Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated May 16th, 2024
Feed Source
Detection Method is
Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Attachment: Adobe image lure with suspicious link | Sublime Security | 16 days ago May 2nd, 2024 | /feeds/core/detection-rules/attachment-adobe-image-lure-with-suspicious-link-1d7add81 | |
Attachment: Callback Phishing solicitation via image file | @vector_sec | 2 months ago Apr 2nd, 2024 | /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36 | |
Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d | Sublime Security | 23 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282 | |
Attachment: EML with link to credential phishing page | Sublime Security | 12 days ago May 6th, 2024 | /feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca | |
Attachment: Fake Slack installer | Sublime Security | 6 months ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f | |
Attachment: Fake Zoom installer | Sublime Security | 6 months ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6 | |
Attachment: HTML smuggling - QR Code with suspicious links | Sublime Security | 23 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-qr-code-with-suspicious-links-010e757d | |
Attachment: Microsoft impersonation via PDF with link and suspicious language | Sublime Security | 16 days ago May 2nd, 2024 | /feeds/core/detection-rules/attachment-microsoft-impersonation-via-pdf-with-link-and-suspicious-language-70d41c7f | |
Attachment: QR code with credential phishing indicators | Sublime Security | 23 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1 | |
Brand impersonation: Adobe (QR code) | Sublime Security | 25 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-adobe-qr-code-2fc36c6d | |
Brand impersonation: Adobe with suspicious language and link | Sublime Security | 24 days ago Apr 24th, 2024 | /feeds/core/detection-rules/brand-impersonation-adobe-with-suspicious-language-and-link-32cc8bf1 | |
Brand impersonation: Amazon with suspicious attachment | Sublime Security | 15 days ago May 3rd, 2024 | /feeds/core/detection-rules/brand-impersonation-amazon-with-suspicious-attachment-5751dcb9 | |
Brand Impersonation: Chase bank with credential phishing indicators | Sublime Security | 23 days ago Apr 25th, 2024 | /feeds/core/detection-rules/brand-impersonation-chase-bank-with-credential-phishing-indicators-d9577856 | |
Brand Impersonation: Coinbase with suspicious links | Sublime Security | 6 months ago Nov 18th, 2023 | /feeds/core/detection-rules/brand-impersonation-coinbase-with-suspicious-links-b61e2f8e | |
Brand impersonation: DocuSign image attachment lure with no DocuSign links | Sublime Security | 2 months ago Mar 26th, 2024 | /feeds/core/detection-rules/brand-impersonation-docusign-image-attachment-lure-with-no-docusign-links-814a5694 | |
Brand impersonation: DocuSign (QR code) | Sublime Security | 5 months ago Dec 23rd, 2023 | /feeds/core/detection-rules/brand-impersonation-docusign-qr-code-0b16c28a | |
Brand Impersonation: DocuSign with embedded QR code | Sublime Security | 16 days ago May 2nd, 2024 | /feeds/core/detection-rules/brand-impersonation-docusign-with-embedded-qr-code-f5cde463 | |
Brand impersonation: Fake fax | Sublime Security | 3 months ago Feb 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-fake-fax-2a96b90a | |
Brand impersonation: Google fake sign-in warning | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/brand-impersonation-google-fake-sign-in-warning-2d998eee | |
Brand Impersonation: Google (QR Code) | Sublime Security | a month ago Apr 3rd, 2024 | /feeds/core/detection-rules/brand-impersonation-google-qr-code-7ffd184c | |
Brand impersonation: Gusto | Sublime Security | 25 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-gusto-54025c1c | |
Brand impersonation: Microsoft fake sign-in alert | Sublime Security | 23 days ago Apr 25th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-fake-sign-in-alert-3f4c9e7a | |
Brand impersonation: Microsoft logo or suspicious language with open redirect | Sublime Security | 2 months ago Mar 7th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-logo-or-suspicious-language-with-open-redirect-27b8d8d8 | |
Brand impersonation: Microsoft (QR code) | Sublime Security | 3 months ago Feb 7th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-qr-code-ed0f772a | |
Brand impersonation: Microsoft quarantine release notification in body | Sublime Security | 8 days ago May 10th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-quarantine-release-notification-in-body-6d19527c | |
