Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Suspicious sender display name with long procedurally generated text blob | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/suspicious-sender-display-name-with-long-procedurally-generated-text-blob-2a40b043 | |
Suspicious SharePoint file sharing | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/suspicious-sharepoint-file-sharing-971c3d9c | |
Suspicious subject with long procedurally generated text blob | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-subject-with-long-procedurally-generated-text-blob-e819593d | |
Suspicious VBA macros from untrusted sender | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-vba-macros-from-untrusted-sender-37cec120 | |
Truth Social infrastructure abuse via link redirect | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/truth-social-infrastructure-abuse-via-link-redirect-aaaa30a8 | |
Twitter infrastructure abuse via link shortener | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/twitter-infrastructure-abuse-via-link-shortener-99ca165e | |
Unicode QR code | Sublime Security | 6mo ago Aug 25th, 2025 | /feeds/core/detection-rules/unicode-qr-code-1a0bdd25 | |
Unusually long local part from untrusted sender address | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/unusually-long-local-part-from-untrusted-sender-address-91a9cd45 | |
Vendor impersonation: Thread hijacking with typosquat domain | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/vendor-impersonation-thread-hijacking-with-typosquat-domain-9c2f38ed | |
Venmo payment request abuse | Sublime Security | 6mo ago Sep 5th, 2025 | /feeds/core/detection-rules/venmo-payment-request-abuse-4450639a | |
VIP / Executive impersonation in subject (untrusted) | Sublime Security | 6mo ago Aug 14th, 2025 | /feeds/core/detection-rules/vip-executive-impersonation-in-subject-untrusted-0a641fe5 | |
VIP / Executive impersonation (strict match, untrusted) | Sublime Security | 13d ago Feb 25th, 2026 | /feeds/core/detection-rules/vip-executive-impersonation-strict-match-untrusted-e42c84b7 | |
VIP impersonation: Fake thread with display name match, email mismatch | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/vip-impersonation-fake-thread-with-display-name-match-email-mismatch-11cc3e28 | |
VIP Impersonation via Google Group relay with suspicious indicators | Sublime Security | 3mo ago Nov 12th, 2025 | /feeds/core/detection-rules/vip-impersonation-via-google-group-relay-with-suspicious-indicators-57f9cd3b | |
VIP impersonation with BEC language (near match, untrusted sender) | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/vip-impersonation-with-bec-language-near-match-untrusted-sender-303081da | |
VIP impersonation with charitable donation fraud | Sublime Security | 3mo ago Nov 12th, 2025 | /feeds/core/detection-rules/vip-impersonation-with-charitable-donation-fraud-35a56b8e | |
VIP impersonation with urgent request (strict match, untrusted sender) | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/vip-impersonation-with-urgent-request-strict-match-untrusted-sender-0dd1fa60 | |
VIP local_part impersonation from unsolicited sender | Sublime Security | 6mo ago Aug 12th, 2025 | /feeds/core/detection-rules/vip-localpart-impersonation-from-unsolicited-sender-74035fdc | |
Xero invoice abuse | Sublime Security | 2mo ago Dec 17th, 2025 | /feeds/core/detection-rules/xero-invoice-abuse-6538c600 | |
X (Twitter) impersonation with credential phishing motives | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/x-twitter-impersonation-with-credential-phishing-motives-0b60dca6 |