Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated May 13th, 2024

Feed Source

GitHub

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
Adobe branded PDF file linking to a password-protected file from untrusted sender	Sublime Security	3 months ago Feb 23rd, 2024	Malware/Ransomware Encryption Evasion Impersonation: Brand PDF Archive analysis File analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/adobe-branded-pdf-file-linking-to-a-password-protected-file-from-untrusted-sender-5ea75469
Attachment: Any HTML file (unsolicited)	Sublime Security	20 days ago Apr 23rd, 2024	HTML smuggling File analysis HTML analysis Sender analysis	/feeds/core/detection-rules/attachment-any-html-file-unsolicited-ef36763f
Attachment: Any HTML file within archive (unsolicited)	Sublime Security	6 months ago Nov 14th, 2023	Credential Phishing Malware/Ransomware Evasion HTML smuggling Archive analysis File analysis	/feeds/core/detection-rules/attachment-any-html-file-within-archive-unsolicited-6a67c02c
Attachment: Archive containing disallowed file type	Sublime Security	3 months ago Jan 30th, 2024	Malware/Ransomware Evasion Archive analysis File analysis	/feeds/core/detection-rules/attachment-archive-containing-disallowed-file-type-3859e3e7
Attachment: Archive containing HTML file with file scheme link	Sublime Security	2 months ago Mar 7th, 2024	Credential Phishing Evasion Exploit HTML smuggling Social engineering Archive analysis File analysis HTML analysis	/feeds/core/detection-rules/attachment-archive-containing-html-file-with-file-scheme-link-edf6d0d9
Attachment: Archive contains DLL-loading macro	Sublime Security	4 months ago Dec 28th, 2023	Malware/Ransomware Exploit LNK Macros Scripting Archive analysis File analysis Macro analysis YARA	/feeds/core/detection-rules/attachment-archive-contains-dll-loading-macro-3a193f5f
Attachment: Archive with embedded CHM file	Sublime Security	9 months ago Aug 21st, 2023	Malware/Ransomware Evasion Archive analysis File analysis	/feeds/core/detection-rules/attachment-archive-with-embedded-chm-file-5280e94d
Attachment: Archive with embedded EXE file	Sublime Security	3 months ago Feb 27th, 2024	Malware/Ransomware Evasion Archive analysis File analysis YARA	/feeds/core/detection-rules/attachment-archive-with-embedded-exe-file-e2b0ad86
Attachment: Archive with pdf, txt and wsf files	Sublime Security	9 months ago Aug 21st, 2023	Malware/Ransomware Evasion PDF Archive analysis File analysis	/feeds/core/detection-rules/attachment-archive-with-pdf-txt-and-wsf-files-16b2e239
Attachment: Callback Phishing solicitation via pdf file	Sublime Security	5 days ago May 8th, 2024	Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis	/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097
Attachment: Callback Phishing solicitation via text file with a large unknown recipient list	Sublime Security	a month ago Apr 8th, 2024	Callback Phishing Evasion Out of band pivot Social engineering Content analysis File analysis Header analysis Sender analysis	/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-text-file-with-a-large-unknown-recipient-list-ca39c83a
Attachment: .csproj with suspicious commands	Sublime Security	9 months ago Aug 17th, 2023	Malware/Ransomware Evasion Scripting File analysis	/feeds/core/detection-rules/attachment-csproj-with-suspicious-commands-fe45b81d
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability	Sublime Security	5 months ago Dec 19th, 2023	Malware/Ransomware Exploit Macros Scripting Archive analysis Content analysis File analysis Macro analysis OLE analysis	/feeds/core/detection-rules/attachment-cve-2021-40444-mshtml-remote-code-execution-vulnerability-8cefcf7f
Attachment: CVE-2023-21716 - Microsoft Office Remote Code Execution Vulnerability	Sublime Security	5 months ago Dec 19th, 2023	Malware/Ransomware Exploit Content analysis File analysis	/feeds/core/detection-rules/attachment-cve-2023-21716-microsoft-office-remote-code-execution-vulnerability-23714cca
Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d	Sublime Security	18 days ago Apr 25th, 2024	Credential Phishing Impersonation: Brand PDF Social engineering Header analysis Sender analysis URL analysis File analysis Computer Vision Whois	/feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282
Attachment: Double Base64-encoded Zip File in HTML Smuggling Attachment	@ajpc500	7 months ago Oct 4th, 2023	Malware/Ransomware Credential Phishing Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Sender analysis	/feeds/core/detection-rules/attachment-double-base64-encoded-zip-file-in-html-smuggling-attachment-61ebb07b
Attachment: Dropbox image lure with no Dropbox domains in links	Sublime Security	4 months ago Jan 23rd, 2024	Credential Phishing Impersonation: Brand Social engineering Content analysis File analysis Header analysis Optical Character Recognition Sender analysis	/feeds/core/detection-rules/attachment-dropbox-image-lure-with-no-dropbox-domains-in-links-500eee2d
