Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Sep 13th, 2024
Feed Source
Attack Type is
Rule Name & Severity | Author | Last Updated | Labels | |
---|---|---|---|---|
Advance Fee Fraud (AFF) from freemail provider or suspicious TLD | Sublime Security | 3 months ago Jun 3rd, 2024 | /feeds/core/detection-rules/advance-fee-fraud-aff-from-freemail-provider-or-suspicious-tld-6a5af373 | |
AnonymousFox Indicators | Sublime Security | 2 months ago Jul 19th, 2024 | /feeds/core/detection-rules/anonymousfox-indicators-2506206e | |
Attachment: PDF file with Link to Fake Bitcoin Exchange | Sublime Security | a year ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-pdf-file-with-link-to-fake-bitcoin-exchange-47601cb7 | |
Attachment: RFP/RFQ impersonating government entities | Sublime Security | 8 months ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-rfprfq-impersonating-government-entities-3b73e3b3 | |
BEC: Employee impersonation with subject manipulation | Sublime Security | 8 months ago Jan 22nd, 2024 | /feeds/core/detection-rules/bec-employee-impersonation-with-subject-manipulation-9adfc77b | |
BEC/Fraud: Generic Scam attempt to Undisclosed Receipients | Sublime Security | 5 months ago Apr 23rd, 2024 | /feeds/core/detection-rules/becfraud-generic-scam-attempt-to-undisclosed-receipients-5dac401f | |
BEC/Fraud - Job Scam Fake thread or plaintext pivot to freemail | Sublime Security | 8 months ago Jan 8th, 2024 | /feeds/core/detection-rules/becfraud-job-scam-fake-thread-or-plaintext-pivot-to-freemail-ce21c151 | |
BEC/Fraud: Romance Scam | Sublime Security | 10 months ago Nov 23rd, 2023 | /feeds/core/detection-rules/becfraud-romance-scam-0243cdaa | |
BEC/Fraud: Scam Lure with freemail pivot | Sublime Security | 3 months ago Jun 3rd, 2024 | /feeds/core/detection-rules/becfraud-scam-lure-with-freemail-pivot-898c769f | |
BEC with unusual Reply-to or Return-path mismatch | Sublime Security | 19 days ago Aug 27th, 2024 | /feeds/core/detection-rules/bec-with-unusual-reply-to-or-return-path-mismatch-83e5e2df | |
Brand impersonation: Aramco | Sublime Security | 3 months ago Jun 20th, 2024 | /feeds/core/detection-rules/brand-impersonation-aramco-96e87699 | |
Brand Impersonation: Mailgun | Sublime Security | 2 days ago Sep 13th, 2024 | /feeds/core/detection-rules/brand-impersonation-mailgun-59cc84e6 | |
Brand impersonation: Microsoft logo or suspicious language with open redirect | Sublime Security | 6 months ago Mar 7th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-logo-or-suspicious-language-with-open-redirect-27b8d8d8 | |
Business Email Compromise (BEC) attempt from unsolicited sender | Sublime Security | 5 months ago Apr 23rd, 2024 | /feeds/core/detection-rules/business-email-compromise-bec-attempt-from-unsolicited-sender-57eccc45 | |
Business Email Compromise (BEC) attempt from untrusted sender | Sublime Security | 3 months ago Jun 24th, 2024 | /feeds/core/detection-rules/business-email-compromise-bec-attempt-from-untrusted-sender-96d4c35a | |
Business Email Compromise (BEC) attempt with masked recipients and reply-to mismatch (unsolicited) | Sublime Security | 7 months ago Feb 23rd, 2024 | /feeds/core/detection-rules/business-email-compromise-bec-attempt-with-masked-recipients-and-reply-to-mismatch-unsolicited-682191bf | |
Business Email Compromise (BEC) with request for mobile number | Sublime Security | 17 days ago Aug 29th, 2024 | /feeds/core/detection-rules/business-email-compromise-bec-with-request-for-mobile-number-514ffd68 | |
COVID-19 themed fraud with sender and reply-to mismatch | Sublime Security | 3 months ago Jun 13th, 2024 | /feeds/core/detection-rules/covid-19-themed-fraud-with-sender-and-reply-to-mismatch-a16480ef | |
Employee Impersonation: Payroll Fraud | Sublime Security | 5 months ago Apr 11th, 2024 | /feeds/core/detection-rules/employee-impersonation-payroll-fraud-2beb7d85 | |
Employee impersonation with urgent request (untrusted sender) | Sublime Security | 2 months ago Jul 17th, 2024 | /feeds/core/detection-rules/employee-impersonation-with-urgent-request-untrusted-sender-1ce9a146 | |
Extortion / Sextortion - PDF attachment leveraging breach data from freemail sender | Sublime Security | 3 days ago Sep 12th, 2024 | /feeds/core/detection-rules/extortion-sextortion-pdf-attachment-leveraging-breach-data-from-freemail-sender-efb5a213 | |
Fake Message Thread - Untrusted Sender with a Mismatched Freemail Reply-To Address | Sublime Security | 4 days ago Sep 11th, 2024 | /feeds/core/detection-rules/fake-message-thread-untrusted-sender-with-a-mismatched-freemail-reply-to-address-ca64e819 | |
