Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Impersonation: Human Resources with link or attachment and engaging language | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/impersonation-human-resources-with-link-or-attachment-and-engaging-language-8c95a6a8 | |
Impersonation: Internal corporate services | Sublime Security | 4d ago Jan 20th, 2026 | /feeds/core/detection-rules/impersonation-internal-corporate-services-3cd04f33 | |
Impersonation: SharePoint reply header anomaly | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/impersonation-sharepoint-reply-header-anomaly-78875848 | |
Impersonation: Suspected supplier impersonation with suspicious content | Sublime Security | 11mo ago Feb 3rd, 2025 | /feeds/core/detection-rules/impersonation-suspected-supplier-impersonation-with-suspicious-content-63d8b1ce | |
Impersonation using recipient domain (untrusted sender) | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/impersonation-using-recipient-domain-untrusted-sender-63e5808a | |
Inbound message from popular service via newly observed distribution list | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/inbound-message-from-popular-service-via-newly-observed-distribution-list-8f4bc148 | |
Invoicera infrastructure abuse | Sublime Security | 2y ago Mar 7th, 2024 | /feeds/core/detection-rules/invoicera-infrastructure-abuse-1e56f310 | |
Job scam (unsolicited sender) | Sublime Security | 2mo ago Nov 3rd, 2025 | /feeds/core/detection-rules/job-scam-unsolicited-sender-a37dc32d | |
Job scam with specific salary pattern | Sublime Security | 3d ago Jan 21st, 2026 | /feeds/core/detection-rules/job-scam-with-specific-salary-pattern-af7f9e21 | |
Link abuse: Self-service creation platform link with suspicious recipient behavior | Sublime Security | 1mo ago Dec 2nd, 2025 | /feeds/core/detection-rules/link-abuse-self-service-creation-platform-link-with-suspicious-recipient-behavior-384ad135 | |
Link: Base64 encoded recipient address in URL fragment with subject hash | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-base64-encoded-recipient-address-in-url-fragment-with-subject-hash-eb9694b8 | |
Link: Credential phishing link with undisclosed recipients | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-credential-phishing-link-with-undisclosed-recipients-06fc155e | |
Link: Credential phishing traversing Russian infrastructure | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-credential-phishing-traversing-russian-infrastructure-a5203e3b | |
Link: Credential phishing via WordPress | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-credential-phishing-via-wordpress-db696058 | |
Link: Cryptocurrency fraud with suspicious links | Sublime Security | 1mo ago Dec 1st, 2025 | /feeds/core/detection-rules/link-cryptocurrency-fraud-with-suspicious-links-d0da37ce | |
Link: Direct link to riddle.com hosted showcase | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-direct-link-to-riddlecom-hosted-showcase-cca7d2f5 | |
Link: Direct link to Zoom Docs from non-Zoom sender | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-direct-link-to-zoom-docs-from-non-zoom-sender-5c6362db | |
Link: Display text matches subject line | Sublime Security | 2mo ago Nov 14th, 2025 | /feeds/core/detection-rules/link-display-text-matches-subject-line-ba722cf0 | |
Link: Executable file download with suspicious message content | Sublime Security | 3mo ago Oct 16th, 2025 | /feeds/core/detection-rules/link-executable-file-download-with-suspicious-message-content-ce9a4926 | |
Link: File sharing impersonation with suspicious language and sending patterns | Sublime Security | 2mo ago Oct 31st, 2025 | /feeds/core/detection-rules/link-file-sharing-impersonation-with-suspicious-language-and-sending-patterns-d3363041 | |
Link: Free file hosting with undisclosed recipients | Sublime Security | 4mo ago Sep 11th, 2025 | /feeds/core/detection-rules/link-free-file-hosting-with-undisclosed-recipients-b6281306 | |
Link: Free subdomain host with undisclosed recipients | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-free-subdomain-host-with-undisclosed-recipients-c23d979d | |
Link: Intuit link abuse with file share context | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-intuit-link-abuse-with-file-share-context-cd15cc34 | |
Link: Microsoft protected message with matching sender and recipient addresses | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-microsoft-protected-message-with-matching-sender-and-recipient-addresses-a5a2f75d | |
