Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Attachment: EML file contains HTML attachment with login portal indicators | Sublime Security | 1mo ago Nov 4th, 2025 | /feeds/core/detection-rules/attachment-eml-file-contains-html-attachment-with-login-portal-indicators-6e4df158 | |
Attachment: EML with embedded Javascript in SVG file | Sublime Security | 4mo ago Aug 8th, 2025 | /feeds/core/detection-rules/attachment-eml-with-embedded-javascript-in-svg-file-dfafb78f | |
Attachment: File execution via Javascript | Sublime Security | 5mo ago Jul 16th, 2025 | /feeds/core/detection-rules/attachment-file-execution-via-javascript-627ae0b1 | |
Attachment: HTML attachment with Javascript location | @vector_sec | 4mo ago Aug 5th, 2025 | /feeds/core/detection-rules/attachment-html-attachment-with-javascript-location-e0611295 | |
Attachment: HTML attachment with login portal indicators | @ajpc500 | 4mo ago Aug 5th, 2025 | /feeds/core/detection-rules/attachment-html-attachment-with-login-portal-indicators-3aabf4a7 | |
Attachment: HTML file with reference to recipient and suspicious patterns | Sublime Security | 1mo ago Nov 4th, 2025 | /feeds/core/detection-rules/attachment-html-file-with-reference-to-recipient-and-suspicious-patterns-5333493d | |
Attachment: HTML smuggling Microsoft sign in | Sublime Security | 4mo ago Aug 5th, 2025 | /feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385 | |
Attachment: HTML smuggling with atob and high entropy | Sublime Security | 1mo ago Nov 4th, 2025 | /feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-03fcac11 | |
Attachment: HTML smuggling with atob and high entropy via calendar invite | Sublime Security | 6mo ago Jun 3rd, 2025 | /feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-via-calendar-invite-94d84614 | |
Attachment: HTML smuggling with auto-downloaded file | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-auto-downloaded-file-abf724f5 | |
Attachment: HTML smuggling with base64 encoded JavaScript function | Sublime Security | 2y ago Aug 27th, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-base64-encoded-javascript-function-4e8a12ec | |
Attachment: HTML smuggling with base64 encoded ZIP file | Sublime Security | 30d ago Nov 20th, 2025 | /feeds/core/detection-rules/attachment-html-smuggling-with-base64-encoded-zip-file-47e388de | |
Attachment: HTML smuggling with eval and atob | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-eval-and-atob-9f521ca2 | |
Attachment: HTML smuggling with eval and atob via calendar invite | Sublime Security | 2mo ago Sep 25th, 2025 | /feeds/core/detection-rules/attachment-html-smuggling-with-eval-and-atob-via-calendar-invite-597c2edd | |
Attachment: HTML smuggling with excessive line break obfuscation | Sublime Security | 2y ago Sep 8th, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-excessive-line-break-obfuscation-7e901440 | |
Attachment: HTML smuggling with excessive string concatenation and suspicious patterns | Sublime Security | 1y ago Aug 27th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-excessive-string-concatenation-and-suspicious-patterns-e34fce8d | |
Attachment: HTML smuggling with fromCharCode and other signals | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-fromcharcode-and-other-signals-a68ce0ef | |
Attachment: HTML smuggling with hex strings | @ajpc500 | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-hex-strings-b4208ed6 | |
Attachment: HTML smuggling with raw array buffer | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-raw-array-buffer-a0d5c3dc | |
Attachment: HTML smuggling with RC4 decryption | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-rc4-decryption-3a46d765 | |
Attachment: HTML smuggling with ROT13 | @Kyle_Parrish_ | 18d ago Dec 2nd, 2025 | /feeds/core/detection-rules/attachment-html-smuggling-with-rot13-6eacc4cf | |
Attachment: HTML smuggling with setTimeout | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-settimeout-4e0b2c32 | |
Attachment: HTML smuggling with unescape | Sublime Security | 2y ago Sep 22nd, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-unescape-0b0fed36 | |
Attachment: HTML with emoji-to-character map | Sublime Security | 4mo ago Aug 5th, 2025 | /feeds/core/detection-rules/attachment-html-with-emoji-to-character-map-3119d086 | |
Attachment: HTML with JavaScript functions for HTTP requests | Sublime Security | 4mo ago Aug 5th, 2025 | /feeds/core/detection-rules/attachment-html-with-javascript-functions-for-http-requests-01e679fd | |
Attachment: HTML with obfuscation and recipient's email in JavaScript strings | Sublime Security | 2mo ago Sep 25th, 2025 | /feeds/core/detection-rules/attachment-html-with-obfuscation-and-recipients-email-in-javascript-strings-1aff486b | |
Link: chatbot.page platform abuse | Sublime Security | 4mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-chatbotpage-platform-abuse-bfd6a076 | |
Link: Cryptocurrency fraud with suspicious links | Sublime Security | 19d ago Dec 1st, 2025 | /feeds/core/detection-rules/link-cryptocurrency-fraud-with-suspicious-links-d0da37ce | |
Link: Multistage landing - JotForm abuse | Sublime Security | 19d ago Dec 1st, 2025 | /feeds/core/detection-rules/link-multistage-landing-jotform-abuse-5b64326f | |
Low reputation link to auto-downloaded HTML file with smuggling indicators | Sublime Security | 4mo ago Jul 23rd, 2025 | /feeds/core/detection-rules/low-reputation-link-to-auto-downloaded-html-file-with-smuggling-indicators-339676c6 | |
Request for Quote or Purchase (RFQ|RFP) with HTML smuggling attachment | Sublime Security | 2y ago Aug 24th, 2023 | /feeds/core/detection-rules/request-for-quote-or-purchase-rfqorrfp-with-html-smuggling-attachment-a47a5755 |