Brand impersonation: Microsoft quarantine release notification in image attachment | Sublime Security | 8 days ago May 10th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-quarantine-release-notification-in-image-attachment-185db6b3 | |
Brand impersonation: Microsoft with embedded logo and credential theft language | Sublime Security | 4 days ago May 14th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-with-embedded-logo-and-credential-theft-language-3ee9ef3d | |
Brand impersonation: Microsoft with low reputation links | Sublime Security | 9 days ago May 9th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-with-low-reputation-links-b59201b6 | |
Brand impersonation: Okta | Sublime Security | 25 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-okta-b7a2989a | |
Brand impersonation: PayPal | Sublime Security | 25 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-paypal-a6b2ceee | |
Brand impersonation: PNC | Sublime Security | 25 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-pnc-1b5ae4fb | |
Brand impersonation: Quickbooks | Sublime Security | 25 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-quickbooks-4fd791d1 | |
Brand impersonation: Sharepoint | Sublime Security | 12 days ago May 6th, 2024 | /feeds/core/detection-rules/brand-impersonation-sharepoint-284b1b70 | |
Brand impersonation: Sharepoint fake file share | Sublime Security | 25 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-sharepoint-fake-file-share-ff8b296b | |
Brand impersonation: UPS | Sublime Security | 25 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-ups-73b68869 | |
Brand impersonation: USPS | Sublime Security | 25 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-usps-28b9130a | |
Callback Phishing via DocuSign comment | Sublime Security | 5 days ago May 13th, 2024 | /feeds/core/detection-rules/callback-phishing-via-docusign-comment-48aec918 | |
Credential phishing content and link (untrusted sender) | Sublime Security | 9 days ago May 9th, 2024 | /feeds/core/detection-rules/credential-phishing-content-and-link-untrusted-sender-f0c95bb7 | |
Credential Phishing: DocuSign embedded image lure with no DocuSign domains in links | Sublime Security | 25 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/credential-phishing-docusign-embedded-image-lure-with-no-docusign-domains-in-links-dfe8715e | |
Credential Phishing: Image as content, short or no body contents | Sublime Security | 8 months ago Sep 8th, 2023 | /feeds/core/detection-rules/credential-phishing-image-as-content-short-or-no-body-contents-01313f38 | |
Credential phishing link (unknown sender) | Sublime Security | 23 days ago Apr 25th, 2024 | /feeds/core/detection-rules/credential-phishing-link-unknown-sender-a278012b | |
Credential Phishing via Dropbox comment abuse | Sublime Security | 25 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/credential-phishing-via-dropbox-comment-abuse-744d494d | |
Free subdomain link with login or captcha (untrusted sender) | Sublime Security | 23 days ago Apr 25th, 2024 | /feeds/core/detection-rules/free-subdomain-link-with-login-or-captcha-untrusted-sender-93288f82 | |
Google Accelerated Mobile Pages (AMP) abuse | Sublime Security | 23 days ago Apr 25th, 2024 | /feeds/core/detection-rules/google-accelerated-mobile-pages-amp-abuse-46907029 | |
Google Drive abuse: Credential phishing link | Sublime Security | 23 days ago Apr 25th, 2024 | /feeds/core/detection-rules/google-drive-abuse-credential-phishing-link-c74aece0 | |
Link: Credential Phishing link with Undisclosed Recipients | Sublime Security | 23 days ago Apr 25th, 2024 | /feeds/core/detection-rules/link-credential-phishing-link-with-undisclosed-recipients-06fc155e | |
Link: QR code in EML attachment with credential phishing indicators | Sublime Security | 23 days ago Apr 25th, 2024 | /feeds/core/detection-rules/link-qr-code-in-eml-attachment-with-credential-phishing-indicators-9908ed3a | |
Link: QR code with phishing disposition in img or pdf | Sublime Security | 23 days ago Apr 25th, 2024 | /feeds/core/detection-rules/link-qr-code-with-phishing-disposition-in-img-or-pdf-8e8949f6 | |
Link: QR Code with suspicious language (untrusted sender) | Sublime Security | 25 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/link-qr-code-with-suspicious-language-untrusted-sender-25a84d1c | |
Link: QuickBooks image lure with suspicious link | Sublime Security | 16 days ago May 2nd, 2024 | /feeds/core/detection-rules/link-quickbooks-image-lure-with-suspicious-link-3826a923 |