Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated May 15th, 2024

Feed Source

GitHub

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
Advance Fee Fraud (AFF) from freemail provider or suspicious TLD	Sublime Security	3 months ago Feb 23rd, 2024	BEC/Fraud Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/advance-fee-fraud-aff-from-freemail-provider-or-suspicious-tld-6a5af373
Attachment: Adobe image lure with suspicious link	Sublime Security	13 days ago May 2nd, 2024	Malware/Ransomware Image as content Impersonation: Brand Content analysis Computer Vision Optical Character Recognition Sender analysis URL analysis	/feeds/core/detection-rules/attachment-adobe-image-lure-with-suspicious-link-1d7add81
Attachment: Calendar invite with suspicious link leading to an open redirect	Sublime Security	20 days ago Apr 25th, 2024	Spam Free email provider Free file host Free subdomain host Open redirect Content analysis URL analysis	/feeds/core/detection-rules/attachment-calendar-invite-with-suspicious-link-leading-to-an-open-redirect-5d6294c7
Attachment: Callback Phishing solicitation via image file	@vector_sec	a month ago Apr 2nd, 2024	Callback Phishing Evasion Free email provider Out of band pivot Social engineering Image as content Content analysis Optical Character Recognition Sender analysis URL analysis Computer Vision	/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36
Attachment: Callback Phishing solicitation via text file with a large unknown recipient list	Sublime Security	a month ago Apr 8th, 2024	Callback Phishing Evasion Out of band pivot Social engineering Content analysis File analysis Header analysis Sender analysis	/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-text-file-with-a-large-unknown-recipient-list-ca39c83a
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability	Sublime Security	5 months ago Dec 19th, 2023	Malware/Ransomware Exploit Macros Scripting Archive analysis Content analysis File analysis Macro analysis OLE analysis	/feeds/core/detection-rules/attachment-cve-2021-40444-mshtml-remote-code-execution-vulnerability-8cefcf7f
Attachment: CVE-2023-21716 - Microsoft Office Remote Code Execution Vulnerability	Sublime Security	5 months ago Dec 19th, 2023	Malware/Ransomware Exploit Content analysis File analysis	/feeds/core/detection-rules/attachment-cve-2023-21716-microsoft-office-remote-code-execution-vulnerability-23714cca
Attachment: DocX embedded Binary	Sublime Security	2 months ago Mar 26th, 2024	Malware/Ransomware Evasion Archive analysis Content analysis YARA	/feeds/core/detection-rules/attachment-docx-embedded-binary-feff0241
Attachment: Double Base64-encoded Zip File in HTML Smuggling Attachment	@ajpc500	7 months ago Oct 4th, 2023	Malware/Ransomware Credential Phishing Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Sender analysis	/feeds/core/detection-rules/attachment-double-base64-encoded-zip-file-in-html-smuggling-attachment-61ebb07b
Attachment: Dropbox image lure with no Dropbox domains in links	Sublime Security	4 months ago Jan 23rd, 2024	Credential Phishing Impersonation: Brand Social engineering Content analysis File analysis Header analysis Optical Character Recognition Sender analysis	/feeds/core/detection-rules/attachment-dropbox-image-lure-with-no-dropbox-domains-in-links-500eee2d
Attachment: EML file contains HTML attachment with login portal indicators	Sublime Security	7 months ago Oct 19th, 2023	Credential Phishing Evasion HTML smuggling Content analysis File analysis Header analysis HTML analysis Javascript analysis Sender analysis	/feeds/core/detection-rules/attachment-eml-file-contains-html-attachment-with-login-portal-indicators-6e4df158
Attachment: EML file with HTML attachment (unsolicited)	Sublime Security	6 months ago Nov 14th, 2023	Credential Phishing Malware/Ransomware Evasion HTML smuggling Content analysis File analysis Header analysis HTML analysis Sender analysis	/feeds/core/detection-rules/attachment-eml-file-with-html-attachment-unsolicited-c24fd191
Attachment: EML with link to credential phishing page	Sublime Security	8 days ago May 6th, 2024	Credential Phishing Evasion Free file host Free subdomain host Social engineering Computer Vision Content analysis File analysis Header analysis HTML analysis Natural Language Understanding Optical Character Recognition URL analysis URL screenshot	/feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca
Attachment: Emotet heavily padded doc in zip file	Sublime Security	7 months ago Oct 4th, 2023	Malware/Ransomware Evasion Archive analysis Content analysis Exif analysis File analysis Sender analysis	/feeds/core/detection-rules/attachment-emotet-heavily-padded-doc-in-zip-file-9a5332ed
Attachment: Fake scan-to-email	Sublime Security	15 hours ago May 14th, 2024	Credential Phishing Free file host Image as content PDF Social engineering Content analysis File analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/attachment-fake-scan-to-email-ea850cc1
