Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Apr 28th, 2025
Feed Source
Attack Type is
Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Attachment: Calendar invite with suspicious link leading to an open redirect | Sublime Security | 1y ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-calendar-invite-with-suspicious-link-leading-to-an-open-redirect-5d6294c7 | |
BEC/Fraud: Urgent Language and Suspicious Sending/Infrastructure Patterns | Sublime Security | 1mo ago Mar 10th, 2025 | /feeds/core/detection-rules/becfraud-urgent-language-and-suspicious-sendinginfrastructure-patterns-ba8a79e0 | |
Brand impersonation: Hulu | Sublime Security | 2mo ago Feb 4th, 2025 | /feeds/core/detection-rules/brand-impersonation-hulu-6833de58 | |
Brand impersonation: KnowBe4 | Sublime Security | 5mo ago Nov 25th, 2024 | /feeds/core/detection-rules/brand-impersonation-knowbe4-7c798386 | |
Brand Impersonation: SendGrid | Sublime Security | 15d ago Apr 15th, 2025 | /feeds/core/detection-rules/brand-impersonation-sendgrid-d800124f | |
Brand Impersonation: SiriusXM | Sublime Security | 3mo ago Jan 9th, 2025 | /feeds/core/detection-rules/brand-impersonation-siriusxm-70eb3792 | |
Brand Impersonation: Vanguard | Sublime Security | 19d ago Apr 11th, 2025 | /feeds/core/detection-rules/brand-impersonation-vanguard-3bd048fe | |
Brand Impersonation: WeTransfer | Sublime Security | 1mo ago Mar 12th, 2025 | /feeds/core/detection-rules/brand-impersonation-wetransfer-e37885ad | |
Fake shipping notification with link to free file hosting | Sublime Security | 9mo ago Jul 10th, 2024 | /feeds/core/detection-rules/fake-shipping-notification-with-link-to-free-file-hosting-6d3fe05e | |
Fake shipping notification with suspicious language | Sublime Security | 12mo ago May 3rd, 2024 | /feeds/core/detection-rules/fake-shipping-notification-with-suspicious-language-67748b0a | |
Fake thread with suspicious indicators | Sublime Security | 8mo ago Aug 7th, 2024 | /feeds/core/detection-rules/fake-thread-with-suspicious-indicators-c2e18a57 | |
Invoicera infrastructure abuse | Sublime Security | 1y ago Mar 7th, 2024 | /feeds/core/detection-rules/invoicera-infrastructure-abuse-1e56f310 | |
Link: Google Calendar invite linking to an open redirect from an untrusted freemail sender | Sublime Security | 6mo ago Oct 10th, 2024 | /feeds/core/detection-rules/link-google-calendar-invite-linking-to-an-open-redirect-from-an-untrusted-freemail-sender-bb4f1ea9 | |
Link: Squarespace Infrastructure Abuse | Sublime Security | 29d ago Apr 1st, 2025 | /feeds/core/detection-rules/link-squarespace-infrastructure-abuse-a8fe9d30 | |
Mass campaign: Cross Site Scripting (XSS) attempt | Sublime Security | 1y ago Mar 27th, 2024 | /feeds/core/detection-rules/mass-campaign-cross-site-scripting-xss-attempt-6cbb7124 | |
Open Redirect: Cartoon Network | Sublime Security | 1mo ago Mar 18th, 2025 | /feeds/core/detection-rules/open-redirect-cartoon-network-7435e057 | |
Open redirect: Klaviyo | Sublime Security | 11mo ago May 14th, 2024 | /feeds/core/detection-rules/open-redirect-klaviyo-ce5a370a | |
Sharepoint online with external recipients and external display name | @vector_sec | 2y ago Aug 17th, 2023 | /feeds/core/detection-rules/sharepoint-online-with-external-recipients-and-external-display-name-5579bb4b | |
Shopify infrastructure abuse | Sublime Security | 5mo ago Nov 13th, 2024 | /feeds/core/detection-rules/shopify-infrastructure-abuse-844ff164 | |
Spam: Attendee List solicitation | Sublime Security | 12d ago Apr 18th, 2025 | /feeds/core/detection-rules/spam-attendee-list-solicitation-69715b62 | |
