Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Sep 13th, 2024
Feed Source
Detection Method is
Rule Name & Severity | Author | Last Updated | Labels | |
---|---|---|---|---|
Attachment: Adobe image lure in body or attachment with suspicious link | Sublime Security | a month ago Aug 7th, 2024 | /feeds/core/detection-rules/attachment-adobe-image-lure-in-body-or-attachment-with-suspicious-link-1d7add81 | |
Attachment: Callback Phishing solicitation via image file | @vector_sec | 3 months ago Jun 12th, 2024 | /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36 | |
Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d | Sublime Security | 5 months ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282 | |
Attachment: EML with link to credential phishing page | Sublime Security | 2 days ago Sep 13th, 2024 | /feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca | |
Attachment: Fake Slack installer | Sublime Security | 10 months ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f | |
Attachment: Fake Zoom installer | Sublime Security | 10 months ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6 | |
Attachment: HTML smuggling - QR Code with suspicious links | Sublime Security | 5 months ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-qr-code-with-suspicious-links-010e757d | |
Attachment: Microsoft impersonation via PDF with link and suspicious language | Sublime Security | 4 months ago May 2nd, 2024 | /feeds/core/detection-rules/attachment-microsoft-impersonation-via-pdf-with-link-and-suspicious-language-70d41c7f | |
Attachment: QR code with credential phishing indicators | Sublime Security | 2 months ago Jul 29th, 2024 | /feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1 | |
Brand impersonation: Adobe (QR code) | Sublime Security | 19 days ago Aug 27th, 2024 | /feeds/core/detection-rules/brand-impersonation-adobe-qr-code-2fc36c6d | |
Brand impersonation: Adobe with suspicious language and link | Sublime Security | 2 months ago Jul 18th, 2024 | /feeds/core/detection-rules/brand-impersonation-adobe-with-suspicious-language-and-link-32cc8bf1 | |
Brand impersonation: Amazon with suspicious attachment | Sublime Security | 4 months ago May 3rd, 2024 | /feeds/core/detection-rules/brand-impersonation-amazon-with-suspicious-attachment-5751dcb9 | |
Brand Impersonation: Chase bank with credential phishing indicators | Sublime Security | 5 months ago Apr 25th, 2024 | /feeds/core/detection-rules/brand-impersonation-chase-bank-with-credential-phishing-indicators-d9577856 | |
Brand Impersonation: Coinbase with suspicious links | Sublime Security | 10 months ago Nov 18th, 2023 | /feeds/core/detection-rules/brand-impersonation-coinbase-with-suspicious-links-b61e2f8e | |
Brand impersonation: DocuSign image attachment lure with no DocuSign links | Sublime Security | 25 days ago Aug 21st, 2024 | /feeds/core/detection-rules/brand-impersonation-docusign-image-attachment-lure-with-no-docusign-links-814a5694 | |
Brand impersonation: DocuSign (QR code) | Sublime Security | 3 months ago Jun 12th, 2024 | /feeds/core/detection-rules/brand-impersonation-docusign-qr-code-0b16c28a | |
Brand Impersonation: DocuSign with embedded QR code | Sublime Security | 4 months ago May 2nd, 2024 | /feeds/core/detection-rules/brand-impersonation-docusign-with-embedded-qr-code-f5cde463 | |
Brand impersonation: Fake fax | Sublime Security | 7 months ago Feb 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-fake-fax-2a96b90a | |
Brand impersonation: Google fake sign-in warning | Sublime Security | a year ago Aug 21st, 2023 | /feeds/core/detection-rules/brand-impersonation-google-fake-sign-in-warning-2d998eee | |
Brand Impersonation: Google (QR Code) | Sublime Security | 5 months ago Apr 3rd, 2024 | /feeds/core/detection-rules/brand-impersonation-google-qr-code-7ffd184c | |
Brand impersonation: Gusto | Sublime Security | 5 months ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-gusto-54025c1c | |
Brand impersonation: Microsoft fake sign-in alert | Sublime Security | 5 months ago Apr 25th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-fake-sign-in-alert-3f4c9e7a | |
Brand impersonation: Microsoft logo or suspicious language with open redirect | Sublime Security | 6 months ago Mar 7th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-logo-or-suspicious-language-with-open-redirect-27b8d8d8 | |
Brand impersonation: Microsoft (QR code) | Sublime Security | a month ago Aug 9th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-qr-code-ed0f772a | |
Brand impersonation: Microsoft quarantine release notification in body | Sublime Security | 3 months ago Jun 27th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-quarantine-release-notification-in-body-6d19527c | |
Brand impersonation: Microsoft quarantine release notification in image attachment | Sublime Security | 3 months ago Jun 27th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-quarantine-release-notification-in-image-attachment-185db6b3 | |
Brand impersonation: Microsoft with embedded logo and credential theft language | Sublime Security | 3 months ago Jun 28th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-with-embedded-logo-and-credential-theft-language-3ee9ef3d | |
Brand impersonation: Microsoft with low reputation links | Sublime Security | a month ago Aug 2nd, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-with-low-reputation-links-b59201b6 | |
Brand impersonation: Okta | Sublime Security | 5 months ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-okta-b7a2989a | |
Brand impersonation: PayPal | Sublime Security | 3 months ago Jun 27th, 2024 | /feeds/core/detection-rules/brand-impersonation-paypal-a6b2ceee | |
Brand impersonation: PNC | Sublime Security | 5 months ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-pnc-1b5ae4fb | |
Brand impersonation: Quickbooks | Sublime Security | 4 months ago May 29th, 2024 | /feeds/core/detection-rules/brand-impersonation-quickbooks-4fd791d1 | |
Brand impersonation: Sharepoint | Sublime Security | 4 months ago May 6th, 2024 | /feeds/core/detection-rules/brand-impersonation-sharepoint-284b1b70 | |
Brand impersonation: Sharepoint fake file share | Sublime Security | 10 days ago Sep 5th, 2024 | /feeds/core/detection-rules/brand-impersonation-sharepoint-fake-file-share-ff8b296b | |
Brand impersonation: UPS | Sublime Security | 2 months ago Jul 17th, 2024 | /feeds/core/detection-rules/brand-impersonation-ups-73b68869 | |
Brand impersonation: USPS | Sublime Security | 5 months ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-usps-28b9130a | |
Callback Phishing via DocuSign comment | Sublime Security | 2 months ago Jul 26th, 2024 | /feeds/core/detection-rules/callback-phishing-via-docusign-comment-48aec918 | |
Callback phishing via Intuit service abuse | Sublime Security | 11 days ago Sep 4th, 2024 | /feeds/core/detection-rules/callback-phishing-via-intuit-service-abuse-f2fe1294 | |
Credential phishing content and link (untrusted sender) | Sublime Security | 2 months ago Jul 29th, 2024 | /feeds/core/detection-rules/credential-phishing-content-and-link-untrusted-sender-f0c95bb7 | |
Credential Phishing: DocuSign embedded image lure with no DocuSign domains in links | Sublime Security | 5 months ago Apr 23rd, 2024 | /feeds/core/detection-rules/credential-phishing-docusign-embedded-image-lure-with-no-docusign-domains-in-links-dfe8715e | |