• Sublime Core Feed

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Sep 13th, 2024
Feed Source
GitHub
Attack Type is
Rule Name & Severity
Author
Last Updated
Labels
Adobe branded PDF file linking to a password-protected file from untrusted sender
Sublime Security
7 months ago
Feb 23rd, 2024
Malware/Ransomware
Encryption
Evasion
Impersonation: Brand
PDF
Archive analysis
File analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/adobe-branded-pdf-file-linking-to-a-password-protected-file-from-untrusted-sender-5ea75469
AnonymousFox Indicators
Sublime Security
2 months ago
Jul 19th, 2024
/feeds/core/detection-rules/anonymousfox-indicators-2506206e
Attachment: Adobe image lure in body or attachment with suspicious link
Sublime Security
a month ago
Aug 7th, 2024
/feeds/core/detection-rules/attachment-adobe-image-lure-in-body-or-attachment-with-suspicious-link-1d7add81
Attachment: Any HTML file within archive (unsolicited)
Sublime Security
10 months ago
Nov 14th, 2023
/feeds/core/detection-rules/attachment-any-html-file-within-archive-unsolicited-6a67c02c
Attachment: Archive containing disallowed file type
Sublime Security
8 months ago
Jan 30th, 2024
/feeds/core/detection-rules/attachment-archive-containing-disallowed-file-type-3859e3e7
Attachment: Archive contains DLL-loading macro
Sublime Security
9 months ago
Dec 28th, 2023
/feeds/core/detection-rules/attachment-archive-contains-dll-loading-macro-3a193f5f
Attachment: Archive with embedded CHM file
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-archive-with-embedded-chm-file-5280e94d
Attachment: Archive with embedded EXE file
Sublime Security
7 months ago
Feb 27th, 2024
/feeds/core/detection-rules/attachment-archive-with-embedded-exe-file-e2b0ad86
Attachment: Archive with pdf, txt and wsf files
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-archive-with-pdf-txt-and-wsf-files-16b2e239
Attachment: .csproj with suspicious commands
Sublime Security
a year ago
Aug 17th, 2023
/feeds/core/detection-rules/attachment-csproj-with-suspicious-commands-fe45b81d
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability
Sublime Security
9 months ago
Dec 19th, 2023
/feeds/core/detection-rules/attachment-cve-2021-40444-mshtml-remote-code-execution-vulnerability-8cefcf7f
Attachment: CVE-2023-21716 - Microsoft Office Remote Code Execution Vulnerability
Sublime Security
9 months ago
Dec 19th, 2023
/feeds/core/detection-rules/attachment-cve-2023-21716-microsoft-office-remote-code-execution-vulnerability-23714cca
Attachment: DocX embedded Binary
Sublime Security
6 months ago
Mar 26th, 2024
/feeds/core/detection-rules/attachment-docx-embedded-binary-feff0241
Attachment: Double Base64-encoded Zip File in HTML Smuggling Attachment
@ajpc500
a year ago
Oct 4th, 2023
/feeds/core/detection-rules/attachment-double-base64-encoded-zip-file-in-html-smuggling-attachment-61ebb07b
Attachment: EICAR String Present
@ajpc500
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-eicar-string-present-592e2319
Attachment: Embedded Javascript in SVG file (unsolicited)
Sublime Security
a year ago
Oct 4th, 2023
/feeds/core/detection-rules/attachment-embedded-javascript-in-svg-file-unsolicited-f70293bc
Attachment: Embedded VBScript in MHT file (unsolicited)
Sublime Security
a year ago
Oct 4th, 2023
/feeds/core/detection-rules/attachment-embedded-vbscript-in-mht-file-unsolicited-b30353a6
Attachment: EML file with HTML attachment (unsolicited)
Sublime Security
3 months ago
Jun 6th, 2024
/feeds/core/detection-rules/attachment-eml-file-with-html-attachment-unsolicited-c24fd191
Attachment: Emotet heavily padded doc in zip file
Sublime Security
a year ago
Oct 4th, 2023
/feeds/core/detection-rules/attachment-emotet-heavily-padded-doc-in-zip-file-9a5332ed
Attachment: Encrypted Microsoft Office file (unsolicited)
Sublime Security
9 months ago
Dec 19th, 2023
/feeds/core/detection-rules/attachment-encrypted-microsoft-office-file-unsolicited-1e47e953
Attachment: Excel Web Query File (IQY)
@jkcoote
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-excel-web-query-file-iqy-510412b5
Attachment: Fake attachment image lure
Sublime Security
2 months ago
Jul 19th, 2024
/feeds/core/detection-rules/attachment-fake-attachment-image-lure-96b8b285
Attachment: Fake Slack installer
