• Sublime Core Feed

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Sep 13th, 2024
Feed Source
GitHub
Attack Type is
Rule Name & Severity
Author
Last Updated
Labels
AnonymousFox Indicators
Sublime Security
2 months ago
Jul 19th, 2024
BEC/Fraud
Credential Phishing
Malware/Ransomware
Header analysis
Sender analysis
/feeds/core/detection-rules/anonymousfox-indicators-2506206e
Attachment: Any HTML file within archive (unsolicited)
Sublime Security
10 months ago
Nov 14th, 2023
/feeds/core/detection-rules/attachment-any-html-file-within-archive-unsolicited-6a67c02c
Attachment: Archive containing HTML file with file scheme link
Sublime Security
6 months ago
Mar 7th, 2024
/feeds/core/detection-rules/attachment-archive-containing-html-file-with-file-scheme-link-edf6d0d9
Attachment: Decoy PDF Author (Julie P.)
Sublime Security
a month ago
Aug 13th, 2024
/feeds/core/detection-rules/attachment-decoy-pdf-author-julie-p-4324213a
Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d
Sublime Security
5 months ago
Apr 25th, 2024
/feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282
Attachment: Double Base64-encoded Zip File in HTML Smuggling Attachment
@ajpc500
a year ago
Oct 4th, 2023
/feeds/core/detection-rules/attachment-double-base64-encoded-zip-file-in-html-smuggling-attachment-61ebb07b
Attachment: Dropbox image lure with no Dropbox domains in links
Sublime Security
8 months ago
Jan 23rd, 2024
/feeds/core/detection-rules/attachment-dropbox-image-lure-with-no-dropbox-domains-in-links-500eee2d
Attachment: EML containing a base64 encoded script
Sublime Security
8 months ago
Jan 30th, 2024
/feeds/core/detection-rules/attachment-eml-containing-a-base64-encoded-script-fc3d9445
Attachment: EML file contains HTML attachment with login portal indicators
Sublime Security
a year ago
Oct 19th, 2023
/feeds/core/detection-rules/attachment-eml-file-contains-html-attachment-with-login-portal-indicators-6e4df158
Attachment: EML file with HTML attachment (unsolicited)
Sublime Security
3 months ago
Jun 6th, 2024
/feeds/core/detection-rules/attachment-eml-file-with-html-attachment-unsolicited-c24fd191
Attachment: EML file with IPFS links
Sublime Security
5 months ago
Apr 25th, 2024
/feeds/core/detection-rules/attachment-eml-file-with-ipfs-links-1fe9d7e7
Attachment: EML with link to credential phishing page
Sublime Security
2 days ago
Sep 13th, 2024
/feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca
Attachment: Encrypted PDF With Credential Theft Body
Sublime Security
19 days ago
Aug 27th, 2024
/feeds/core/detection-rules/attachment-encrypted-pdf-with-credential-theft-body-c9596c9a
Attachment: Excel Web Query File (IQY)
@jkcoote
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-excel-web-query-file-iqy-510412b5
Attachment: Fake attachment image lure
Sublime Security
2 months ago
Jul 19th, 2024
/feeds/core/detection-rules/attachment-fake-attachment-image-lure-96b8b285
Attachment: Fake scan-to-email
Sublime Security
4 months ago
May 14th, 2024
/feeds/core/detection-rules/attachment-fake-scan-to-email-ea850cc1
Attachment: Fake secure message and suspicious indicators
Sublime Security
4 months ago
May 2nd, 2024
/feeds/core/detection-rules/attachment-fake-secure-message-and-suspicious-indicators-20a34d94
Attachment: HTML Attachment with Javascript location
@vector_sec
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-attachment-with-javascript-location-e0611295
Attachment: HTML Attachment with Login Portal Indicators
@ajpc500
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/attachment-html-attachment-with-login-portal-indicators-3aabf4a7
Attachment: HTML file contains exclusively Javascript
Sublime Security
7 months ago
Feb 1st, 2024
/feeds/core/detection-rules/attachment-html-file-contains-exclusively-javascript-b6d38168
Attachment: HTML file with excessive padding and suspicious patterns
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-file-with-excessive-padding-and-suspicious-patterns-0a6aee1e
