• Sublime Core Feed

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Sep 13th, 2024
Feed Source
GitHub
Detection Method is
Rule Name & Severity
Author
Last Updated
Labels
Attachment: Adobe image lure in body or attachment with suspicious link
Sublime Security
a month ago
Aug 7th, 2024
Malware/Ransomware
Image as content
Impersonation: Brand
Content analysis
Computer Vision
Optical Character Recognition
Sender analysis
URL analysis
/feeds/core/detection-rules/attachment-adobe-image-lure-in-body-or-attachment-with-suspicious-link-1d7add81
Attachment: Callback Phishing solicitation via image file
@vector_sec
3 months ago
Jun 12th, 2024
/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36
Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d
Sublime Security
5 months ago
Apr 25th, 2024
/feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282
Attachment: EML with link to credential phishing page
Sublime Security
2 days ago
Sep 13th, 2024
/feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca
Attachment: Fake Slack installer
Sublime Security
10 months ago
Nov 29th, 2023
/feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f
Attachment: Fake Zoom installer
Sublime Security
10 months ago
Nov 29th, 2023
/feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6
Attachment: HTML smuggling - QR Code with suspicious links
Sublime Security
5 months ago
Apr 25th, 2024
/feeds/core/detection-rules/attachment-html-smuggling-qr-code-with-suspicious-links-010e757d
Attachment: Microsoft impersonation via PDF with link and suspicious language
Sublime Security
4 months ago
May 2nd, 2024
/feeds/core/detection-rules/attachment-microsoft-impersonation-via-pdf-with-link-and-suspicious-language-70d41c7f
Attachment: QR code with credential phishing indicators
Sublime Security
2 months ago
Jul 29th, 2024
/feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1
Brand impersonation: Adobe (QR code)
Sublime Security
19 days ago
Aug 27th, 2024
/feeds/core/detection-rules/brand-impersonation-adobe-qr-code-2fc36c6d
Brand impersonation: Adobe with suspicious language and link
Sublime Security
2 months ago
Jul 18th, 2024
/feeds/core/detection-rules/brand-impersonation-adobe-with-suspicious-language-and-link-32cc8bf1
Brand impersonation: Amazon with suspicious attachment
Sublime Security
4 months ago
May 3rd, 2024
/feeds/core/detection-rules/brand-impersonation-amazon-with-suspicious-attachment-5751dcb9
Brand Impersonation: Chase bank with credential phishing indicators
Sublime Security
5 months ago
Apr 25th, 2024
/feeds/core/detection-rules/brand-impersonation-chase-bank-with-credential-phishing-indicators-d9577856
Brand Impersonation: Coinbase with suspicious links
Sublime Security
10 months ago
Nov 18th, 2023
/feeds/core/detection-rules/brand-impersonation-coinbase-with-suspicious-links-b61e2f8e
Brand impersonation: DocuSign image attachment lure with no DocuSign links
Sublime Security
25 days ago
Aug 21st, 2024
/feeds/core/detection-rules/brand-impersonation-docusign-image-attachment-lure-with-no-docusign-links-814a5694
Brand impersonation: DocuSign (QR code)
Sublime Security
3 months ago
Jun 12th, 2024
/feeds/core/detection-rules/brand-impersonation-docusign-qr-code-0b16c28a
Brand Impersonation: DocuSign with embedded QR code
Sublime Security
4 months ago
May 2nd, 2024
/feeds/core/detection-rules/brand-impersonation-docusign-with-embedded-qr-code-f5cde463
Brand impersonation: Fake fax
Sublime Security
7 months ago
Feb 23rd, 2024
/feeds/core/detection-rules/brand-impersonation-fake-fax-2a96b90a
Brand impersonation: Google fake sign-in warning
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/brand-impersonation-google-fake-sign-in-warning-2d998eee
Brand Impersonation: Google (QR Code)
Sublime Security
5 months ago
Apr 3rd, 2024
/feeds/core/detection-rules/brand-impersonation-google-qr-code-7ffd184c
Brand impersonation: Gusto
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/brand-impersonation-gusto-54025c1c
Brand impersonation: Microsoft fake sign-in alert
Sublime Security
5 months ago
Apr 25th, 2024
/feeds/core/detection-rules/brand-impersonation-microsoft-fake-sign-in-alert-3f4c9e7a
Brand impersonation: Microsoft logo or suspicious language with open redirect
Sublime Security
6 months ago
Mar 7th, 2024
/feeds/core/detection-rules/brand-impersonation-microsoft-logo-or-suspicious-language-with-open-redirect-27b8d8d8
Brand impersonation: Microsoft (QR code)
Sublime Security
a month ago
Aug 9th, 2024
/feeds/core/detection-rules/brand-impersonation-microsoft-qr-code-ed0f772a
Brand impersonation: Microsoft quarantine release notification in body
Sublime Security
3 months ago
Jun 27th, 2024
/feeds/core/detection-rules/brand-impersonation-microsoft-quarantine-release-notification-in-body-6d19527c
Brand impersonation: Microsoft quarantine release notification in image attachment
Sublime Security
3 months ago
Jun 27th, 2024
/feeds/core/detection-rules/brand-impersonation-microsoft-quarantine-release-notification-in-image-attachment-185db6b3
Brand impersonation: Microsoft with embedded logo and credential theft language
Sublime Security
3 months ago
Jun 28th, 2024
/feeds/core/detection-rules/brand-impersonation-microsoft-with-embedded-logo-and-credential-theft-language-3ee9ef3d
Brand impersonation: Microsoft with low reputation links
Sublime Security
a month ago
Aug 2nd, 2024
/feeds/core/detection-rules/brand-impersonation-microsoft-with-low-reputation-links-b59201b6
Brand impersonation: Okta
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/brand-impersonation-okta-b7a2989a
Brand impersonation: PayPal
Sublime Security
3 months ago
Jun 27th, 2024
/feeds/core/detection-rules/brand-impersonation-paypal-a6b2ceee
Brand impersonation: PNC
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/brand-impersonation-pnc-1b5ae4fb
Brand impersonation: Quickbooks
Sublime Security
4 months ago
May 29th, 2024
/feeds/core/detection-rules/brand-impersonation-quickbooks-4fd791d1
Brand impersonation: Sharepoint
Sublime Security
4 months ago
May 6th, 2024
/feeds/core/detection-rules/brand-impersonation-sharepoint-284b1b70
Brand impersonation: Sharepoint fake file share
Sublime Security
10 days ago
Sep 5th, 2024
/feeds/core/detection-rules/brand-impersonation-sharepoint-fake-file-share-ff8b296b
Brand impersonation: UPS
Sublime Security
2 months ago
Jul 17th, 2024
/feeds/core/detection-rules/brand-impersonation-ups-73b68869
Brand impersonation: USPS
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/brand-impersonation-usps-28b9130a
Callback Phishing via DocuSign comment
Sublime Security
2 months ago
Jul 26th, 2024
/feeds/core/detection-rules/callback-phishing-via-docusign-comment-48aec918
Callback phishing via Intuit service abuse
Sublime Security
11 days ago
Sep 4th, 2024
/feeds/core/detection-rules/callback-phishing-via-intuit-service-abuse-f2fe1294
Credential phishing content and link (untrusted sender)
Sublime Security
2 months ago
Jul 29th, 2024
/feeds/core/detection-rules/credential-phishing-content-and-link-untrusted-sender-f0c95bb7
Credential Phishing: DocuSign embedded image lure with no DocuSign domains in links
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/credential-phishing-docusign-embedded-image-lure-with-no-docusign-domains-in-links-dfe8715e