Attachment: EICAR String Present	@ajpc500	9 months ago Aug 21st, 2023	Malware/Ransomware File analysis	/feeds/core/detection-rules/attachment-eicar-string-present-592e2319
Attachment: Embedded Javascript in SVG file (unsolicited)	Sublime Security	7 months ago Oct 4th, 2023	Malware/Ransomware Scripting Archive analysis File analysis Sender analysis XML analysis	/feeds/core/detection-rules/attachment-embedded-javascript-in-svg-file-unsolicited-f70293bc
Attachment: Embedded VBScript in MHT file (unsolicited)	Sublime Security	7 months ago Oct 4th, 2023	Malware/Ransomware Evasion Scripting Archive analysis File analysis HTML analysis Sender analysis	/feeds/core/detection-rules/attachment-embedded-vbscript-in-mht-file-unsolicited-b30353a6
Attachment: EML containing a base64 encoded script	Sublime Security	3 months ago Jan 30th, 2024	Credential Phishing Evasion HTML smuggling Scripting Social engineering File analysis HTML analysis Sender analysis	/feeds/core/detection-rules/attachment-eml-containing-a-base64-encoded-script-fc3d9445
Attachment: EML file contains HTML attachment with login portal indicators	Sublime Security	7 months ago Oct 19th, 2023	Credential Phishing Evasion HTML smuggling Content analysis File analysis Header analysis HTML analysis Javascript analysis Sender analysis	/feeds/core/detection-rules/attachment-eml-file-contains-html-attachment-with-login-portal-indicators-6e4df158
Attachment: EML file with HTML attachment (unsolicited)	Sublime Security	6 months ago Nov 14th, 2023	Credential Phishing Malware/Ransomware Evasion HTML smuggling Content analysis File analysis Header analysis HTML analysis Sender analysis	/feeds/core/detection-rules/attachment-eml-file-with-html-attachment-unsolicited-c24fd191
Attachment: EML file with IPFS links	Sublime Security	18 days ago Apr 25th, 2024	Credential Phishing Evasion Free file host Free subdomain host IPFS File analysis URL analysis	/feeds/core/detection-rules/attachment-eml-file-with-ipfs-links-1fe9d7e7
Attachment: EML with link to credential phishing page	Sublime Security	7 days ago May 6th, 2024	Credential Phishing Evasion Free file host Free subdomain host Social engineering Computer Vision Content analysis File analysis Header analysis HTML analysis Natural Language Understanding Optical Character Recognition URL analysis URL screenshot	/feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca
Attachment: Emotet heavily padded doc in zip file	Sublime Security	7 months ago Oct 4th, 2023	Malware/Ransomware Evasion Archive analysis Content analysis Exif analysis File analysis Sender analysis	/feeds/core/detection-rules/attachment-emotet-heavily-padded-doc-in-zip-file-9a5332ed
Attachment: Encrypted Microsoft Office file (unsolicited)	Sublime Security	5 months ago Dec 19th, 2023	Malware/Ransomware Encryption Macros Scripting Archive analysis File analysis OLE analysis Sender analysis	/feeds/core/detection-rules/attachment-encrypted-microsoft-office-file-unsolicited-1e47e953
Attachment: Excel Web Query File (IQY)	@jkcoote	9 months ago Aug 21st, 2023	Credential Phishing Malware/Ransomware Evasion Archive analysis File analysis	/feeds/core/detection-rules/attachment-excel-web-query-file-iqy-510412b5
Attachment: Fake attachment image lure	Sublime Security	20 days ago Apr 23rd, 2024	Credential Phishing Malware/Ransomware Evasion Image as content Social engineering File analysis Natural Language Understanding Optical Character Recognition	/feeds/core/detection-rules/attachment-fake-attachment-image-lure-96b8b285
Attachment: Fake secure message and suspicious indicators	Sublime Security	11 days ago May 2nd, 2024	Credential Phishing Image as content Impersonation: Brand Social engineering Content analysis File analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/attachment-fake-secure-message-and-suspicious-indicators-20a34d94
Attachment: Fake Slack installer	Sublime Security	5 months ago Nov 29th, 2023	Malware/Ransomware Evasion HTML smuggling Impersonation: Brand Scripting Social engineering Archive analysis Computer Vision File analysis HTML analysis Natural Language Understanding URL analysis	/feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f
Attachment: Fake Zoom installer	Sublime Security	5 months ago Nov 29th, 2023	Malware/Ransomware Evasion HTML smuggling Impersonation: Brand Scripting Social engineering Archive analysis Computer Vision File analysis HTML analysis Natural Language Understanding URL analysis	/feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6
Attachment: File execution via Javascript	Sublime Security	5 months ago Dec 19th, 2023	Malware/Ransomware Evasion Scripting Archive analysis File analysis Javascript analysis Sender analysis	/feeds/core/detection-rules/attachment-file-execution-via-javascript-627ae0b1
