Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Credential phishing: Image as content, short or no body contents | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/credential-phishing-image-as-content-short-or-no-body-contents-01313f38 | |
Extortion / sextortion in attachment from untrusted sender | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/extortion-sextortion-in-attachment-from-untrusted-sender-3cb8d32c | |
Fake scan-to-email message | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/fake-scan-to-email-message-78851fbe | |
Free subdomain link with credential theft indicators | Sublime Security | 2y ago Dec 12th, 2024 | /feeds/core/detection-rules/free-subdomain-link-with-credential-theft-indicators-9187479c | |
Google Accelerated Mobile Pages (AMP) abuse | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/google-accelerated-mobile-pages-amp-abuse-46907029 | |
Google Drive abuse: Credential phishing link | Sublime Security | 2y ago Jul 31st, 2024 | /feeds/core/detection-rules/google-drive-abuse-credential-phishing-link-c74aece0 | |
Issuu document with suspicious embedded link | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/issuu-document-with-suspicious-embedded-link-0d73f43d | |
Link: Figma design deck with credential theft language | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-figma-design-deck-with-credential-theft-language-87601924 | |
Link: Microsoft Dynamics 365 form phishing | Sublime Security | 1mo ago Dec 5th, 2025 | /feeds/core/detection-rules/link-microsoft-dynamics-365-form-phishing-f72b9085 | |
Link: Multistage landing - Abused Adobe Acrobat hosted PDF | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-multistage-landing-abused-adobe-acrobat-hosted-pdf-609081ef | |
Link: Multistage landing - Ludus presentation | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-multistage-landing-ludus-presentation-a8b3c311 | |
Link: Multistage landing - Scribd document | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-multistage-landing-scribd-document-afa9807d | |
Link: QuickBooks image lure with suspicious link | Sublime Security | 6mo ago Jul 23rd, 2025 | /feeds/core/detection-rules/link-quickbooks-image-lure-with-suspicious-link-3826a923 | |
Link to auto-downloaded file with Adobe branding | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/link-to-auto-downloaded-file-with-adobe-branding-e826c2cf | |
Link to auto-downloaded file with Google Drive branding | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-to-auto-downloaded-file-with-google-drive-branding-4b5343be | |
Open Redirect: Google domain with /url path and suspicious indicators | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-google-domain-with-url-path-and-suspicious-indicators-fc5adf74 | |
Spam: Mastercard promotional content with image-based body | Sublime Security | 2mo ago Nov 5th, 2025 | /feeds/core/detection-rules/spam-mastercard-promotional-content-with-image-based-body-5f2cb559 | |
Suspicious attachment: Duplicate decoy PDF files | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/suspicious-attachment-duplicate-decoy-pdf-files-79b9b2e7 | |
Suspicious recipient pattern and language with low reputation link to login | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-recipient-pattern-and-language-with-low-reputation-link-to-login-a8ea0402 | |
X (Twitter) impersonation with credential phishing motives | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/x-twitter-impersonation-with-credential-phishing-motives-0b60dca6 |