Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Impersonation: Fake Gmail attachment | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/impersonation-fake-gmail-attachment-0f5a4e14 | |
Impersonation: Human Resources with link or attachment and engaging language | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/impersonation-human-resources-with-link-or-attachment-and-engaging-language-8c95a6a8 | |
Impersonation: Internal corporate services | Sublime Security | 1mo ago Jan 28th, 2026 | /feeds/core/detection-rules/impersonation-internal-corporate-services-3cd04f33 | |
Impersonation: Recipient organization in sender display name with credential theft image | Sublime Security | 21d ago Feb 17th, 2026 | /feeds/core/detection-rules/impersonation-recipient-organization-in-sender-display-name-with-credential-theft-image-6abfb20e | |
Impersonation: Salesforce fake campaign failure notification | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/impersonation-salesforce-fake-campaign-failure-notification-d66000ca | |
Impersonation: SharePoint reply header anomaly | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/impersonation-sharepoint-reply-header-anomaly-78875848 | |
Impersonation: Social Security Administration (SSA) | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/impersonation-social-security-administration-ssa-6196767e | |
Impersonation: Suspected supplier impersonation with suspicious content | Sublime Security | 1y ago Feb 3rd, 2025 | /feeds/core/detection-rules/impersonation-suspected-supplier-impersonation-with-suspicious-content-63d8b1ce | |
Impersonation using recipient domain (untrusted sender) | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/impersonation-using-recipient-domain-untrusted-sender-63e5808a | |
Inbound message from popular service via newly observed distribution list | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/inbound-message-from-popular-service-via-newly-observed-distribution-list-8f4bc148 | |
Invoicera infrastructure abuse | Sublime Security | 2y ago Mar 7th, 2024 | /feeds/core/detection-rules/invoicera-infrastructure-abuse-1e56f310 | |
Job scam (unsolicited sender) | Sublime Security | 4mo ago Nov 3rd, 2025 | /feeds/core/detection-rules/job-scam-unsolicited-sender-a37dc32d | |
Job scam with specific salary pattern | Sublime Security | 1mo ago Jan 21st, 2026 | /feeds/core/detection-rules/job-scam-with-specific-salary-pattern-af7f9e21 | |
Link: Abused Adobe Express | Sublime Security | 7mo ago Jul 23rd, 2025 | /feeds/core/detection-rules/link-abused-adobe-express-c7d17bfd | |
Link abuse: Self-service creation platform link with suspicious recipient behavior | Sublime Security | 3mo ago Dec 2nd, 2025 | /feeds/core/detection-rules/link-abuse-self-service-creation-platform-link-with-suspicious-recipient-behavior-384ad135 | |
Link: Adobe share from unsolicited sender | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-adobe-share-from-unsolicited-sender-8e29ab33 | |
Link: Adobe share with suspicious indicators | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-adobe-share-with-suspicious-indicators-b33cae80 | |
Link: Apple App Store malicious ad manager themed apps from free email provider | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-apple-app-store-malicious-ad-manager-themed-apps-from-free-email-provider-9ce402c6 | |
Link: Apple TestFlight from free email provider | Sublime Security | 4mo ago Oct 17th, 2025 | /feeds/core/detection-rules/link-apple-testflight-from-free-email-provider-9b447f1f | |
Link: Cryptocurrency fraud with suspicious links | Sublime Security | 3mo ago Dec 1st, 2025 | /feeds/core/detection-rules/link-cryptocurrency-fraud-with-suspicious-links-d0da37ce | |
Link: Direct download of executable file | Sublime Security | 8d ago Mar 2nd, 2026 | /feeds/core/detection-rules/link-direct-download-of-executable-file-dbbfd077 | |
Link: Direct link to riddle.com hosted showcase | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-direct-link-to-riddlecom-hosted-showcase-cca7d2f5 | |
Link: Direct link to Zoom Docs from non-Zoom sender | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-direct-link-to-zoom-docs-from-non-zoom-sender-5c6362db | |
Link: Direct MSI download from low reputation domain | Sublime Security | 19d ago Feb 19th, 2026 | /feeds/core/detection-rules/link-direct-msi-download-from-low-reputation-domain-1eb77537 | |
Link: Executable file download with suspicious message content | Sublime Security | 4mo ago Oct 16th, 2025 | /feeds/core/detection-rules/link-executable-file-download-with-suspicious-message-content-ce9a4926 | |
