• Sublime Core Feed

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Apr 12th, 2024
Feed Source
GitHub
Rule Name & Severity
Author
Last Updated
Labels
Attachment: HTML smuggling with auto-downloaded file
Sublime Security
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-auto-downloaded-file-abf724f5
Attachment: HTML smuggling with base64 encoded JavaScript function
Sublime Security
8 months ago
Aug 27th, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-base64-encoded-javascript-function-4e8a12ec
Attachment: HTML smuggling with concatenation obfuscation
@vector_sec
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-concatenation-obfuscation-108ab346
Attachment: HTML smuggling with decimal encoding
Sublime Security
3 months ago
Jan 9th, 2024
/feeds/core/detection-rules/attachment-html-smuggling-with-decimal-encoding-f99213c4
Attachment: HTML smuggling with embedded base64-encoded executable
Sublime Security
20 days ago
Mar 25th, 2024
/feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-executable-b00c4527
Attachment: HTML smuggling with embedded base64-encoded ISO
Sublime Security
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-iso-294ecd2d
Attachment: HTML smuggling with embedded base64 streamed file download
Sublime Security
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-streamed-file-download-e04de4e2
Attachment: HTML smuggling with eval and atob
Sublime Security
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-eval-and-atob-9f521ca2
Attachment: HTML smuggling with excessive line break obfuscation
Sublime Security
7 months ago
Sep 8th, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-excessive-line-break-obfuscation-7e901440
Attachment: HTML smuggling with fromCharCode and other signals
Sublime Security
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-fromcharcode-and-other-signals-a68ce0ef
Attachment: HTML smuggling with hex strings
@ajpc500
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-hex-strings-b4208ed6
Attachment: HTML smuggling with high entropy and other signals
Sublime Security
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-high-entropy-and-other-signals-be157288
Attachment: HTML smuggling with raw array buffer
Sublime Security
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-raw-array-buffer-a0d5c3dc
Attachment: HTML smuggling with RC4 decryption
Sublime Security
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-rc4-decryption-3a46d765
Attachment: HTML smuggling with ROT13
@Kyle_Parrish_
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-rot13-6eacc4cf
Attachment: HTML smuggling with setTimeout
Sublime Security
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-settimeout-4e0b2c32
Attachment: HTML smuggling with unescape
Sublime Security
7 months ago
Sep 22nd, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-unescape-0b0fed36
Attachment: HTML with obfuscation and recipient's email in JavaScript strings
Sublime Security
2 months ago
Feb 7th, 2024
/feeds/core/detection-rules/attachment-html-with-obfuscation-and-recipients-email-in-javascript-strings-1aff486b
Attachment: ICS with embedded document
Sublime Security
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-ics-with-embedded-document-8f9957d9
Attachment: JavaScript file with suspicious base64-encoded executable
Sublime Security
13 days ago
Apr 1st, 2024
/feeds/core/detection-rules/attachment-javascript-file-with-suspicious-base64-encoded-executable-b8db0cf3
Attachment: Link file with UNC path
Sublime Security
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-link-file-with-unc-path-3b7ee0fb
Attachment: LNK file
@ajpc500
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-lnk-file-44532abe
Attachment: LNK with embedded content
@ajpc500
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-lnk-with-embedded-content-41452f7a
Attachment: Macro with Suspected Use of COM ShellBrowserWindow Object for Process Creation
@ajpc500
4 months ago
Dec 19th, 2023
/feeds/core/detection-rules/attachment-macro-with-suspected-use-of-com-shellbrowserwindow-object-for-process-creation-527fc7f0
Attachment: Malicious OneNote Commands
@Kyle_Parrish_
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-malicious-onenote-commands-7319f0eb
Attachment: Microsoft 365 Credential Phishing
Sublime Security
4 months ago
Dec 21st, 2023
/feeds/core/detection-rules/attachment-microsoft-365-credential-phishing-edce0229
Attachment: Microsoft impersonation via PDF with link and suspicious language
Sublime Security
22 days ago
Mar 24th, 2024
