Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Attachment: Archive contains DLL-loading macro | Sublime Security | 3y ago Dec 28th, 2023 | /feeds/core/detection-rules/attachment-archive-contains-dll-loading-macro-3a193f5f | |
Attachment: Archive with embedded EXE file | Sublime Security | 2y ago Feb 27th, 2024 | /feeds/core/detection-rules/attachment-archive-with-embedded-exe-file-e2b0ad86 | |
Attachment: DocX embedded binary | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/attachment-docx-embedded-binary-feff0241 | |
Attachment: EML with Encrypted ZIP | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-eml-with-encrypted-zip-6897a8f7 | |
Attachment: HTML file with excessive padding and suspicious patterns | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-file-with-excessive-padding-and-suspicious-patterns-0a6aee1e | |
Attachment: HTML file with reference to recipient and suspicious patterns | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-file-with-reference-to-recipient-and-suspicious-patterns-5333493d | |
Attachment: HTML smuggling with embedded base64-encoded executable | Sublime Security | 2y ago Mar 25th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-executable-b00c4527 | |
Attachment: JavaScript file with suspicious base64-encoded executable | Sublime Security | 2y ago Apr 1st, 2024 | /feeds/core/detection-rules/attachment-javascript-file-with-suspicious-base64-encoded-executable-b8db0cf3 | |
Attachment: Malformed OLE file | Sublime Security | 2y ago Nov 25th, 2024 | /feeds/core/detection-rules/attachment-malformed-ole-file-5aadc68f | |
Attachment: Malicious OneNote commands | @Kyle_Parrish_ | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-malicious-onenote-commands-7319f0eb | |
Attachment: Password-protected PDF with fake document indicators | Sublime Security | 2d ago Jan 21st, 2026 | /feeds/core/detection-rules/attachment-password-protected-pdf-with-fake-document-indicators-b45e4440 | |
Attachment: RTF with embedded content | @amitchell516 | 2y ago Feb 26th, 2024 | /feeds/core/detection-rules/attachment-rtf-with-embedded-content-61dd2dd7 | |
Attachment: WinRAR CVE-2025-8088 exploitation | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-winrar-cve-2025-8088-exploitation-33b3a82b | |
Attachment with unscannable encrypted zip (unsolicited) | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/attachment-with-unscannable-encrypted-zip-unsolicited-529d4a9a | |
Encrypted Microsoft Office files from untrusted sender | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/encrypted-microsoft-office-files-from-untrusted-sender-eb7b26e7 | |
Link to auto-downloaded disk image in encrypted zip | @ajpc500 | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-to-auto-downloaded-disk-image-in-encrypted-zip-b50f0cb1 | |
Link to auto-downloaded DMG in encrypted zip | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/link-to-auto-downloaded-dmg-in-encrypted-zip-43af98d3 | |
Link to auto-download of a suspicious file type (unsolicited) | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-to-auto-download-of-a-suspicious-file-type-unsolicited-67ae2152 |