Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated May 16th, 2024
Feed Source
Attack Type is
Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
AnonymousFox Indicators | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/anonymousfox-indicators-2506206e | |
Attachment: Any HTML file within archive (unsolicited) | Sublime Security | 6 months ago Nov 14th, 2023 | /feeds/core/detection-rules/attachment-any-html-file-within-archive-unsolicited-6a67c02c | |
Attachment: Archive containing HTML file with file scheme link | Sublime Security | 2 months ago Mar 7th, 2024 | /feeds/core/detection-rules/attachment-archive-containing-html-file-with-file-scheme-link-edf6d0d9 | |
Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d | Sublime Security | 23 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282 | |
Attachment: Double Base64-encoded Zip File in HTML Smuggling Attachment | @ajpc500 | 7 months ago Oct 4th, 2023 | /feeds/core/detection-rules/attachment-double-base64-encoded-zip-file-in-html-smuggling-attachment-61ebb07b | |
Attachment: Dropbox image lure with no Dropbox domains in links | Sublime Security | 4 months ago Jan 23rd, 2024 | /feeds/core/detection-rules/attachment-dropbox-image-lure-with-no-dropbox-domains-in-links-500eee2d | |
Attachment: EML containing a base64 encoded script | Sublime Security | 4 months ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-eml-containing-a-base64-encoded-script-fc3d9445 | |
Attachment: EML file contains HTML attachment with login portal indicators | Sublime Security | 7 months ago Oct 19th, 2023 | /feeds/core/detection-rules/attachment-eml-file-contains-html-attachment-with-login-portal-indicators-6e4df158 | |
Attachment: EML file with HTML attachment (unsolicited) | Sublime Security | 6 months ago Nov 14th, 2023 | /feeds/core/detection-rules/attachment-eml-file-with-html-attachment-unsolicited-c24fd191 | |
Attachment: EML file with IPFS links | Sublime Security | 23 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-eml-file-with-ipfs-links-1fe9d7e7 | |
Attachment: EML with link to credential phishing page | Sublime Security | 12 days ago May 6th, 2024 | /feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca | |
Attachment: Excel Web Query File (IQY) | @jkcoote | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-excel-web-query-file-iqy-510412b5 | |
Attachment: Fake attachment image lure | Sublime Security | 24 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-fake-attachment-image-lure-96b8b285 | |
Attachment: Fake scan-to-email | Sublime Security | 4 days ago May 14th, 2024 | /feeds/core/detection-rules/attachment-fake-scan-to-email-ea850cc1 | |
Attachment: Fake secure message and suspicious indicators | Sublime Security | 16 days ago May 2nd, 2024 | /feeds/core/detection-rules/attachment-fake-secure-message-and-suspicious-indicators-20a34d94 | |
Attachment: HTML Attachment with Javascript location | @vector_sec | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-attachment-with-javascript-location-e0611295 | |
Attachment: HTML Attachment with Login Portal Indicators | @ajpc500 | 24 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-html-attachment-with-login-portal-indicators-3aabf4a7 | |
Attachment: HTML file contains exclusively Javascript | Sublime Security | 4 months ago Feb 1st, 2024 | /feeds/core/detection-rules/attachment-html-file-contains-exclusively-javascript-b6d38168 | |
Attachment: HTML file with excessive padding and suspicious patterns | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-file-with-excessive-padding-and-suspicious-patterns-0a6aee1e | |
Attachment: HTML file with reference to recipient and suspicious patterns | Sublime Security | 15 days ago May 3rd, 2024 | /feeds/core/detection-rules/attachment-html-file-with-reference-to-recipient-and-suspicious-patterns-5333493d | |
Attachment: HTML smuggling 'body onload' linking to suspicious destination | Sublime Security | 8 months ago Sep 22nd, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-body-onload-linking-to-suspicious-destination-c1e2beed | |
Attachment: HTML smuggling 'body onload' with high entropy and suspicious text | Sublime Security | 8 months ago Sep 25th, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-body-onload-with-high-entropy-and-suspicious-text-329ac12d | |
Attachment: HTML Smuggling Microsoft Sign In | Sublime Security | 4 months ago Jan 31st, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385 | |
Attachment: HTML smuggling - QR Code with suspicious links | Sublime Security | 23 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-qr-code-with-suspicious-links-010e757d | |