Attachment: HTML file with reference to recipient and suspicious patterns
Sublime Security
4 months ago
May 3rd, 2024
/feeds/core/detection-rules/attachment-html-file-with-reference-to-recipient-and-suspicious-patterns-5333493d
Attachment: HTML smuggling 'body onload' linking to suspicious destination
Sublime Security
a year ago
Sep 22nd, 2023
/feeds/core/detection-rules/attachment-html-smuggling-body-onload-linking-to-suspicious-destination-c1e2beed
Attachment: HTML smuggling 'body onload' with high entropy and suspicious text
Sublime Security
a year ago
Sep 25th, 2023
/feeds/core/detection-rules/attachment-html-smuggling-body-onload-with-high-entropy-and-suspicious-text-329ac12d
Attachment: HTML Smuggling Microsoft Sign In
Sublime Security
8 months ago
Jan 31st, 2024
/feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385
Attachment: HTML smuggling - QR Code with suspicious links
Sublime Security
5 months ago
Apr 25th, 2024
/feeds/core/detection-rules/attachment-html-smuggling-qr-code-with-suspicious-links-010e757d
Attachment: HTML smuggling with atob and high entropy
Sublime Security
17 days ago
Aug 29th, 2024
/feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-03fcac11
Attachment: HTML smuggling with auto-downloaded file
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-auto-downloaded-file-abf724f5
Attachment: HTML smuggling with base64 encoded JavaScript function
Sublime Security
a year ago
Aug 27th, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-base64-encoded-javascript-function-4e8a12ec
Attachment: HTML smuggling with concatenation obfuscation
@vector_sec
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-concatenation-obfuscation-108ab346
Attachment: HTML smuggling with decimal encoding
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/attachment-html-smuggling-with-decimal-encoding-f99213c4
Attachment: HTML smuggling with embedded base64-encoded ISO
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-iso-294ecd2d
Attachment: HTML smuggling with eval and atob
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-eval-and-atob-9f521ca2
Attachment: HTML smuggling with excessive line break obfuscation
Sublime Security
a year ago
Sep 8th, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-excessive-line-break-obfuscation-7e901440
Attachment: HTML smuggling with excessive string concatenation and suspicious patterns
Sublime Security
19 days ago
Aug 27th, 2024
/feeds/core/detection-rules/attachment-html-smuggling-with-excessive-string-concatenation-and-suspicious-patterns-e34fce8d
Attachment: HTML smuggling with fromCharCode and other signals
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-fromcharcode-and-other-signals-a68ce0ef
Attachment: HTML smuggling with hex strings
@ajpc500
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-hex-strings-b4208ed6
Attachment: HTML smuggling with raw array buffer
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-raw-array-buffer-a0d5c3dc
Attachment: HTML smuggling with RC4 decryption
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-rc4-decryption-3a46d765
Attachment: HTML smuggling with ROT13
@Kyle_Parrish_
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-rot13-6eacc4cf
Attachment: HTML smuggling with setTimeout
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-settimeout-4e0b2c32
Attachment: HTML smuggling with unescape
Sublime Security
a year ago
Sep 22nd, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-unescape-0b0fed36
Attachment: HTML with Hidden Body
Sublime Security
3 months ago
Jun 24th, 2024
/feeds/core/detection-rules/attachment-html-with-hidden-body-b059a781
Attachment: HTML with JavaScript Functions for HTTP requests
Sublime Security
2 months ago
Jul 3rd, 2024
/feeds/core/detection-rules/attachment-html-with-javascript-functions-for-http-requests-01e679fd
Attachment: HTML with obfuscation and recipient's email in JavaScript strings
Sublime Security
7 months ago
Feb 7th, 2024