Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Impersonation: Social Security Administration (SSA) | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/impersonation-social-security-administration-ssa-6196767e | |
Impersonation: Suspected supplier impersonation with suspicious content | Sublime Security | 11mo ago Feb 3rd, 2025 | /feeds/core/detection-rules/impersonation-suspected-supplier-impersonation-with-suspicious-content-63d8b1ce | |
Impersonation using recipient domain (untrusted sender) | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/impersonation-using-recipient-domain-untrusted-sender-63e5808a | |
Inbound message from popular service via newly observed distribution list | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/inbound-message-from-popular-service-via-newly-observed-distribution-list-8f4bc148 | |
Invoicera infrastructure abuse | Sublime Security | 2y ago Mar 7th, 2024 | /feeds/core/detection-rules/invoicera-infrastructure-abuse-1e56f310 | |
Job scam (unsolicited sender) | Sublime Security | 2mo ago Nov 3rd, 2025 | /feeds/core/detection-rules/job-scam-unsolicited-sender-a37dc32d | |
Job scam with specific salary pattern | Sublime Security | 3d ago Jan 21st, 2026 | /feeds/core/detection-rules/job-scam-with-specific-salary-pattern-af7f9e21 | |
Link: Abused Adobe Express | Sublime Security | 6mo ago Jul 23rd, 2025 | /feeds/core/detection-rules/link-abused-adobe-express-c7d17bfd | |
Link abuse: Self-service creation platform link with suspicious recipient behavior | Sublime Security | 1mo ago Dec 2nd, 2025 | /feeds/core/detection-rules/link-abuse-self-service-creation-platform-link-with-suspicious-recipient-behavior-384ad135 | |
Link: Adobe share from unsolicited sender | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-adobe-share-from-unsolicited-sender-8e29ab33 | |
Link: Adobe share with suspicious indicators | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-adobe-share-with-suspicious-indicators-b33cae80 | |
Link: Apple App Store malicious ad manager themed apps from free email provider | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-apple-app-store-malicious-ad-manager-themed-apps-from-free-email-provider-9ce402c6 | |
Link: Apple TestFlight from free email provider | Sublime Security | 3mo ago Oct 17th, 2025 | /feeds/core/detection-rules/link-apple-testflight-from-free-email-provider-9b447f1f | |
Link: Cryptocurrency fraud with suspicious links | Sublime Security | 1mo ago Dec 1st, 2025 | /feeds/core/detection-rules/link-cryptocurrency-fraud-with-suspicious-links-d0da37ce | |
Link: Direct link to riddle.com hosted showcase | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-direct-link-to-riddlecom-hosted-showcase-cca7d2f5 | |
Link: Direct link to Zoom Docs from non-Zoom sender | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-direct-link-to-zoom-docs-from-non-zoom-sender-5c6362db | |
Link: Executable file download with suspicious message content | Sublime Security | 3mo ago Oct 16th, 2025 | /feeds/core/detection-rules/link-executable-file-download-with-suspicious-message-content-ce9a4926 | |
Link: Figma design deck with credential theft language | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-figma-design-deck-with-credential-theft-language-87601924 | |
Link: File sharing impersonation with suspicious language and sending patterns | Sublime Security | 2mo ago Oct 31st, 2025 | /feeds/core/detection-rules/link-file-sharing-impersonation-with-suspicious-language-and-sending-patterns-d3363041 | |
Link: Free file hosting with undisclosed recipients | Sublime Security | 4mo ago Sep 11th, 2025 | /feeds/core/detection-rules/link-free-file-hosting-with-undisclosed-recipients-b6281306 | |
Link: Google Calendar invite linking to an open redirect from an untrusted freemail sender | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/link-google-calendar-invite-linking-to-an-open-redirect-from-an-untrusted-freemail-sender-bb4f1ea9 | |
Link: Google Translate (unsolicited) | @ajpc500 | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-google-translate-unsolicited-6949e115 | |
Link: Invoice or receipt from freemail sender with customer service number | @vector_sec | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-invoice-or-receipt-from-freemail-sender-with-customer-service-number-3825232d | |
Link: IPFS | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-ipfs-19fa6442 | |