Attachment: HTML smuggling with atob and high entropy | Sublime Security | 24 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-03fcac11 | |
Attachment: HTML smuggling with auto-downloaded file | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-auto-downloaded-file-abf724f5 | |
Attachment: HTML smuggling with base64 encoded JavaScript function | Sublime Security | 9 months ago Aug 27th, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-base64-encoded-javascript-function-4e8a12ec | |
Attachment: HTML smuggling with concatenation obfuscation | @vector_sec | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-concatenation-obfuscation-108ab346 | |
Attachment: HTML smuggling with decimal encoding | Sublime Security | 24 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-decimal-encoding-f99213c4 | |
Attachment: HTML smuggling with embedded base64-encoded ISO | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-iso-294ecd2d | |
Attachment: HTML smuggling with eval and atob | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-eval-and-atob-9f521ca2 | |
Attachment: HTML smuggling with excessive line break obfuscation | Sublime Security | 8 months ago Sep 8th, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-excessive-line-break-obfuscation-7e901440 | |
Attachment: HTML smuggling with fromCharCode and other signals | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-fromcharcode-and-other-signals-a68ce0ef | |
Attachment: HTML smuggling with hex strings | @ajpc500 | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-hex-strings-b4208ed6 | |
Attachment: HTML smuggling with raw array buffer | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-raw-array-buffer-a0d5c3dc | |
Attachment: HTML smuggling with RC4 decryption | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-rc4-decryption-3a46d765 | |
Attachment: HTML smuggling with ROT13 | @Kyle_Parrish_ | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-rot13-6eacc4cf | |
Attachment: HTML smuggling with setTimeout | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-settimeout-4e0b2c32 | |
Attachment: HTML smuggling with unescape | Sublime Security | 8 months ago Sep 22nd, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-unescape-0b0fed36 | |
Attachment: HTML with obfuscation and recipient's email in JavaScript strings | Sublime Security | 3 months ago Feb 7th, 2024 | /feeds/core/detection-rules/attachment-html-with-obfuscation-and-recipients-email-in-javascript-strings-1aff486b | |
Attachment: Link file with UNC path | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-link-file-with-unc-path-3b7ee0fb | |
Attachment: Microsoft 365 Credential Phishing | Sublime Security | 24 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-microsoft-365-credential-phishing-edce0229 | |
Attachment: Microsoft impersonation via PDF with link and suspicious language | Sublime Security | 16 days ago May 2nd, 2024 | /feeds/core/detection-rules/attachment-microsoft-impersonation-via-pdf-with-link-and-suspicious-language-70d41c7f | |
Attachment: Office file contains OLE relationship to credential phishing page | Sublime Security | 23 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-office-file-contains-ole-relationship-to-credential-phishing-page-d55793d0 | |
Attachment: PDF with credential theft language and link to a free subdomain (unsolicited) | Sublime Security | 4 months ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-pdf-with-credential-theft-language-and-link-to-a-free-subdomain-unsolicited-90f4ef4e | |
Attachment: PDF with suspicious language and redirect to suspicious file type | Sublime Security | 23 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-pdf-with-suspicious-language-and-redirect-to-suspicious-file-type-adda3c3f | |
Attachment: QR code with credential phishing indicators | Sublime Security | 23 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1 | |
Attachment: RDP Connection file | @ajpc500 | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-rdp-connection-file-2409a422 | |
Attachment: RFC822 containing suspicious file sharing language with links from untrusted sender | Sublime Security | a month ago Apr 3rd, 2024 | /feeds/core/detection-rules/attachment-rfc822-containing-suspicious-file-sharing-language-with-links-from-untrusted-sender-d96854d7 | |
Attachment: Small text file with link containing recipient email address | Sublime Security | 4 days ago May 14th, 2024 | /feeds/core/detection-rules/attachment-small-text-file-with-link-containing-recipient-email-address-c0472c9d |