Spam: BlackBaud infrastructure abuse | Sublime Security | 1y ago Jan 17th, 2024 | /feeds/core/detection-rules/spam-blackbaud-infrastructure-abuse-3db46591 | |
Spam: Campaign with excessive display-text and keywords found | Sublime Security | 2y ago Oct 4th, 2023 | /feeds/core/detection-rules/spam-campaign-with-excessive-display-text-and-keywords-found-140e46a1 | |
Spam: Campaign with excessive space/char obfuscation and free file hosted link | Sublime Security | 2y ago Nov 18th, 2023 | /feeds/core/detection-rules/spam-campaign-with-excessive-spacechar-obfuscation-and-free-file-hosted-link-122bc0ca | |
Spam: Default Microsoft Exchange Online sender domain (onmicrosoft.com) | Sublime Security | 3mo ago Jan 10th, 2025 | /feeds/core/detection-rules/spam-default-microsoft-exchange-online-sender-domain-onmicrosoftcom-3f2a64ce | |
Spam: Fake photo share | Sublime Security | 14d ago Apr 16th, 2025 | /feeds/core/detection-rules/spam-fake-photo-share-eb086f7d | |
Spam: Image as content with Hidden HTML Element | Sublime Security | 1mo ago Mar 3rd, 2025 | /feeds/core/detection-rules/spam-image-as-content-with-hidden-html-element-5de8861f | |
Spam: Item Giveaway Spam Template | Sublime Security | 3mo ago Jan 8th, 2025 | /feeds/core/detection-rules/spam-item-giveaway-spam-template-06a5f93b | |
Spam: Link to blob.core.windows.net from new domain (<30d) | Sublime Security | 11mo ago May 21st, 2024 | /feeds/core/detection-rules/spam-link-to-blobcorewindowsnet-from-new-domain-less30d-a09b3800 | |
Spam: New link domain (<=10d) and emojis | Sublime Security | 1y ago Apr 25th, 2024 | /feeds/core/detection-rules/spam-new-link-domain-less10d-and-emojis-33677993 | |
Spam: Sexually Explicit Google Group Invitation | Sublime Security | 3mo ago Jan 16th, 2025 | /feeds/core/detection-rules/spam-sexually-explicit-google-group-invitation-4e0bec29 | |
Spam: Sexually Explicit Looker Studio Report | Sublime Security | 3mo ago Jan 16th, 2025 | /feeds/core/detection-rules/spam-sexually-explicit-looker-studio-report-f1e649cd | |
Spam: Single recipient duplicated in cc | Sublime Security | 8mo ago Aug 7th, 2024 | /feeds/core/detection-rules/spam-single-recipient-duplicated-in-cc-387cacc9 | |
Spam: Unsolicited malformed PDF | Sublime Security | 11mo ago May 23rd, 2024 | /feeds/core/detection-rules/spam-unsolicited-malformed-pdf-f0c50031 | |
Spam: URL shortener with short body content and emojis | Sublime Security | 2y ago Oct 4th, 2023 | /feeds/core/detection-rules/spam-url-shortener-with-short-body-content-and-emojis-b7797e4c | |
Suspicious mailer received from Gmail servers | Sublime Security | 6mo ago Oct 8th, 2024 | /feeds/core/detection-rules/suspicious-mailer-received-from-gmail-servers-f05f04ee | |
Suspicious subject with long procedurally generated text blob | Sublime Security | 1mo ago Mar 12th, 2025 | /feeds/core/detection-rules/suspicious-subject-with-long-procedurally-generated-text-blob-e819593d | |
Truth Social infrastructure abuse via link redirect | Sublime Security | 11mo ago May 9th, 2024 | /feeds/core/detection-rules/truth-social-infrastructure-abuse-via-link-redirect-aaaa30a8 | |
Twitter infrastructure abuse via link shortener | Sublime Security | 2mo ago Feb 6th, 2025 | /feeds/core/detection-rules/twitter-infrastructure-abuse-via-link-shortener-99ca165e | |
Unusually Long Local Part From Untrusted Sender Address | Sublime Security | 2mo ago Feb 24th, 2025 | /feeds/core/detection-rules/unusually-long-local-part-from-untrusted-sender-address-91a9cd45 |