Link: Figma design deck with credential theft language | Sublime Security | 6d ago Mar 4th, 2026 | /feeds/core/detection-rules/link-figma-design-deck-with-credential-theft-language-87601924 | |
Link: File sharing impersonation with suspicious language and sending patterns | Sublime Security | 4mo ago Oct 31st, 2025 | /feeds/core/detection-rules/link-file-sharing-impersonation-with-suspicious-language-and-sending-patterns-d3363041 | |
Link: Free file hosting with undisclosed recipients | Sublime Security | 15d ago Feb 23rd, 2026 | /feeds/core/detection-rules/link-free-file-hosting-with-undisclosed-recipients-b6281306 | |
Link: Google Calendar invite linking to an open redirect from an untrusted freemail sender | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/link-google-calendar-invite-linking-to-an-open-redirect-from-an-untrusted-freemail-sender-bb4f1ea9 | |
Link: Google Drawings link from new sender | Sublime Security | 18h ago Mar 9th, 2026 | /feeds/core/detection-rules/link-google-drawings-link-from-new-sender-fb91c892 | |
Link: Google Forms link with credential theft language | Sublime Security | 8d ago Mar 2nd, 2026 | /feeds/core/detection-rules/link-google-forms-link-with-credential-theft-language-0cad40e2 | |
Link: Google Translate (unsolicited) | @ajpc500 | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-google-translate-unsolicited-6949e115 | |
Link: Hotel booking spoofed display URL | Sublime Security | 21d ago Feb 17th, 2026 | /feeds/core/detection-rules/link-hotel-booking-spoofed-display-url-96deeec7 | |
Link: Invoice or receipt from freemail sender with customer service number | @vector_sec | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-invoice-or-receipt-from-freemail-sender-with-customer-service-number-3825232d | |
Link: IPFS | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-ipfs-19fa6442 | |
Link: Jensi file preview link from unsolicited sender | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-jensi-file-preview-link-from-unsolicited-sender-122b39f3 | |
Link: Microsoft impersonation using hosted png with suspicious link | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-microsoft-impersonation-using-hosted-png-with-suspicious-link-07c696d4 | |
Link: Microsoft protected message with matching sender and recipient addresses | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-microsoft-protected-message-with-matching-sender-and-recipient-addresses-a5a2f75d | |
Link: Multistage landing - Abused Adobe Acrobat hosted PDF | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-multistage-landing-abused-adobe-acrobat-hosted-pdf-609081ef | |
Link: Multistage landing - Abused Docusign | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-multistage-landing-abused-docusign-4189a645 | |
Link: Multistage landing - Abused Google Drive | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-multistage-landing-abused-google-drive-c86288b4 | |
Link: Multistage landing - Ludus presentation | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-multistage-landing-ludus-presentation-a8b3c311 | |
Link: Multistage landing - Trello board abuse | Sublime Security | 6mo ago Aug 20th, 2025 | /feeds/core/detection-rules/link-multistage-landing-trello-board-abuse-14a5b23a | |
Link: MyActiveCampaign Link Abuse | Sublime Security | 6mo ago Aug 20th, 2025 | /feeds/core/detection-rules/link-myactivecampaign-link-abuse-f5b91ce5 | |
Link: .onion From Unsolicited Sender | Sublime Security | 7mo ago Jul 30th, 2025 | /feeds/core/detection-rules/link-onion-from-unsolicited-sender-9ac0fc83 | |
Link: PDF and financial display text to free file host | Sublime Security | 5mo ago Sep 24th, 2025 | /feeds/core/detection-rules/link-pdf-and-financial-display-text-to-free-file-host-b010740b | |
Link: PDF filename impersonation with credential theft language | Sublime Security | 26d ago Feb 12th, 2026 | /feeds/core/detection-rules/link-pdf-filename-impersonation-with-credential-theft-language-05931513 | |
Link: QR code with phishing disposition in img or pdf | Sublime Security | 7mo ago Jul 30th, 2025 | /feeds/core/detection-rules/link-qr-code-with-phishing-disposition-in-img-or-pdf-8e8949f6 | |
Link: QR Code with suspicious language (untrusted sender) | Sublime Security | 7mo ago Jul 30th, 2025 | /feeds/core/detection-rules/link-qr-code-with-suspicious-language-untrusted-sender-25a84d1c | |
Link: Recipient domain in URL path | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-recipient-domain-in-url-path-de08731f |