Attachment: Filename Containing Unicode Right-to-Left Override Character	@vector_sec	9 months ago Aug 21st, 2023	Malware/Ransomware Evasion Archive analysis File analysis	/feeds/core/detection-rules/attachment-filename-containing-unicode-right-to-left-override-character-357c57a1
Attachment: HTML Attachment with Javascript location	@vector_sec	9 months ago Aug 21st, 2023	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis Javascript analysis HTML analysis	/feeds/core/detection-rules/attachment-html-attachment-with-javascript-location-e0611295
Attachment: HTML Attachment with Login Portal Indicators	@ajpc500	20 days ago Apr 23rd, 2024	Credential Phishing HTML smuggling Scripting Archive analysis File analysis HTML analysis Javascript analysis Sender analysis	/feeds/core/detection-rules/attachment-html-attachment-with-login-portal-indicators-3aabf4a7
Attachment: HTML file contains exclusively Javascript	Sublime Security	3 months ago Feb 1st, 2024	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis File analysis	/feeds/core/detection-rules/attachment-html-file-contains-exclusively-javascript-b6d38168
Attachment: HTML file with excessive padding and suspicious patterns	Sublime Security	9 months ago Aug 21st, 2023	Credential Phishing Malware/Ransomware Evasion HTML smuggling File analysis HTML analysis YARA	/feeds/core/detection-rules/attachment-html-file-with-excessive-padding-and-suspicious-patterns-0a6aee1e
Attachment: HTML file with reference to recipient and suspicious patterns	Sublime Security	10 days ago May 3rd, 2024	Credential Phishing HTML smuggling Scripting Content analysis File analysis HTML analysis Javascript analysis YARA	/feeds/core/detection-rules/attachment-html-file-with-reference-to-recipient-and-suspicious-patterns-5333493d
Attachment: HTML smuggling 'body onload' linking to suspicious destination	Sublime Security	8 months ago Sep 22nd, 2023	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis URL analysis	/feeds/core/detection-rules/attachment-html-smuggling-body-onload-linking-to-suspicious-destination-c1e2beed
Attachment: HTML smuggling 'body onload' with high entropy and suspicious text	Sublime Security	8 months ago Sep 25th, 2023	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis	/feeds/core/detection-rules/attachment-html-smuggling-body-onload-with-high-entropy-and-suspicious-text-329ac12d
Attachment: HTML Smuggling Microsoft Sign In	Sublime Security	3 months ago Jan 31st, 2024	Credential Phishing Free subdomain host HTML smuggling Impersonation: Brand Social engineering Archive analysis Content analysis File analysis Header analysis Javascript analysis Sender analysis URL analysis	/feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385
Attachment: HTML smuggling with atob and high entropy	Sublime Security	20 days ago Apr 23rd, 2024	Credential Phishing Malware/Ransomware HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis Sender analysis URL analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-03fcac11
Attachment: HTML smuggling with auto-downloaded file	Sublime Security	9 months ago Aug 21st, 2023	Credential Phishing Malware/Ransomware HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis Sender analysis URL analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-auto-downloaded-file-abf724f5
Attachment: HTML smuggling with base64 encoded JavaScript function	Sublime Security	9 months ago Aug 27th, 2023	Credential Phishing Malware/Ransomware HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-base64-encoded-javascript-function-4e8a12ec
Attachment: HTML smuggling with concatenation obfuscation	@vector_sec	9 months ago Aug 21st, 2023	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-concatenation-obfuscation-108ab346
Attachment: HTML smuggling with decimal encoding	Sublime Security	20 days ago Apr 23rd, 2024	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-decimal-encoding-f99213c4
Attachment: HTML smuggling with embedded base64-encoded executable	Sublime Security	2 months ago Mar 25th, 2024	Malware/Ransomware Evasion HTML smuggling Archive analysis File analysis HTML analysis YARA	/feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-executable-b00c4527
Attachment: HTML smuggling with embedded base64-encoded ISO	Sublime Security	9 months ago Aug 21st, 2023	Credential Phishing Malware/Ransomware Evasion HTML smuggling ISO Archive analysis Content analysis File analysis HTML analysis Sender analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-iso-294ecd2d
Attachment: HTML smuggling with embedded base64 streamed file download	Sublime Security	9 months ago Aug 21st, 2023	Malware/Ransomware HTML smuggling Scripting Social engineering Archive analysis Content analysis File analysis HTML analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-streamed-file-download-e04de4e2

147 Rules

Page 1 of 3