Sublime Security
10 months ago
Nov 29th, 2023
/feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f
Attachment: Fake Zoom installer
Sublime Security
10 months ago
Nov 29th, 2023
/feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6
Attachment: File execution via Javascript
Sublime Security
9 months ago
Dec 19th, 2023
/feeds/core/detection-rules/attachment-file-execution-via-javascript-627ae0b1
Attachment: Filename Containing Unicode Right-to-Left Override Character
@vector_sec
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-filename-containing-unicode-right-to-left-override-character-357c57a1
Attachment: HTML Attachment with Javascript location
@vector_sec
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-attachment-with-javascript-location-e0611295
Attachment: HTML file contains exclusively Javascript
Sublime Security
7 months ago
Feb 1st, 2024
/feeds/core/detection-rules/attachment-html-file-contains-exclusively-javascript-b6d38168
Attachment: HTML file with excessive padding and suspicious patterns
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-file-with-excessive-padding-and-suspicious-patterns-0a6aee1e
Attachment: HTML smuggling 'body onload' linking to suspicious destination
Sublime Security
a year ago
Sep 22nd, 2023
/feeds/core/detection-rules/attachment-html-smuggling-body-onload-linking-to-suspicious-destination-c1e2beed
Attachment: HTML smuggling 'body onload' with high entropy and suspicious text
Sublime Security
a year ago
Sep 25th, 2023
/feeds/core/detection-rules/attachment-html-smuggling-body-onload-with-high-entropy-and-suspicious-text-329ac12d
Attachment: HTML smuggling with atob and high entropy
Sublime Security
17 days ago
Aug 29th, 2024
/feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-03fcac11
Attachment: HTML smuggling with auto-downloaded file
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-auto-downloaded-file-abf724f5
Attachment: HTML smuggling with base64 encoded JavaScript function
Sublime Security
a year ago
Aug 27th, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-base64-encoded-javascript-function-4e8a12ec
Attachment: HTML smuggling with concatenation obfuscation
@vector_sec
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-concatenation-obfuscation-108ab346
Attachment: HTML smuggling with decimal encoding
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/attachment-html-smuggling-with-decimal-encoding-f99213c4
Attachment: HTML smuggling with embedded base64-encoded executable
Sublime Security
6 months ago
Mar 25th, 2024
/feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-executable-b00c4527
Attachment: HTML smuggling with embedded base64-encoded ISO
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-iso-294ecd2d
Attachment: HTML smuggling with embedded base64 streamed file download
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-streamed-file-download-e04de4e2
Attachment: HTML smuggling with eval and atob
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-eval-and-atob-9f521ca2
Attachment: HTML smuggling with excessive line break obfuscation
Sublime Security
a year ago
Sep 8th, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-excessive-line-break-obfuscation-7e901440
Attachment: HTML smuggling with fromCharCode and other signals
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-fromcharcode-and-other-signals-a68ce0ef
Attachment: HTML smuggling with hex strings
@ajpc500
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-hex-strings-b4208ed6
Attachment: HTML smuggling with high entropy and other signals
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-high-entropy-and-other-signals-be157288
Attachment: HTML smuggling with raw array buffer
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-raw-array-buffer-a0d5c3dc
Attachment: HTML smuggling with RC4 decryption
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-rc4-decryption-3a46d765
Attachment: HTML smuggling with ROT13
@Kyle_Parrish_
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-rot13-6eacc4cf
Attachment: HTML smuggling with setTimeout
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-settimeout-4e0b2c32
Attachment: HTML smuggling with unescape
Sublime Security
a year ago
Sep 22nd, 2023