Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Feb 14th, 2025
Feed Source
Attack Type is
Rule Name & Severity | Author | Last Updated | Labels | |
---|---|---|---|---|
Advance Fee Fraud (AFF) from freemail provider or suspicious TLD | Sublime Security | 3mo ago Nov 5th, 2024 | /feeds/core/detection-rules/advance-fee-fraud-aff-from-freemail-provider-or-suspicious-tld-6a5af373 | |
AnonymousFox Indicators | Sublime Security | 7mo ago Jul 19th, 2024 | /feeds/core/detection-rules/anonymousfox-indicators-2506206e | |
Attachment: Link to Doubleclick.net Open Redirect | Sublime Security | 3mo ago Oct 24th, 2024 | /feeds/core/detection-rules/attachment-link-to-doubleclicknet-open-redirect-506c16cc | |
Attachment: PDF file with Link to Fake Bitcoin Exchange | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-pdf-file-with-link-to-fake-bitcoin-exchange-47601cb7 | |
Attachment: RFP/RFQ impersonating government entities | Sublime Security | 1y ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-rfprfq-impersonating-government-entities-3b73e3b3 | |
BEC: Employee impersonation with subject manipulation | Sublime Security | 1y ago Jan 22nd, 2024 | /feeds/core/detection-rules/bec-employee-impersonation-with-subject-manipulation-9adfc77b | |
BEC/Fraud: Generic Scam attempt to Undisclosed Receipients | Sublime Security | 9mo ago Apr 23rd, 2024 | /feeds/core/detection-rules/becfraud-generic-scam-attempt-to-undisclosed-receipients-5dac401f | |
BEC/Fraud - Job Scam Fake thread or plaintext pivot to freemail | Sublime Security | 1y ago Jan 8th, 2024 | /feeds/core/detection-rules/becfraud-job-scam-fake-thread-or-plaintext-pivot-to-freemail-ce21c151 | |
BEC/Fraud: Romance Scam | Sublime Security | 2y ago Nov 23rd, 2023 | /feeds/core/detection-rules/becfraud-romance-scam-0243cdaa | |
BEC/Fraud: Scam Lure with freemail pivot | Sublime Security | 8mo ago Jun 3rd, 2024 | /feeds/core/detection-rules/becfraud-scam-lure-with-freemail-pivot-898c769f | |
BEC/Fraud - Student loan callback phishing | Sublime Security | 4mo ago Oct 4th, 2024 | /feeds/core/detection-rules/becfraud-student-loan-callback-phishing-a71f82c3 | |
BEC/Fraud: Urgent Language and Suspicious Sending/Infrastructure Patterns | Sublime Security | 1mo ago Jan 16th, 2025 | /feeds/core/detection-rules/becfraud-urgent-language-and-suspicious-sendinginfrastructure-patterns-ba8a79e0 | |
BEC with unusual Reply-to or Return-path mismatch | Sublime Security | 5mo ago Aug 27th, 2024 | /feeds/core/detection-rules/bec-with-unusual-reply-to-or-return-path-mismatch-83e5e2df | |
Brand impersonation: Aramco | Sublime Security | 4mo ago Oct 10th, 2024 | /feeds/core/detection-rules/brand-impersonation-aramco-96e87699 | |
Brand impersonation: Enbridge | Sublime Security | 24d ago Jan 24th, 2025 | /feeds/core/detection-rules/brand-impersonation-enbridge-203a6a28 | |
Brand impersonation: Interac | Sublime Security | 5mo ago Sep 16th, 2024 | /feeds/core/detection-rules/brand-impersonation-interac-50a883dc | |
Brand Impersonation: Mailgun | Sublime Security | 3mo ago Nov 15th, 2024 | /feeds/core/detection-rules/brand-impersonation-mailgun-59cc84e6 | |
Brand impersonation: Microsoft logo or suspicious language with open redirect | Sublime Security | 11mo ago Mar 7th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-logo-or-suspicious-language-with-open-redirect-27b8d8d8 | |
Brand Impersonation: QuickBooks Notification From Intuit Themed Company Name | Sublime Security | 2mo ago Dec 16th, 2024 | /feeds/core/detection-rules/brand-impersonation-quickbooks-notification-from-intuit-themed-company-name-42058fc4 | |
Business Email Compromise (BEC) attempt from unsolicited sender | Sublime Security | 9mo ago Apr 23rd, 2024 | /feeds/core/detection-rules/business-email-compromise-bec-attempt-from-unsolicited-sender-57eccc45 | |
Business Email Compromise (BEC) attempt from untrusted sender | Sublime Security | 7mo ago Jun 24th, 2024 | /feeds/core/detection-rules/business-email-compromise-bec-attempt-from-untrusted-sender-96d4c35a | |