Attachment: Fake secure message and suspicious indicators	Sublime Security	13 days ago May 2nd, 2024	Credential Phishing Image as content Impersonation: Brand Social engineering Content analysis File analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/attachment-fake-secure-message-and-suspicious-indicators-20a34d94
Attachment: HTML Attachment with Javascript location	@vector_sec	9 months ago Aug 21st, 2023	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis Javascript analysis HTML analysis	/feeds/core/detection-rules/attachment-html-attachment-with-javascript-location-e0611295
Attachment: HTML file with reference to recipient and suspicious patterns	Sublime Security	12 days ago May 3rd, 2024	Credential Phishing HTML smuggling Scripting Content analysis File analysis HTML analysis Javascript analysis YARA	/feeds/core/detection-rules/attachment-html-file-with-reference-to-recipient-and-suspicious-patterns-5333493d
Attachment: HTML smuggling 'body onload' linking to suspicious destination	Sublime Security	8 months ago Sep 22nd, 2023	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis URL analysis	/feeds/core/detection-rules/attachment-html-smuggling-body-onload-linking-to-suspicious-destination-c1e2beed
Attachment: HTML smuggling 'body onload' with high entropy and suspicious text	Sublime Security	8 months ago Sep 25th, 2023	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis	/feeds/core/detection-rules/attachment-html-smuggling-body-onload-with-high-entropy-and-suspicious-text-329ac12d
Attachment: HTML Smuggling Microsoft Sign In	Sublime Security	3 months ago Jan 31st, 2024	Credential Phishing Free subdomain host HTML smuggling Impersonation: Brand Social engineering Archive analysis Content analysis File analysis Header analysis Javascript analysis Sender analysis URL analysis	/feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385
Attachment: HTML smuggling with atob and high entropy	Sublime Security	21 days ago Apr 23rd, 2024	Credential Phishing Malware/Ransomware HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis Sender analysis URL analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-03fcac11
Attachment: HTML smuggling with auto-downloaded file	Sublime Security	9 months ago Aug 21st, 2023	Credential Phishing Malware/Ransomware HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis Sender analysis URL analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-auto-downloaded-file-abf724f5
Attachment: HTML smuggling with base64 encoded JavaScript function	Sublime Security	9 months ago Aug 27th, 2023	Credential Phishing Malware/Ransomware HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-base64-encoded-javascript-function-4e8a12ec
Attachment: HTML smuggling with concatenation obfuscation	@vector_sec	9 months ago Aug 21st, 2023	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-concatenation-obfuscation-108ab346
Attachment: HTML smuggling with decimal encoding	Sublime Security	21 days ago Apr 23rd, 2024	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-decimal-encoding-f99213c4
Attachment: HTML smuggling with embedded base64-encoded ISO	Sublime Security	9 months ago Aug 21st, 2023	Credential Phishing Malware/Ransomware Evasion HTML smuggling ISO Archive analysis Content analysis File analysis HTML analysis Sender analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-iso-294ecd2d
Attachment: HTML smuggling with embedded base64 streamed file download	Sublime Security	9 months ago Aug 21st, 2023	Malware/Ransomware HTML smuggling Scripting Social engineering Archive analysis Content analysis File analysis HTML analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-streamed-file-download-e04de4e2
Attachment: HTML smuggling with eval and atob	Sublime Security	9 months ago Aug 21st, 2023	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-eval-and-atob-9f521ca2
Attachment: HTML smuggling with excessive line break obfuscation	Sublime Security	8 months ago Sep 8th, 2023	Credential Phishing Malware/Ransomware Encryption Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-excessive-line-break-obfuscation-7e901440
Attachment: HTML smuggling with fromCharCode and other signals	Sublime Security	9 months ago Aug 21st, 2023	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis Javascript analysis HTML analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-fromcharcode-and-other-signals-a68ce0ef
Attachment: HTML smuggling with hex strings	@ajpc500	9 months ago Aug 21st, 2023	Credential Phishing Malware/Ransomware Evasion HTML smuggling Archive analysis Content analysis File analysis HTML analysis Javascript analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-hex-strings-b4208ed6
