Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Sep 13th, 2024
Feed Source
Detection Method is
Rule Name & Severity | Author | Last Updated | Labels | |
---|---|---|---|---|
Advance Fee Fraud (AFF) from freemail provider or suspicious TLD | Sublime Security | 3 months ago Jun 3rd, 2024 | /feeds/core/detection-rules/advance-fee-fraud-aff-from-freemail-provider-or-suspicious-tld-6a5af373 | |
AnonymousFox Indicators | Sublime Security | 2 months ago Jul 19th, 2024 | /feeds/core/detection-rules/anonymousfox-indicators-2506206e | |
Attachment: Callback Phishing solicitation via text-based file with a large unknown recipient list | Sublime Security | 2 months ago Jul 26th, 2024 | /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-text-based-file-with-a-large-unknown-recipient-list-ca39c83a | |
Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d | Sublime Security | 5 months ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282 | |
Attachment: Dropbox image lure with no Dropbox domains in links | Sublime Security | 8 months ago Jan 23rd, 2024 | /feeds/core/detection-rules/attachment-dropbox-image-lure-with-no-dropbox-domains-in-links-500eee2d | |
Attachment: EML file contains HTML attachment with login portal indicators | Sublime Security | a year ago Oct 19th, 2023 | /feeds/core/detection-rules/attachment-eml-file-contains-html-attachment-with-login-portal-indicators-6e4df158 | |
Attachment: EML file with HTML attachment (unsolicited) | Sublime Security | 3 months ago Jun 6th, 2024 | /feeds/core/detection-rules/attachment-eml-file-with-html-attachment-unsolicited-c24fd191 | |
Attachment: EML with link to credential phishing page | Sublime Security | 2 days ago Sep 13th, 2024 | /feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca | |
Attachment: Fake secure message and suspicious indicators | Sublime Security | 4 months ago May 2nd, 2024 | /feeds/core/detection-rules/attachment-fake-secure-message-and-suspicious-indicators-20a34d94 | |
Attachment: HTML Smuggling Microsoft Sign In | Sublime Security | 8 months ago Jan 31st, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385 | |
Attachment: HTML smuggling - QR Code with suspicious links | Sublime Security | 5 months ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-qr-code-with-suspicious-links-010e757d | |
Attachment: Microsoft 365 Credential Phishing | Sublime Security | a month ago Aug 7th, 2024 | /feeds/core/detection-rules/attachment-microsoft-365-credential-phishing-edce0229 | |
Attachment: Microsoft impersonation via PDF with link and suspicious language | Sublime Security | 4 months ago May 2nd, 2024 | /feeds/core/detection-rules/attachment-microsoft-impersonation-via-pdf-with-link-and-suspicious-language-70d41c7f | |
Attachment: QR code with credential phishing indicators | Sublime Security | 2 months ago Jul 29th, 2024 | /feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1 | |
Attachment: RFC822 containing suspicious file sharing language with links from untrusted sender | Sublime Security | 5 months ago Apr 3rd, 2024 | /feeds/core/detection-rules/attachment-rfc822-containing-suspicious-file-sharing-language-with-links-from-untrusted-sender-d96854d7 | |
Attachment with auto-executing macro (unsolicited) | Sublime Security | 9 months ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-with-auto-executing-macro-unsolicited-af6624c3 | |
BEC/Fraud: Generic Scam attempt to Undisclosed Receipients | Sublime Security | 5 months ago Apr 23rd, 2024 | /feeds/core/detection-rules/becfraud-generic-scam-attempt-to-undisclosed-receipients-5dac401f | |
BEC/Fraud: Romance Scam | Sublime Security | 10 months ago Nov 23rd, 2023 | /feeds/core/detection-rules/becfraud-romance-scam-0243cdaa | |
