Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated May 14th, 2024
Feed Source
Detection Method is
Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Adobe branded PDF file linking to a password-protected file from untrusted sender | Sublime Security | 3 months ago Feb 23rd, 2024 | /feeds/core/detection-rules/adobe-branded-pdf-file-linking-to-a-password-protected-file-from-untrusted-sender-5ea75469 | |
Attachment: Any HTML file within archive (unsolicited) | Sublime Security | 6 months ago Nov 14th, 2023 | /feeds/core/detection-rules/attachment-any-html-file-within-archive-unsolicited-6a67c02c | |
Attachment: Archive containing disallowed file type | Sublime Security | 3 months ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-archive-containing-disallowed-file-type-3859e3e7 | |
Attachment: Archive containing HTML file with file scheme link | Sublime Security | 2 months ago Mar 7th, 2024 | /feeds/core/detection-rules/attachment-archive-containing-html-file-with-file-scheme-link-edf6d0d9 | |
Attachment: Archive contains DLL-loading macro | Sublime Security | 5 months ago Dec 28th, 2023 | /feeds/core/detection-rules/attachment-archive-contains-dll-loading-macro-3a193f5f | |
Attachment: Archive with embedded CHM file | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-archive-with-embedded-chm-file-5280e94d | |
Attachment: Archive with embedded EXE file | Sublime Security | 3 months ago Feb 27th, 2024 | /feeds/core/detection-rules/attachment-archive-with-embedded-exe-file-e2b0ad86 | |
Attachment: Archive with pdf, txt and wsf files | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-archive-with-pdf-txt-and-wsf-files-16b2e239 | |
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability | Sublime Security | 5 months ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-cve-2021-40444-mshtml-remote-code-execution-vulnerability-8cefcf7f | |
Attachment: DocX embedded Binary | Sublime Security | 2 months ago Mar 26th, 2024 | /feeds/core/detection-rules/attachment-docx-embedded-binary-feff0241 | |
Attachment: Double Base64-encoded Zip File in HTML Smuggling Attachment | @ajpc500 | 7 months ago Oct 4th, 2023 | /feeds/core/detection-rules/attachment-double-base64-encoded-zip-file-in-html-smuggling-attachment-61ebb07b | |
Attachment: Embedded Javascript in SVG file (unsolicited) | Sublime Security | 7 months ago Oct 4th, 2023 | /feeds/core/detection-rules/attachment-embedded-javascript-in-svg-file-unsolicited-f70293bc | |
Attachment: Embedded VBScript in MHT file (unsolicited) | Sublime Security | 7 months ago Oct 4th, 2023 | /feeds/core/detection-rules/attachment-embedded-vbscript-in-mht-file-unsolicited-b30353a6 | |
Attachment: Emotet heavily padded doc in zip file | Sublime Security | 7 months ago Oct 4th, 2023 | /feeds/core/detection-rules/attachment-emotet-heavily-padded-doc-in-zip-file-9a5332ed | |
Attachment: Encrypted Microsoft Office file (unsolicited) | Sublime Security | 5 months ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-encrypted-microsoft-office-file-unsolicited-1e47e953 | |
Attachment: Excel Web Query File (IQY) | @jkcoote | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-excel-web-query-file-iqy-510412b5 | |
Attachment: Fake Slack installer | Sublime Security | 5 months ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f | |
Attachment: Fake Zoom installer | Sublime Security | 5 months ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6 | |
Attachment: File execution via Javascript | Sublime Security | 5 months ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-file-execution-via-javascript-627ae0b1 | |
Attachment: Filename Containing Unicode Right-to-Left Override Character | @vector_sec | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-filename-containing-unicode-right-to-left-override-character-357c57a1 | |
Attachment: HTML Attachment with Javascript location | @vector_sec | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-attachment-with-javascript-location-e0611295 | |
Attachment: HTML Attachment with Login Portal Indicators | @ajpc500 | 21 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-html-attachment-with-login-portal-indicators-3aabf4a7 | |
Attachment: HTML file contains exclusively Javascript | Sublime Security | 3 months ago Feb 1st, 2024 | /feeds/core/detection-rules/attachment-html-file-contains-exclusively-javascript-b6d38168 | |
