• Sublime Core Feed

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Sep 13th, 2024
Feed Source
GitHub
Attack Type is
Rule Name & Severity
Author
Last Updated
Labels
Advance Fee Fraud (AFF) from freemail provider or suspicious TLD
Sublime Security
3 months ago
Jun 3rd, 2024
BEC/Fraud
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/advance-fee-fraud-aff-from-freemail-provider-or-suspicious-tld-6a5af373
AnonymousFox Indicators
Sublime Security
2 months ago
Jul 19th, 2024
/feeds/core/detection-rules/anonymousfox-indicators-2506206e
Attachment: PDF file with Link to Fake Bitcoin Exchange
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-pdf-file-with-link-to-fake-bitcoin-exchange-47601cb7
Attachment: RFP/RFQ impersonating government entities
Sublime Security
8 months ago
Jan 30th, 2024
/feeds/core/detection-rules/attachment-rfprfq-impersonating-government-entities-3b73e3b3
BEC: Employee impersonation with subject manipulation
Sublime Security
8 months ago
Jan 22nd, 2024
/feeds/core/detection-rules/bec-employee-impersonation-with-subject-manipulation-9adfc77b
BEC/Fraud: Generic Scam attempt to Undisclosed Receipients
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/becfraud-generic-scam-attempt-to-undisclosed-receipients-5dac401f
BEC/Fraud - Job Scam Fake thread or plaintext pivot to freemail
Sublime Security
8 months ago
Jan 8th, 2024
/feeds/core/detection-rules/becfraud-job-scam-fake-thread-or-plaintext-pivot-to-freemail-ce21c151
BEC/Fraud: Romance Scam
Sublime Security
10 months ago
Nov 23rd, 2023
/feeds/core/detection-rules/becfraud-romance-scam-0243cdaa
BEC/Fraud: Scam Lure with freemail pivot
Sublime Security
3 months ago
Jun 3rd, 2024
/feeds/core/detection-rules/becfraud-scam-lure-with-freemail-pivot-898c769f
BEC with unusual Reply-to or Return-path mismatch
Sublime Security
19 days ago
Aug 27th, 2024
/feeds/core/detection-rules/bec-with-unusual-reply-to-or-return-path-mismatch-83e5e2df
Brand impersonation: Aramco
Sublime Security
3 months ago
Jun 20th, 2024
/feeds/core/detection-rules/brand-impersonation-aramco-96e87699
Brand Impersonation: Mailgun
Sublime Security
2 days ago
Sep 13th, 2024
/feeds/core/detection-rules/brand-impersonation-mailgun-59cc84e6
Brand impersonation: Microsoft logo or suspicious language with open redirect
Sublime Security
6 months ago
Mar 7th, 2024
/feeds/core/detection-rules/brand-impersonation-microsoft-logo-or-suspicious-language-with-open-redirect-27b8d8d8
Business Email Compromise (BEC) attempt from unsolicited sender
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/business-email-compromise-bec-attempt-from-unsolicited-sender-57eccc45
Business Email Compromise (BEC) attempt from untrusted sender
Sublime Security
3 months ago
Jun 24th, 2024
/feeds/core/detection-rules/business-email-compromise-bec-attempt-from-untrusted-sender-96d4c35a
Business Email Compromise (BEC) attempt with masked recipients and reply-to mismatch (unsolicited)
Sublime Security
7 months ago
Feb 23rd, 2024
/feeds/core/detection-rules/business-email-compromise-bec-attempt-with-masked-recipients-and-reply-to-mismatch-unsolicited-682191bf
Business Email Compromise (BEC) with request for mobile number
Sublime Security
17 days ago
Aug 29th, 2024
/feeds/core/detection-rules/business-email-compromise-bec-with-request-for-mobile-number-514ffd68
COVID-19 themed fraud with sender and reply-to mismatch
Sublime Security
3 months ago
Jun 13th, 2024
/feeds/core/detection-rules/covid-19-themed-fraud-with-sender-and-reply-to-mismatch-a16480ef
Employee Impersonation: Payroll Fraud
Sublime Security
5 months ago
Apr 11th, 2024
/feeds/core/detection-rules/employee-impersonation-payroll-fraud-2beb7d85
Employee impersonation with urgent request (untrusted sender)
Sublime Security
2 months ago
Jul 17th, 2024
/feeds/core/detection-rules/employee-impersonation-with-urgent-request-untrusted-sender-1ce9a146
Extortion / Sextortion - PDF attachment leveraging breach data from freemail sender
Sublime Security
3 days ago
Sep 12th, 2024
/feeds/core/detection-rules/extortion-sextortion-pdf-attachment-leveraging-breach-data-from-freemail-sender-efb5a213
Fake Message Thread - Untrusted Sender with a Mismatched Freemail Reply-To Address
Sublime Security
4 days ago
Sep 11th, 2024
/feeds/core/detection-rules/fake-message-thread-untrusted-sender-with-a-mismatched-freemail-reply-to-address-ca64e819
