• Sublime Core Feed

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Feb 14th, 2025
Feed Source
GitHub
Attack Type is
Rule Name & Severity
Author
Last Updated
Labels
AnonymousFox Indicators
Sublime Security
7mo ago
Jul 19th, 2024
BEC/Fraud
Credential Phishing
Malware/Ransomware
Header analysis
Sender analysis
/feeds/core/detection-rules/anonymousfox-indicators-2506206e
Attachment: Adobe image lure in body or attachment with suspicious link
Sublime Security
10d ago
Feb 7th, 2025
/feeds/core/detection-rules/attachment-adobe-image-lure-in-body-or-attachment-with-suspicious-link-1d7add81
Attachment: Any HTML file within archive (unsolicited)
Sublime Security
2y ago
Nov 14th, 2023
/feeds/core/detection-rules/attachment-any-html-file-within-archive-unsolicited-6a67c02c
Attachment: Archive containing HTML file with file scheme link
Sublime Security
11mo ago
Mar 7th, 2024
/feeds/core/detection-rules/attachment-archive-containing-html-file-with-file-scheme-link-edf6d0d9
Attachment: Decoy PDF Author (Julie P.)
Sublime Security
4mo ago
Oct 2nd, 2024
/feeds/core/detection-rules/attachment-decoy-pdf-author-julie-p-4324213a
Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d
Sublime Security
9mo ago
Apr 25th, 2024
/feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282
Attachment: Double Base64-encoded Zip File in HTML Smuggling Attachment
@ajpc500
2y ago
Oct 4th, 2023
/feeds/core/detection-rules/attachment-double-base64-encoded-zip-file-in-html-smuggling-attachment-61ebb07b
Attachment: Dropbox image lure with no Dropbox domains in links
Sublime Security
1y ago
Jan 23rd, 2024
/feeds/core/detection-rules/attachment-dropbox-image-lure-with-no-dropbox-domains-in-links-500eee2d
Attachment: EML containing a base64 encoded script
Sublime Security
1y ago
Jan 30th, 2024
/feeds/core/detection-rules/attachment-eml-containing-a-base64-encoded-script-fc3d9445
Attachment: EML file contains HTML attachment with login portal indicators
Sublime Security
2y ago
Oct 19th, 2023
/feeds/core/detection-rules/attachment-eml-file-contains-html-attachment-with-login-portal-indicators-6e4df158
Attachment: EML file with HTML attachment (unsolicited)
Sublime Security
1mo ago
Jan 14th, 2025
/feeds/core/detection-rules/attachment-eml-file-with-html-attachment-unsolicited-c24fd191
Attachment: EML file with IPFS links
Sublime Security
9mo ago
Apr 25th, 2024
/feeds/core/detection-rules/attachment-eml-file-with-ipfs-links-1fe9d7e7
Attachment: EML with link to credential phishing page
Sublime Security
5mo ago
Sep 13th, 2024
/feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca
Attachment: EML with Suspicious Indicators
Sublime Security
2mo ago
Nov 19th, 2024
/feeds/core/detection-rules/attachment-eml-with-suspicious-indicators-deb5d08d
Attachment: Encrypted PDF With Credential Theft Body
Sublime Security
4mo ago
Oct 10th, 2024
/feeds/core/detection-rules/attachment-encrypted-pdf-with-credential-theft-body-c9596c9a
Attachment: Excel Web Query File (IQY)
@jkcoote
2y ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-excel-web-query-file-iqy-510412b5
Attachment: Fake attachment image lure
Sublime Security
7mo ago
Jul 19th, 2024
/feeds/core/detection-rules/attachment-fake-attachment-image-lure-96b8b285
Attachment: Fake scan-to-email
Sublime Security
3mo ago
Oct 28th, 2024
/feeds/core/detection-rules/attachment-fake-scan-to-email-ea850cc1
Attachment: Fake secure message and suspicious indicators
Sublime Security
5mo ago
Sep 16th, 2024
/feeds/core/detection-rules/attachment-fake-secure-message-and-suspicious-indicators-20a34d94
Attachment: HTML Attachment with Javascript location
@vector_sec
2y ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-attachment-with-javascript-location-e0611295
Attachment: HTML Attachment with Login Portal Indicators
@ajpc500
9mo ago
Apr 23rd, 2024
/feeds/core/detection-rules/attachment-html-attachment-with-login-portal-indicators-3aabf4a7
Attachment: HTML file contains exclusively Javascript
Sublime Security
1y ago
Feb 1st, 2024
/feeds/core/detection-rules/attachment-html-file-contains-exclusively-javascript-b6d38168
Attachment: HTML file with excessive 'const' declarations and abnormally long timeouts
Sublime Security
14d ago
Feb 3rd, 2025
/feeds/core/detection-rules/attachment-html-file-with-excessive-const-declarations-and-abnormally-long-timeouts-66f8a07a
Attachment: HTML file with excessive padding and suspicious patterns
Sublime Security
2y ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-file-with-excessive-padding-and-suspicious-patterns-0a6aee1e
Attachment: HTML file with reference to recipient and suspicious patterns
Sublime Security
9mo ago
May 3rd, 2024
/feeds/core/detection-rules/attachment-html-file-with-reference-to-recipient-and-suspicious-patterns-5333493d
Attachment: HTML smuggling 'body onload' linking to suspicious destination
Sublime Security
2y ago
Sep 22nd, 2023
/feeds/core/detection-rules/attachment-html-smuggling-body-onload-linking-to-suspicious-destination-c1e2beed
Attachment: HTML smuggling 'body onload' with high entropy and suspicious text
Sublime Security
2y ago
Sep 25th, 2023
/feeds/core/detection-rules/attachment-html-smuggling-body-onload-with-high-entropy-and-suspicious-text-329ac12d
Attachment: HTML Smuggling Microsoft Sign In
Sublime Security
1y ago
Jan 31st, 2024
/feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385
Attachment: HTML smuggling - QR Code with suspicious links
Sublime Security
9mo ago
Apr 25th, 2024
/feeds/core/detection-rules/attachment-html-smuggling-qr-code-with-suspicious-links-010e757d
Attachment: HTML smuggling with atob and high entropy
Sublime Security
5mo ago
Aug 29th, 2024
/feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-03fcac11
Attachment: HTML smuggling with auto-downloaded file
Sublime Security
2y ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-auto-downloaded-file-abf724f5
Attachment: HTML smuggling with base64 encoded JavaScript function
Sublime Security
2y ago
Aug 27th, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-base64-encoded-javascript-function-4e8a12ec
Attachment: HTML smuggling with concatenation obfuscation
@vector_sec
2y ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-concatenation-obfuscation-108ab346
Attachment: HTML smuggling with decimal encoding
Sublime Security
9mo ago
Apr 23rd, 2024
/feeds/core/detection-rules/attachment-html-smuggling-with-decimal-encoding-f99213c4
Attachment: HTML smuggling with embedded base64-encoded ISO
Sublime Security
2y ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-iso-294ecd2d
Attachment: HTML smuggling with eval and atob
Sublime Security
2y ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-eval-and-atob-9f521ca2
Attachment: HTML smuggling with excessive line break obfuscation
Sublime Security
2y ago
Sep 8th, 2023