Fake request for tax preparation | Sublime Security | 2 months ago Jul 12th, 2024 | /feeds/core/detection-rules/fake-request-for-tax-preparation-e36b85b3 | |
Fake thread with suspicious indicators | Sublime Security | a month ago Aug 7th, 2024 | /feeds/core/detection-rules/fake-thread-with-suspicious-indicators-c2e18a57 | |
File sharing link with a suspicious subject | Sublime Security | 5 months ago Apr 23rd, 2024 | /feeds/core/detection-rules/file-sharing-link-with-a-suspicious-subject-a306e2a6 | |
Fraudulent E-commerce Operators | Sublime Security | 5 days ago Sep 10th, 2024 | /feeds/core/detection-rules/fraudulent-e-commerce-operators-3776a6fc | |
Headers: iOS/iPadOS mailer with invalid build number | Sublime Security | a year ago Aug 17th, 2023 | /feeds/core/detection-rules/headers-iosipados-mailer-with-invalid-build-number-e0b74072 | |
Honorific greeting BEC attempt with sender and reply-to mismatch | Sublime Security | 19 days ago Aug 27th, 2024 | /feeds/core/detection-rules/honorific-greeting-bec-attempt-with-sender-and-reply-to-mismatch-aa41b1b7 | |
Impersonation: Human Resources with link or attachment and engaging language | Sublime Security | a month ago Aug 12th, 2024 | /feeds/core/detection-rules/impersonation-human-resources-with-link-or-attachment-and-engaging-language-8c95a6a8 | |
Impersonation: Suspected supplier impersonation with suspicious content | Sublime Security | 4 months ago May 21st, 2024 | /feeds/core/detection-rules/impersonation-suspected-supplier-impersonation-with-suspicious-content-63d8b1ce | |
Job Scam (unsolicited sender) | Sublime Security | 3 months ago Jun 24th, 2024 | /feeds/core/detection-rules/job-scam-unsolicited-sender-a37dc32d | |
Link: Invoice or receipt from freemail sender with customer service number | @vector_sec | a year ago Oct 4th, 2023 | /feeds/core/detection-rules/link-invoice-or-receipt-from-freemail-sender-with-customer-service-number-3825232d | |
Lookalike sender domain (untrusted sender) | Sublime Security | 3 months ago Jun 3rd, 2024 | /feeds/core/detection-rules/lookalike-sender-domain-untrusted-sender-67721993 | |
Microsoft Infrastructure Abuse With Suspicious Patterns | Sublime Security | 11 days ago Sep 4th, 2024 | /feeds/core/detection-rules/microsoft-infrastructure-abuse-with-suspicious-patterns-cfe8e804 | |
PayPal Invoice Abuse | Sublime Security | 6 days ago Sep 9th, 2024 | /feeds/core/detection-rules/paypal-invoice-abuse-0ff7a0d4 | |
PenPal Scam | Sublime Security | 5 months ago Apr 23rd, 2024 | /feeds/core/detection-rules/penpal-scam-a4bdfa17 | |
Request for Quote or Purchase (RFQ|RFP) with suspicious sender or recipient pattern | Sublime Security | 4 months ago May 3rd, 2024 | /feeds/core/detection-rules/request-for-quote-or-purchase-rfqorrfp-with-suspicious-sender-or-recipient-pattern-2ac0d329 | |
Russia return-path TLD (untrusted sender) | Sublime Security | 7 months ago Feb 23rd, 2024 | /feeds/core/detection-rules/russia-return-path-tld-untrusted-sender-588b3954 | |
Stripe Invoice Abuse | Sublime Security | a year ago Aug 21st, 2023 | /feeds/core/detection-rules/stripe-invoice-abuse-90162d16 | |
Suspicious newly registered reply-to domain with engaging financial or urgent language | Sublime Security | a month ago Aug 2nd, 2024 | /feeds/core/detection-rules/suspicious-newly-registered-reply-to-domain-with-engaging-financial-or-urgent-language-db4d9bb3 | |
VIP / Executive impersonation in subject (untrusted) | Sublime Security | 3 months ago Jun 11th, 2024 | /feeds/core/detection-rules/vip-executive-impersonation-in-subject-untrusted-0a641fe5 | |
VIP / Executive impersonation (untrusted) | Sublime Security | 4 months ago May 7th, 2024 | /feeds/core/detection-rules/vip-executive-impersonation-untrusted-e42c84b7 | |
VIP impersonation: Fake thread with display name match, email mismatch | Sublime Security | 2 months ago Jul 29th, 2024 | /feeds/core/detection-rules/vip-impersonation-fake-thread-with-display-name-match-email-mismatch-11cc3e28 | |
VIP Impersonation via Google Group relay with suspicious indicators | Sublime Security | 4 months ago May 3rd, 2024 | /feeds/core/detection-rules/vip-impersonation-via-google-group-relay-with-suspicious-indicators-57f9cd3b | |
VIP impersonation with invoicing request | Sublime Security | 5 months ago Apr 23rd, 2024 | /feeds/core/detection-rules/vip-impersonation-with-invoicing-request-a60f89a0 | |
VIP impersonation with urgent request (untrusted sender) | Sublime Security | 5 months ago Apr 23rd, 2024 | /feeds/core/detection-rules/vip-impersonation-with-urgent-request-untrusted-sender-0dd1fa60 |
46 Rules