Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Attachment: QR code link with base64-encoded recipient address | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-qr-code-link-with-base64-encoded-recipient-address-927a0c1a | |
Attachment: QR code with credential phishing indicators | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1 | |
Attachment: QR code with recipient targeting and special characters | Sublime Security | 17d ago Feb 21st, 2026 | /feeds/core/detection-rules/attachment-qr-code-with-recipient-targeting-and-special-characters-fc9e1c09 | |
Attachment: QR code with suspicious URL patterns in EML file | Sublime Security | 17d ago Feb 21st, 2026 | /feeds/core/detection-rules/attachment-qr-code-with-suspicious-url-patterns-in-eml-file-2289acd5 | |
Attachment: RFC822 containing suspicious file sharing language with links from untrusted sender | Sublime Security | 4mo ago Nov 4th, 2025 | /feeds/core/detection-rules/attachment-rfc822-containing-suspicious-file-sharing-language-with-links-from-untrusted-sender-d96854d7 | |
Attachment: RFP/RFQ impersonating government entities | Sublime Security | 2y ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-rfprfq-impersonating-government-entities-3b73e3b3 | |
Attachment: Self-sender PDF with minimal content and view prompt | Sublime Security | 26d ago Feb 12th, 2026 | /feeds/core/detection-rules/attachment-self-sender-pdf-with-minimal-content-and-view-prompt-07670a8c | |
Attachment: Small text file with link containing recipient email address | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-small-text-file-with-link-containing-recipient-email-address-c0472c9d | |
Attachment: Soda PDF producer with encryption themes | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/attachment-soda-pdf-producer-with-encryption-themes-af8eeca4 | |
Attachment: Suspicious employee policy update document lure | Sublime Security | 2mo ago Dec 26th, 2025 | /feeds/core/detection-rules/attachment-suspicious-employee-policy-update-document-lure-a8bf1fd1 | |
Attachment: USDA bid invitation impersonation | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/attachment-usda-bid-invitation-impersonation-34eb9493 | |
Attachment with VBA macros from employee impersonation (unsolicited) | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-with-vba-macros-from-employee-impersonation-unsolicited-9b262123 | |
BEC: Employee impersonation with subject manipulation | Sublime Security | 1mo ago Jan 16th, 2026 | /feeds/core/detection-rules/bec-employee-impersonation-with-subject-manipulation-9adfc77b | |
BEC/Fraud: Generic scam attempt to undisclosed recipients | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/becfraud-generic-scam-attempt-to-undisclosed-recipients-5dac401f | |
BEC/Fraud: Penpal scam | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/becfraud-penpal-scam-a4bdfa17 | |
BEC/Fraud: Romance scam | Sublime Security | 3h ago Mar 9th, 2026 | /feeds/core/detection-rules/becfraud-romance-scam-0243cdaa | |
BEC/Fraud: Student loan callback phishing | Sublime Security | 6mo ago Sep 5th, 2025 | /feeds/core/detection-rules/becfraud-student-loan-callback-phishing-a71f82c3 | |
BEC/Fraud: Urgent language and suspicious sending/infrastructure patterns | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/becfraud-urgent-language-and-suspicious-sendinginfrastructure-patterns-ba8a79e0 | |
BEC with unusual reply-to or return-path mismatch | Sublime Security | 7d ago Mar 3rd, 2026 | /feeds/core/detection-rules/bec-with-unusual-reply-to-or-return-path-mismatch-83e5e2df | |
Benefits enrollment impersonation | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/benefits-enrollment-impersonation-5a6eb5a8 | |
Body: Embedded email headers indicative of thread hijacking/abuse | Sublime Security | 3mo ago Dec 1st, 2025 | /feeds/core/detection-rules/body-embedded-email-headers-indicative-of-thread-hijackingabuse-6e8eeebb | |
Body HTML: Recipient SLD in HTML class | Sublime Security | 5mo ago Sep 23rd, 2025 | /feeds/core/detection-rules/body-html-recipient-sld-in-html-class-d395e41d | |
Brand impersonation: AARP | Sublime Security | 3mo ago Dec 1st, 2025 | /feeds/core/detection-rules/brand-impersonation-aarp-561a7f87 | |