Attachment: HTML smuggling with high entropy and other signals	Sublime Security	9 months ago Aug 21st, 2023	Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-high-entropy-and-other-signals-be157288
Attachment: HTML smuggling with raw array buffer	Sublime Security	9 months ago Aug 21st, 2023	Credential Phishing Malware/Ransomware Evasion Free subdomain host HTML smuggling Archive analysis Content analysis File analysis Javascript analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-raw-array-buffer-a0d5c3dc
Attachment: HTML smuggling with RC4 decryption	Sublime Security	9 months ago Aug 21st, 2023	Credential Phishing Malware/Ransomware Encryption Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-rc4-decryption-3a46d765
Attachment: HTML smuggling with ROT13	@Kyle_Parrish_	9 months ago Aug 21st, 2023	Credential Phishing Malware/Ransomware Encryption Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis Javascript analysis HTML analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-rot13-6eacc4cf
Attachment: HTML smuggling with setTimeout	Sublime Security	9 months ago Aug 21st, 2023	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-settimeout-4e0b2c32
Attachment: LNK with embedded content	@ajpc500	9 months ago Aug 21st, 2023	Malware/Ransomware Exploit LNK Scripting Content analysis Exif analysis File analysis	/feeds/core/detection-rules/attachment-lnk-with-embedded-content-41452f7a
Attachment: Macro with Suspected Use of COM ShellBrowserWindow Object for Process Creation	@ajpc500	5 months ago Dec 19th, 2023	Malware/Ransomware Macros Scripting Content analysis File analysis Macro analysis	/feeds/core/detection-rules/attachment-macro-with-suspected-use-of-com-shellbrowserwindow-object-for-process-creation-527fc7f0
Attachment: Malicious OneNote Commands	@Kyle_Parrish_	9 months ago Aug 21st, 2023	Malware/Ransomware OneNote Scripting Archive analysis Content analysis File analysis YARA	/feeds/core/detection-rules/attachment-malicious-onenote-commands-7319f0eb
Attachment: Microsoft 365 Credential Phishing	Sublime Security	21 days ago Apr 23rd, 2024	Credential Phishing Impersonation: Brand Social engineering Content analysis File analysis Header analysis Optical Character Recognition Sender analysis	/feeds/core/detection-rules/attachment-microsoft-365-credential-phishing-edce0229
Attachment: Office Document with VSTO Add-in	@vector_sec	4 months ago Jan 11th, 2024	Malware/Ransomware Scripting Archive analysis Content analysis Exif analysis File analysis Sender analysis URL analysis	/feeds/core/detection-rules/attachment-office-document-with-vsto-add-in-27afa730
Attachment: OLE external relationship containing file scheme link to executable filetype	Sublime Security	a month ago Apr 4th, 2024	Malware/Ransomware Evasion Archive analysis Content analysis OLE analysis Sender analysis	/feeds/core/detection-rules/attachment-ole-external-relationship-containing-file-scheme-link-to-executable-filetype-33bf6fd4
Attachment: OLE external relationship containing file scheme link to IP address	Sublime Security	a month ago Apr 12th, 2024	Malware/Ransomware Evasion Archive analysis Content analysis OLE analysis Sender analysis	/feeds/core/detection-rules/attachment-ole-external-relationship-containing-file-scheme-link-to-ip-address-3aab998c
Attachment: PDF with link to DMG file download	Sublime Security	20 days ago Apr 25th, 2024	Malware/Ransomware Evasion PDF Archive analysis Content analysis File analysis URL analysis	/feeds/core/detection-rules/attachment-pdf-with-link-to-dmg-file-download-2c486fe0
Attachment: PDF with link to zip containing a wsf file	Sublime Security	20 days ago Apr 25th, 2024	Malware/Ransomware Evasion PDF Archive analysis Content analysis File analysis URL analysis	/feeds/core/detection-rules/attachment-pdf-with-link-to-zip-containing-a-wsf-file-93bc7db4
Attachment: RFP/RFQ impersonating government entities	Sublime Security	3 months ago Jan 30th, 2024	BEC/Fraud Impersonation: Brand PDF Social engineering Content analysis File analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/attachment-rfprfq-impersonating-government-entities-3b73e3b3
Attachment: SVG file execution	Sublime Security	9 months ago Aug 21st, 2023	Malware/Ransomware Scripting Archive analysis Content analysis File analysis	/feeds/core/detection-rules/attachment-svg-file-execution-084b0cde
BEC: Employee impersonation with subject manipulation	Sublime Security	4 months ago Jan 22nd, 2024	BEC/Fraud Impersonation: Employee Social engineering Content analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/bec-employee-impersonation-with-subject-manipulation-9adfc77b
BEC/Fraud: Generic Scam attempt to Undisclosed Receipients	Sublime Security	21 days ago Apr 23rd, 2024	BEC/Fraud Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/becfraud-generic-scam-attempt-to-undisclosed-receipients-5dac401f

179 Rules

Page 1 of 4