Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Adobe branded PDF file linking to a password-protected file from untrusted sender | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/adobe-branded-pdf-file-linking-to-a-password-protected-file-from-untrusted-sender-5ea75469 | |
Attachment: Base64 encoded bash command in filename | @vector_sec | 4mo ago Sep 5th, 2025 | /feeds/core/detection-rules/attachment-base64-encoded-bash-command-in-filename-819f69c8 | |
Attachment: EML with Encrypted ZIP | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-eml-with-encrypted-zip-6897a8f7 | |
Attachment: Encrypted Microsoft Office file (unsolicited) | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-encrypted-microsoft-office-file-unsolicited-1e47e953 | |
Attachment: Encrypted PDF with credential theft body | Sublime Security | 1mo ago Dec 1st, 2025 | /feeds/core/detection-rules/attachment-encrypted-pdf-with-credential-theft-body-c9596c9a | |
Attachment: Encrypted zip file with payment-related lure | Sublime Security | 1mo ago Nov 25th, 2025 | /feeds/core/detection-rules/attachment-encrypted-zip-file-with-payment-related-lure-5d1eb7af | |
Attachment: HTML smuggling with excessive line break obfuscation | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-smuggling-with-excessive-line-break-obfuscation-7e901440 | |
Attachment: HTML smuggling with RC4 decryption | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-smuggling-with-rc4-decryption-3a46d765 | |
Attachment: HTML smuggling with ROT13 | @Kyle_Parrish_ | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/attachment-html-smuggling-with-rot13-6eacc4cf | |
Attachment: Password-protected PDF with fake document indicators | Sublime Security | 2d ago Jan 21st, 2026 | /feeds/core/detection-rules/attachment-password-protected-pdf-with-fake-document-indicators-b45e4440 | |
Attachment: PDF with recipient email in link | Sublime Security | 2d ago Jan 21st, 2026 | /feeds/core/detection-rules/attachment-pdf-with-recipient-email-in-link-0399d08f | |
Attachment with encrypted zip (unsolicited) | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/attachment-with-encrypted-zip-unsolicited-697c87ae | |
Attachment with unscannable encrypted zip (unsolicited) | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/attachment-with-unscannable-encrypted-zip-unsolicited-529d4a9a | |
Encrypted Microsoft Office files from untrusted sender | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/encrypted-microsoft-office-files-from-untrusted-sender-eb7b26e7 | |
Link: Base64 encoded recipient address in URL fragment with subject hash | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-base64-encoded-recipient-address-in-url-fragment-with-subject-hash-eb9694b8 | |
Link: Excessive URL rewrite encoders | Sublime Security | 2d ago Jan 21st, 2026 | /feeds/core/detection-rules/link-excessive-url-rewrite-encoders-b88e53a7 | |
Link to auto-downloaded disk image in encrypted zip | @ajpc500 | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-to-auto-downloaded-disk-image-in-encrypted-zip-b50f0cb1 | |
Link to auto-downloaded DMG in encrypted zip | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/link-to-auto-downloaded-dmg-in-encrypted-zip-43af98d3 | |
Link to auto-download of a suspicious file type (unsolicited) | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-to-auto-download-of-a-suspicious-file-type-unsolicited-67ae2152 |