Brand impersonation: Adobe Sign with suspicious indicators | Sublime Security | 2mo ago Jan 8th, 2026 | /feeds/core/detection-rules/brand-impersonation-adobe-sign-with-suspicious-indicators-704d143a | |
Brand impersonation: Adobe with suspicious language and link | Sublime Security | 3mo ago Nov 24th, 2025 | /feeds/core/detection-rules/brand-impersonation-adobe-with-suspicious-language-and-link-32cc8bf1 | |
Brand impersonation: ADP | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/brand-impersonation-adp-bb9cf46b | |
Brand impersonation: AliExpress | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/brand-impersonation-aliexpress-b14703d8 | |
Brand impersonation: Amazon | Sublime Security | 25d ago Feb 13th, 2026 | /feeds/core/detection-rules/brand-impersonation-amazon-13fc967d | |
Brand impersonation: Amazon Web Services (AWS) | Sublime Security | 5mo ago Oct 10th, 2025 | /feeds/core/detection-rules/brand-impersonation-amazon-web-services-aws-31de94e0 | |
Brand impersonation: Amazon with suspicious attachment | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/brand-impersonation-amazon-with-suspicious-attachment-5751dcb9 | |
Brand impersonation: American Express (AMEX) | Sublime Security | 21d ago Feb 17th, 2026 | /feeds/core/detection-rules/brand-impersonation-american-express-amex-992a9fa9 | |
Brand impersonation: Apple | Sublime Security | 3y ago Aug 21st, 2023 | /feeds/core/detection-rules/brand-impersonation-apple-0b17f2c2 | |
Brand impersonation: Aquent | Sublime Security | 5mo ago Oct 9th, 2025 | /feeds/core/detection-rules/brand-impersonation-aquent-5074459c | |
Brand impersonation: Aramco | Sublime Security | 1mo ago Jan 28th, 2026 | /feeds/core/detection-rules/brand-impersonation-aramco-96e87699 | |
Brand impersonation: AuthentiSign | Sublime Security | 1mo ago Jan 21st, 2026 | /feeds/core/detection-rules/brand-impersonation-authentisign-445a8c8b | |
Brand impersonation: Bank of America | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/brand-impersonation-bank-of-america-d2fc6ea1 | |
Brand impersonation: Barracuda Networks | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/brand-impersonation-barracuda-networks-583fd5eb | |
Brand impersonation: Binance | Sublime Security | 6mo ago Sep 3rd, 2025 | /feeds/core/detection-rules/brand-impersonation-binance-c3302a76 | |
Brand impersonation: Blockchain[.]com | Sublime Security | 1mo ago Jan 21st, 2026 | /feeds/core/detection-rules/brand-impersonation-blockchaincom-0d85e555 | |
Brand impersonation: Booking.com | Sublime Security | 4mo ago Nov 3rd, 2025 | /feeds/core/detection-rules/brand-impersonation-bookingcom-d1d8882f | |
Brand impersonation: Box file sharing service | Sublime Security | 5mo ago Sep 23rd, 2025 | /feeds/core/detection-rules/brand-impersonation-box-file-sharing-service-03da310c | |
Brand impersonation: Capital One | Sublime Security | 3mo ago Nov 17th, 2025 | /feeds/core/detection-rules/brand-impersonation-capital-one-d53848e4 | |
Brand impersonation: Charles Schwab | Sublime Security | 6mo ago Sep 3rd, 2025 | /feeds/core/detection-rules/brand-impersonation-charles-schwab-7abde595 | |
Brand impersonation: Chase Bank | Sublime Security | 8d ago Mar 2nd, 2026 | /feeds/core/detection-rules/brand-impersonation-chase-bank-c680f1e7 | |
Brand impersonation: Chase bank with credential phishing indicators | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/brand-impersonation-chase-bank-with-credential-phishing-indicators-d9577856 | |
Brand impersonation: Coinbase | Sublime Security | 4mo ago Nov 4th, 2025 | /feeds/core/detection-rules/brand-impersonation-coinbase-3dca757a | |
Brand impersonation: Dashlane | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/brand-impersonation-dashlane-9e400937 | |
Brand impersonation: DHL | Sublime Security | 3mo ago Dec 1st, 2025 | /feeds/core/detection-rules/brand-impersonation-dhl-be4b4ae0 | |
Brand impersonation: DigitalOcean | Sublime Security | 5mo ago Sep 18th, 2025 | /feeds/core/detection-rules/brand-impersonation-digitalocean-7f2f0e97 | |
Brand impersonation: Discord notification | Sublime Security | 4mo ago Oct 23rd, 2025 | /feeds/core/detection-rules/brand-impersonation-discord-notification-97007826 |