Fake request for tax preparation
Sublime Security
2 months ago
Jul 12th, 2024
/feeds/core/detection-rules/fake-request-for-tax-preparation-e36b85b3
Fake thread with suspicious indicators
Sublime Security
a month ago
Aug 7th, 2024
/feeds/core/detection-rules/fake-thread-with-suspicious-indicators-c2e18a57
File sharing link with a suspicious subject
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/file-sharing-link-with-a-suspicious-subject-a306e2a6
Fraudulent E-commerce Operators
Sublime Security
5 days ago
Sep 10th, 2024
/feeds/core/detection-rules/fraudulent-e-commerce-operators-3776a6fc
Headers: iOS/iPadOS mailer with invalid build number
Sublime Security
a year ago
Aug 17th, 2023
/feeds/core/detection-rules/headers-iosipados-mailer-with-invalid-build-number-e0b74072
Honorific greeting BEC attempt with sender and reply-to mismatch
Sublime Security
19 days ago
Aug 27th, 2024
/feeds/core/detection-rules/honorific-greeting-bec-attempt-with-sender-and-reply-to-mismatch-aa41b1b7
Impersonation: Human Resources with link or attachment and engaging language
Sublime Security
a month ago
Aug 12th, 2024
/feeds/core/detection-rules/impersonation-human-resources-with-link-or-attachment-and-engaging-language-8c95a6a8
Impersonation: Suspected supplier impersonation with suspicious content
Sublime Security
4 months ago
May 21st, 2024
/feeds/core/detection-rules/impersonation-suspected-supplier-impersonation-with-suspicious-content-63d8b1ce
Job Scam (unsolicited sender)
Sublime Security
3 months ago
Jun 24th, 2024
/feeds/core/detection-rules/job-scam-unsolicited-sender-a37dc32d
Link: Invoice or receipt from freemail sender with customer service number
@vector_sec
a year ago
Oct 4th, 2023
/feeds/core/detection-rules/link-invoice-or-receipt-from-freemail-sender-with-customer-service-number-3825232d
Lookalike sender domain (untrusted sender)
Sublime Security
3 months ago
Jun 3rd, 2024
/feeds/core/detection-rules/lookalike-sender-domain-untrusted-sender-67721993
Microsoft Infrastructure Abuse With Suspicious Patterns
Sublime Security
11 days ago
Sep 4th, 2024
/feeds/core/detection-rules/microsoft-infrastructure-abuse-with-suspicious-patterns-cfe8e804
PayPal Invoice Abuse
Sublime Security
6 days ago
Sep 9th, 2024
/feeds/core/detection-rules/paypal-invoice-abuse-0ff7a0d4
PenPal Scam
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/penpal-scam-a4bdfa17
Request for Quote or Purchase (RFQ|RFP) with suspicious sender or recipient pattern
Sublime Security
4 months ago
May 3rd, 2024
/feeds/core/detection-rules/request-for-quote-or-purchase-rfqorrfp-with-suspicious-sender-or-recipient-pattern-2ac0d329
Russia return-path TLD (untrusted sender)
Sublime Security
7 months ago
Feb 23rd, 2024
/feeds/core/detection-rules/russia-return-path-tld-untrusted-sender-588b3954
Stripe Invoice Abuse
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/stripe-invoice-abuse-90162d16
Suspicious newly registered reply-to domain with engaging financial or urgent language
Sublime Security
a month ago
Aug 2nd, 2024
/feeds/core/detection-rules/suspicious-newly-registered-reply-to-domain-with-engaging-financial-or-urgent-language-db4d9bb3
VIP / Executive impersonation in subject (untrusted)
Sublime Security
3 months ago
Jun 11th, 2024
/feeds/core/detection-rules/vip-executive-impersonation-in-subject-untrusted-0a641fe5
VIP / Executive impersonation (untrusted)
Sublime Security
4 months ago
May 7th, 2024
/feeds/core/detection-rules/vip-executive-impersonation-untrusted-e42c84b7
VIP impersonation: Fake thread with display name match, email mismatch
Sublime Security
2 months ago
Jul 29th, 2024
/feeds/core/detection-rules/vip-impersonation-fake-thread-with-display-name-match-email-mismatch-11cc3e28
VIP Impersonation via Google Group relay with suspicious indicators
Sublime Security
4 months ago
May 3rd, 2024
/feeds/core/detection-rules/vip-impersonation-via-google-group-relay-with-suspicious-indicators-57f9cd3b
VIP impersonation with invoicing request
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/vip-impersonation-with-invoicing-request-a60f89a0
VIP impersonation with urgent request (untrusted sender)
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/vip-impersonation-with-urgent-request-untrusted-sender-0dd1fa60
46 Rules