Attachment: HTML smuggling 'body onload' linking to suspicious destination | Sublime Security | 8 months ago Sep 22nd, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-body-onload-linking-to-suspicious-destination-c1e2beed | |
Attachment: HTML smuggling 'body onload' with high entropy and suspicious text | Sublime Security | 8 months ago Sep 25th, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-body-onload-with-high-entropy-and-suspicious-text-329ac12d | |
Attachment: HTML Smuggling Microsoft Sign In | Sublime Security | 3 months ago Jan 31st, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385 | |
Attachment: HTML smuggling with atob and high entropy | Sublime Security | 21 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-03fcac11 | |
Attachment: HTML smuggling with auto-downloaded file | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-auto-downloaded-file-abf724f5 | |
Attachment: HTML smuggling with base64 encoded JavaScript function | Sublime Security | 9 months ago Aug 27th, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-base64-encoded-javascript-function-4e8a12ec | |
Attachment: HTML smuggling with concatenation obfuscation | @vector_sec | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-concatenation-obfuscation-108ab346 | |
Attachment: HTML smuggling with decimal encoding | Sublime Security | 21 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-decimal-encoding-f99213c4 | |
Attachment: HTML smuggling with embedded base64-encoded executable | Sublime Security | 2 months ago Mar 25th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-executable-b00c4527 | |
Attachment: HTML smuggling with embedded base64-encoded ISO | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-iso-294ecd2d | |
Attachment: HTML smuggling with embedded base64 streamed file download | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-streamed-file-download-e04de4e2 | |
Attachment: HTML smuggling with eval and atob | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-eval-and-atob-9f521ca2 | |
Attachment: HTML smuggling with excessive line break obfuscation | Sublime Security | 8 months ago Sep 8th, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-excessive-line-break-obfuscation-7e901440 | |
Attachment: HTML smuggling with fromCharCode and other signals | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-fromcharcode-and-other-signals-a68ce0ef | |
Attachment: HTML smuggling with hex strings | @ajpc500 | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-hex-strings-b4208ed6 | |
Attachment: HTML smuggling with high entropy and other signals | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-high-entropy-and-other-signals-be157288 | |
Attachment: HTML smuggling with raw array buffer | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-raw-array-buffer-a0d5c3dc | |
Attachment: HTML smuggling with RC4 decryption | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-rc4-decryption-3a46d765 | |
Attachment: HTML smuggling with ROT13 | @Kyle_Parrish_ | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-rot13-6eacc4cf | |
Attachment: HTML smuggling with setTimeout | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-settimeout-4e0b2c32 | |
Attachment: HTML smuggling with unescape | Sublime Security | 8 months ago Sep 22nd, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-unescape-0b0fed36 | |
Attachment: HTML with obfuscation and recipient's email in JavaScript strings | Sublime Security | 3 months ago Feb 7th, 2024 | /feeds/core/detection-rules/attachment-html-with-obfuscation-and-recipients-email-in-javascript-strings-1aff486b | |
Attachment: JavaScript file with suspicious base64-encoded executable | Sublime Security | a month ago Apr 1st, 2024 | /feeds/core/detection-rules/attachment-javascript-file-with-suspicious-base64-encoded-executable-b8db0cf3 | |
Attachment: LNK file | @ajpc500 | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-lnk-file-44532abe | |
Attachment: Malicious OneNote Commands | @Kyle_Parrish_ | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-malicious-onenote-commands-7319f0eb | |
Attachment: MSI Installer file | @ajpc500 | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-msi-installer-file-ae17b1a9 | |
Attachment: Office document loads remote document template | Sublime Security | 3 months ago Feb 12th, 2024 | /feeds/core/detection-rules/attachment-office-document-loads-remote-document-template-d9601104 |