Business Email Compromise (BEC) attempt from untrusted sender (French/Français) | Sublime Security | 3mo ago Nov 14th, 2024 | /feeds/core/detection-rules/business-email-compromise-bec-attempt-from-untrusted-sender-frenchfrancais-b7d1e096 | |
Business Email Compromise (BEC) attempt with masked recipients and reply-to mismatch (unsolicited) | Sublime Security | 11mo ago Feb 23rd, 2024 | /feeds/core/detection-rules/business-email-compromise-bec-attempt-with-masked-recipients-and-reply-to-mismatch-unsolicited-682191bf | |
Business Email Compromise (BEC) with request for mobile number | Sublime Security | 5mo ago Aug 29th, 2024 | /feeds/core/detection-rules/business-email-compromise-bec-with-request-for-mobile-number-514ffd68 | |
COVID-19 themed fraud with sender and reply-to mismatch | Sublime Security | 8mo ago Jun 13th, 2024 | /feeds/core/detection-rules/covid-19-themed-fraud-with-sender-and-reply-to-mismatch-a16480ef | |
Employee Impersonation: Payroll Fraud | Sublime Security | 2mo ago Dec 16th, 2024 | /feeds/core/detection-rules/employee-impersonation-payroll-fraud-2beb7d85 | |
Employee impersonation with urgent request (untrusted sender) | Sublime Security | 7mo ago Jul 17th, 2024 | /feeds/core/detection-rules/employee-impersonation-with-urgent-request-untrusted-sender-1ce9a146 | |
Extortion / Sextortion - PDF attachment leveraging breach data from freemail sender | Sublime Security | 14d ago Feb 3rd, 2025 | /feeds/core/detection-rules/extortion-sextortion-pdf-attachment-leveraging-breach-data-from-freemail-sender-efb5a213 | |
Fake Message Thread - Untrusted Sender with a Mismatched Freemail Reply-To Address | Sublime Security | 1mo ago Jan 9th, 2025 | /feeds/core/detection-rules/fake-message-thread-untrusted-sender-with-a-mismatched-freemail-reply-to-address-ca64e819 | |
Fake request for tax preparation | Sublime Security | 7mo ago Jul 12th, 2024 | /feeds/core/detection-rules/fake-request-for-tax-preparation-e36b85b3 | |
Fake thread with suspicious indicators | Sublime Security | 6mo ago Aug 7th, 2024 | /feeds/core/detection-rules/fake-thread-with-suspicious-indicators-c2e18a57 | |
File sharing link with a suspicious subject | Sublime Security | 9mo ago Apr 23rd, 2024 | /feeds/core/detection-rules/file-sharing-link-with-a-suspicious-subject-a306e2a6 | |
Fraudulent E-commerce Operators | Sublime Security | 2mo ago Nov 20th, 2024 | /feeds/core/detection-rules/fraudulent-e-commerce-operators-3776a6fc | |
Headers: iOS/iPadOS mailer with invalid build number | Sublime Security | 2y ago Aug 17th, 2023 | /feeds/core/detection-rules/headers-iosipados-mailer-with-invalid-build-number-e0b74072 | |
Honorific greeting BEC attempt with sender and reply-to mismatch | Sublime Security | 5mo ago Aug 27th, 2024 | /feeds/core/detection-rules/honorific-greeting-bec-attempt-with-sender-and-reply-to-mismatch-aa41b1b7 | |
HR Impersonation via E-sign Agreement Comment | Sublime Security | 3mo ago Nov 15th, 2024 | /feeds/core/detection-rules/hr-impersonation-via-e-sign-agreement-comment-796c6f0f | |
Impersonation: Human Resources with link or attachment and engaging language | Sublime Security | 3d ago Feb 14th, 2025 | /feeds/core/detection-rules/impersonation-human-resources-with-link-or-attachment-and-engaging-language-8c95a6a8 | |
Impersonation: Suspected supplier impersonation with suspicious content | Sublime Security | 14d ago Feb 3rd, 2025 | /feeds/core/detection-rules/impersonation-suspected-supplier-impersonation-with-suspicious-content-63d8b1ce | |
Job Scam (unsolicited sender) | Sublime Security | 2mo ago Dec 5th, 2024 | /feeds/core/detection-rules/job-scam-unsolicited-sender-a37dc32d | |
Link: Invoice or receipt from freemail sender with customer service number | @vector_sec | 2y ago Oct 4th, 2023 | /feeds/core/detection-rules/link-invoice-or-receipt-from-freemail-sender-with-customer-service-number-3825232d | |
Lookalike sender domain (untrusted sender) | Sublime Security | 8mo ago Jun 3rd, 2024 | /feeds/core/detection-rules/lookalike-sender-domain-untrusted-sender-67721993 | |
Microsoft Infrastructure Abuse With Suspicious Patterns | Sublime Security | 1mo ago Jan 7th, 2025 | /feeds/core/detection-rules/microsoft-infrastructure-abuse-with-suspicious-patterns-cfe8e804 | |