detection-rules/attachment-ics-with-embedded-document-8f9957d9 | |
Attachment: Invoice and W-9 PDFs with suspicious creators | Sublime Security | 2d ago Jan 21st, 2026 | /feeds/core/detection-rules/attachment-invoice-and-w-9-pdfs-with-suspicious-creators-305d6e32 | |
Attachment: JavaScript file with suspicious base64-encoded executable | Sublime Security | 2y ago Apr 1st, 2024 | /feeds/core/detection-rules/attachment-javascript-file-with-suspicious-base64-encoded-executable-b8db0cf3 | |
Attachment: Legal themed message or PDF with suspicious indicators | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-legal-themed-message-or-pdf-with-suspicious-indicators-19133301 | |
Attachment: Link file with UNC path | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-link-file-with-unc-path-3b7ee0fb | |
Attachment: Link to Doubleclick.net open redirect | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/attachment-link-to-doubleclicknet-open-redirect-506c16cc | |
Attachment: LNK file | @ajpc500 | 3y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-lnk-file-44532abe |