Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Suspicious recipients pattern with NLU credential theft indicators | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-recipients-pattern-with-nlu-credential-theft-indicators-8e121c3e | |
Suspicious sender display name with long procedurally generated text blob | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/suspicious-sender-display-name-with-long-procedurally-generated-text-blob-2a40b043 | |
Suspicious subject with long procedurally generated text blob | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-subject-with-long-procedurally-generated-text-blob-e819593d | |
Truth Social infrastructure abuse via link redirect | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/truth-social-infrastructure-abuse-via-link-redirect-aaaa30a8 | |
Twitter infrastructure abuse via link shortener | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/twitter-infrastructure-abuse-via-link-shortener-99ca165e | |
Unicode QR code | Sublime Security | 5mo ago Aug 25th, 2025 | /feeds/core/detection-rules/unicode-qr-code-1a0bdd25 | |
Unusually long local part from untrusted sender address | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/unusually-long-local-part-from-untrusted-sender-address-91a9cd45 | |
URI protocol handler: search-ms | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/uri-protocol-handler-search-ms-ee27d9c0 | |
URL with Unicode U+2044 (⁄) or U+2215 (∕) characters | @delivr_to | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/url-with-unicode-u2044-or-u2215-characters-12069f5b | |
Vendor compromise: GovDelivery message with suspicious link | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/vendor-compromise-govdelivery-message-with-suspicious-link-0d2d5172 | |
Venmo payment request abuse | Sublime Security | 4mo ago Sep 5th, 2025 | /feeds/core/detection-rules/venmo-payment-request-abuse-4450639a | |
VIP impersonation: Fake thread with display name match, email mismatch | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/vip-impersonation-fake-thread-with-display-name-match-email-mismatch-11cc3e28 | |
VIP Impersonation via Google Group relay with suspicious indicators | Sublime Security | 2mo ago Nov 12th, 2025 | /feeds/core/detection-rules/vip-impersonation-via-google-group-relay-with-suspicious-indicators-57f9cd3b | |
Xero infrastructure abuse | Sublime Security | 2mo ago Nov 3rd, 2025 | /feeds/core/detection-rules/xero-infrastructure-abuse-918c4bd3 |