/feeds/core/detection-rules/attachment-microsoft-impersonation-via-pdf-with-link-and-suspicious-language-70d41c7f
Attachment: MSI Installer file
@ajpc500
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-msi-installer-file-ae17b1a9
Attachment: Office document loads remote document template
Sublime Security
2 months ago
Feb 12th, 2024
/feeds/core/detection-rules/attachment-office-document-loads-remote-document-template-d9601104
Attachment: Office Document with VSTO Add-in
@vector_sec
3 months ago
Jan 11th, 2024
/feeds/core/detection-rules/attachment-office-document-with-vsto-add-in-27afa730
Attachment: Office file contains OLE relationship to credential phishing page
Sublime Security
5 months ago
Nov 29th, 2023
/feeds/core/detection-rules/attachment-office-file-contains-ole-relationship-to-credential-phishing-page-d55793d0
Attachment: Office file with suspicious function calls or downloaded file path
Sublime Security
2 months ago
Feb 9th, 2024
/feeds/core/detection-rules/attachment-office-file-with-suspicious-function-calls-or-downloaded-file-path-4c78b969
Attachment: OLE external relationship containing file scheme link to executable filetype
Sublime Security
10 days ago
Apr 4th, 2024
/feeds/core/detection-rules/attachment-ole-external-relationship-containing-file-scheme-link-to-executable-filetype-33bf6fd4
Attachment: OLE external relationship containing file scheme link to IP address
Sublime Security
3 days ago
Apr 12th, 2024
/feeds/core/detection-rules/attachment-ole-external-relationship-containing-file-scheme-link-to-ip-address-3aab998c
Attachment: PDF file with Link to Fake Bitcoin Exchange
Sublime Security
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-pdf-file-with-link-to-fake-bitcoin-exchange-47601cb7
Attachment: PDF file with low reputation links to suspicious filetypes (unsolicited)
Sublime Security
6 months ago
Oct 4th, 2023
/feeds/core/detection-rules/attachment-pdf-file-with-low-reputation-links-to-suspicious-filetypes-unsolicited-6144f880
Attachment: PDF file with low reputation link to ZIP file (unsolicited)
Michael Tingle
6 months ago
Oct 4th, 2023
/feeds/core/detection-rules/attachment-pdf-file-with-low-reputation-link-to-zip-file-unsolicited-d1ee2859
Attachment: PDF with credential theft language and link to a free subdomain (unsolicited)
Sublime Security
2 months ago
Jan 30th, 2024
/feeds/core/detection-rules/attachment-pdf-with-credential-theft-language-and-link-to-a-free-subdomain-unsolicited-90f4ef4e
Attachment: PDF with embedded Javascript
Sublime Security
5 months ago
Nov 30th, 2023
/feeds/core/detection-rules/attachment-pdf-with-embedded-javascript-d4cde94f
Attachment: PDF with link to DMG file download
Sublime Security
6 months ago
Oct 4th, 2023
/feeds/core/detection-rules/attachment-pdf-with-link-to-dmg-file-download-2c486fe0
Attachment: PDF with link to zip containing a wsf file
Sublime Security
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-pdf-with-link-to-zip-containing-a-wsf-file-93bc7db4
Attachment: PDF with suspicious language and redirect to suspicious file type
Sublime Security
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-pdf-with-suspicious-language-and-redirect-to-suspicious-file-type-adda3c3f
Attachment: Potential Sandbox Evasion in Office File
@ajpc500
4 months ago
Dec 19th, 2023
/feeds/core/detection-rules/attachment-potential-sandbox-evasion-in-office-file-1c591681
Attachment: PowerPoint with suspicious hyperlink
Sublime Security
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-powerpoint-with-suspicious-hyperlink-0a999fb1
Attachment: PowerShell Content
@ajpc500
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-powershell-content-c12566db
Attachment: Python generated PDF with link
@affje0x65
2 months ago
Feb 7th, 2024
/feeds/core/detection-rules/attachment-python-generated-pdf-with-link-2fec884d
Attachment: QR code with credential phishing indicators
Sublime Security
4 months ago
Dec 20th, 2023
/feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1
Attachment: RDP Connection file
@ajpc500
8 months ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-rdp-connection-file-2409a422
Attachment: RFC822 containing suspicious file sharing language with links from untrusted sender
Sublime Security
11 days ago
Apr 3rd, 2024
/feeds/core/detection-rules/attachment-rfc822-containing-suspicious-file-sharing-language-with-links-from-untrusted-sender-d96854d7
Attachment: RFP/RFQ impersonating government entities
Sublime Security
2 months ago
Jan 30th, 2024
/feeds/core/detection-rules/attachment-rfprfq-impersonating-government-entities-3b73e3b3
351 Rules
Page 2 of 8