Link: Multistage landing - Abused Adobe Acrobat hosted PDF | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-multistage-landing-abused-adobe-acrobat-hosted-pdf-609081ef | |
Link: Multistage landing - Ludus presentation | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-multistage-landing-ludus-presentation-a8b3c311 | |
Link: .onion From Unsolicited Sender | Sublime Security | 5mo ago Jul 30th, 2025 | /feeds/core/detection-rules/link-onion-from-unsolicited-sender-9ac0fc83 | |
Link: Personal SharePoint with invalid recipients and credential theft language | Sublime Security | 8h ago Jan 23rd, 2026 | /feeds/core/detection-rules/link-personal-sharepoint-with-invalid-recipients-and-credential-theft-language-79d5403d | |
Link: Recipient domain in URL path | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-recipient-domain-in-url-path-de08731f | |
Link: Referrer anonymization service from untrusted sender | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-referrer-anonymization-service-from-untrusted-sender-9fab2e1e | |
Link: Romance/Sexual Language With Suspicious Link | Sublime Security | 5mo ago Aug 22nd, 2025 | /feeds/core/detection-rules/link-romancesexual-language-with-suspicious-link-d5694cae | |
Link: Self-sender with sender org in subject and credential theft indicator | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-self-sender-with-sender-org-in-subject-and-credential-theft-indicator-bfa9aa08 | |
Link: Self-sent message with quarterly document review request | Sublime Security | 3d ago Jan 21st, 2026 | /feeds/core/detection-rules/link-self-sent-message-with-quarterly-document-review-request-3c42cec6 | |
Link: Squarespace infrastructure abuse | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-squarespace-infrastructure-abuse-a8fe9d30 | |
Link: Suspicious Sharepoint folder share | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-suspicious-sharepoint-folder-share-6168a08c | |
Link: Uncommon SharePoint document type with sender's display name | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-uncommon-sharepoint-document-type-with-senders-display-name-02d290b2 | |
Mass campaign: Cross Site Scripting (XSS) attempt | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/mass-campaign-cross-site-scripting-xss-attempt-6cbb7124 | |
Mass campaign: recipient address in subject, body, and link (untrusted sender) | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/mass-campaign-recipient-address-in-subject-body-and-link-untrusted-sender-599dabf5 | |
Message traversed multiple onmicrosoft.com tenants | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/message-traversed-multiple-onmicrosoftcom-tenants-9cf01c0d | |
Microsoft infrastructure abuse with suspicious patterns | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/microsoft-infrastructure-abuse-with-suspicious-patterns-cfe8e804 | |
Newly registered sender or reply-to domain with newly registered linked domain | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/newly-registered-sender-or-reply-to-domain-with-newly-registered-linked-domain-e5b6a81f | |
Open redirect: giving.lluh.org | Sublime Security | 8mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-givinglluhorg-a2bf1099 | |
Open redirect (go2.aspx) leading to Microsoft credential phishing | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-go2aspx-leading-to-microsoft-credential-phishing-51667096 | |
Open Redirect: Google domain with /url path and suspicious indicators | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-google-domain-with-url-path-and-suspicious-indicators-fc5adf74 | |
Open redirect: marketing.edinburghairport.com | Sublime Security | 8mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-marketingedinburghairportcom-33a47565 | |
Open redirect: next2.io | Sublime Security | 8mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-next2io-5085c422 | |
Open redirect: people.anuneo.com | Sublime Security | 8mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-peopleanuneocom-2ae83b73 | |
Open redirect: queue.swytchbike.com | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-queueswytchbikecom-916003d1 | |
Open redirect: slubnaglowie.pl | Sublime Security | 8mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-slubnaglowiepl-2ec356d0 | |
Open redirect: Xfinity CMP Redirection to Google AMP | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/open-redirect-xfinity-cmp-redirection-to-google-amp-c0805b80 |