Link: Jensi file preview link from unsolicited sender | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-jensi-file-preview-link-from-unsolicited-sender-122b39f3 | |
Link: Microsoft impersonation using hosted png with suspicious link | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-microsoft-impersonation-using-hosted-png-with-suspicious-link-07c696d4 | |
Link: Microsoft protected message with matching sender and recipient addresses | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-microsoft-protected-message-with-matching-sender-and-recipient-addresses-a5a2f75d | |
Link: Multistage landing - Abused Adobe Acrobat hosted PDF | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-multistage-landing-abused-adobe-acrobat-hosted-pdf-609081ef | |
Link: Multistage landing - Abused Docusign | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-multistage-landing-abused-docusign-4189a645 | |
Link: Multistage landing - Abused Google Drive | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-multistage-landing-abused-google-drive-c86288b4 | |
Link: Multistage landing - Ludus presentation | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-multistage-landing-ludus-presentation-a8b3c311 | |
Link: Multistage landing - Trello board abuse | Sublime Security | 5mo ago Aug 20th, 2025 | /feeds/core/detection-rules/link-multistage-landing-trello-board-abuse-14a5b23a | |
Link: MyActiveCampaign Link Abuse | Sublime Security | 5mo ago Aug 20th, 2025 | /feeds/core/detection-rules/link-myactivecampaign-link-abuse-f5b91ce5 | |
Link: .onion From Unsolicited Sender | Sublime Security | 5mo ago Jul 30th, 2025 | /feeds/core/detection-rules/link-onion-from-unsolicited-sender-9ac0fc83 | |
Link: PDF and financial display text to free file host | Sublime Security | 4mo ago Sep 24th, 2025 | /feeds/core/detection-rules/link-pdf-and-financial-display-text-to-free-file-host-b010740b | |
Link: QR code with phishing disposition in img or pdf | Sublime Security | 5mo ago Jul 30th, 2025 | /feeds/core/detection-rules/link-qr-code-with-phishing-disposition-in-img-or-pdf-8e8949f6 | |
Link: QR Code with suspicious language (untrusted sender) | Sublime Security | 5mo ago Jul 30th, 2025 | /feeds/core/detection-rules/link-qr-code-with-suspicious-language-untrusted-sender-25a84d1c | |
Link: Recipient domain in URL path | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-recipient-domain-in-url-path-de08731f | |
Link: Referrer anonymization service from untrusted sender | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-referrer-anonymization-service-from-untrusted-sender-9fab2e1e | |
Link: Scribd fullscreen link from suspicious sender | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-scribd-fullscreen-link-from-suspicious-sender-9e9bc972 | |
Link: Secure SharePoint file share from new or unusual sender | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-secure-sharepoint-file-share-from-new-or-unusual-sender-74ed3020 | |
Link: Self-sender with sender org in subject and credential theft indicator | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-self-sender-with-sender-org-in-subject-and-credential-theft-indicator-bfa9aa08 | |
Link: Self-sent message with quarterly document review request | Sublime Security | 3d ago Jan 21st, 2026 | /feeds/core/detection-rules/link-self-sent-message-with-quarterly-document-review-request-3c42cec6 | |
Link: SharePoint files shared from GoDaddy federated tenants | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/link-sharepoint-files-shared-from-godaddy-federated-tenants-0e26cdd2 | |
Link: Squarespace infrastructure abuse | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-squarespace-infrastructure-abuse-a8fe9d30 | |
Link: Suspicious Sharepoint folder share | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-suspicious-sharepoint-folder-share-6168a08c | |
Link to a domain with punycode characters | @ajpc500 | 2mo ago Nov 12th, 2025 | /feeds/core/detection-rules/link-to-a-domain-with-punycode-characters-74b3698c | |
Link to auto-downloaded disk image in encrypted zip | @ajpc500 | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-to-auto-downloaded-disk-image-in-encrypted-zip-b50f0cb1 | |
Link to auto-downloaded DMG in archive | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/link-to-auto-downloaded-dmg-in-archive-dc04cdd8 | |
Link to auto-downloaded DMG in encrypted zip | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/link-to-auto-downloaded-dmg-in-encrypted-zip-43af98d3 |