BEC/Fraud: Scam Lure with freemail pivot | Sublime Security | 3 months ago Jun 3rd, 2024 | /feeds/core/detection-rules/becfraud-scam-lure-with-freemail-pivot-898c769f | |
BEC with unusual Reply-to or Return-path mismatch | Sublime Security | 19 days ago Aug 27th, 2024 | /feeds/core/detection-rules/bec-with-unusual-reply-to-or-return-path-mismatch-83e5e2df | |
Brand impersonation: Adobe (QR code) | Sublime Security | 19 days ago Aug 27th, 2024 | /feeds/core/detection-rules/brand-impersonation-adobe-qr-code-2fc36c6d | |
Brand impersonation: Adobe with suspicious language and link | Sublime Security | 2 months ago Jul 18th, 2024 | /feeds/core/detection-rules/brand-impersonation-adobe-with-suspicious-language-and-link-32cc8bf1 | |
Brand impersonation: ADP | Sublime Security | 8 months ago Jan 9th, 2024 | /feeds/core/detection-rules/brand-impersonation-adp-bb9cf46b | |
Brand impersonation: Amazon | Sublime Security | a month ago Aug 19th, 2024 | /feeds/core/detection-rules/brand-impersonation-amazon-13fc967d | |
Brand impersonation: Amazon with suspicious attachment | Sublime Security | 4 months ago May 3rd, 2024 | /feeds/core/detection-rules/brand-impersonation-amazon-with-suspicious-attachment-5751dcb9 | |
Brand impersonation: American Express (AMEX) | Sublime Security | 3 days ago Sep 12th, 2024 | /feeds/core/detection-rules/brand-impersonation-american-express-amex-992a9fa9 | |
Brand impersonation: Apple | Sublime Security | a year ago Aug 21st, 2023 | /feeds/core/detection-rules/brand-impersonation-apple-0b17f2c2 | |
Brand impersonation: Aramco | Sublime Security | 3 months ago Jun 20th, 2024 | /feeds/core/detection-rules/brand-impersonation-aramco-96e87699 | |
Brand impersonation: Bank of America | Sublime Security | 3 months ago Jun 14th, 2024 | /feeds/core/detection-rules/brand-impersonation-bank-of-america-d2fc6ea1 | |
Brand impersonation: Barracuda Networks | Sublime Security | 2 months ago Jul 8th, 2024 | /feeds/core/detection-rules/brand-impersonation-barracuda-networks-583fd5eb | |
Brand impersonation: Binance | Sublime Security | 4 months ago May 3rd, 2024 | /feeds/core/detection-rules/brand-impersonation-binance-c3302a76 | |
Brand impersonation: Blockchain[.]com | Sublime Security | 5 months ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-blockchaincom-0d85e555 | |
Brand impersonation: Chase Bank | Sublime Security | 2 months ago Jul 9th, 2024 | /feeds/core/detection-rules/brand-impersonation-chase-bank-c680f1e7 | |
Brand impersonation: Coinbase | Sublime Security | 5 months ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-coinbase-3dca757a | |
Brand impersonation: Dashlane | Sublime Security | 5 months ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-dashlane-9e400937 | |
Brand impersonation: DHL | Sublime Security | 3 months ago Jun 17th, 2024 | /feeds/core/detection-rules/brand-impersonation-dhl-be4b4ae0 | |
Brand impersonation: Digital Ocean | Sublime Security | 6 months ago Mar 4th, 2024 | /feeds/core/detection-rules/brand-impersonation-digital-ocean-7f2f0e97 | |
Brand Impersonation: DocSend | Sublime Security | 4 days ago Sep 11th, 2024 | /feeds/core/detection-rules/brand-impersonation-docsend-cd9a3f7a | |
Brand impersonation: DocuSign | Sublime Security | 10 days ago Sep 5th, 2024 | /feeds/core/detection-rules/brand-impersonation-docusign-4d29235c | |
Brand impersonation: DocuSign image attachment lure with no DocuSign links | Sublime Security | 25 days ago Aug 21st, 2024 | /feeds/core/detection-rules/brand-impersonation-docusign-image-attachment-lure-with-no-docusign-links-814a5694 | |
Brand impersonation: DocuSign (QR code) | Sublime Security | 3 months ago Jun 12th, 2024 | /feeds/core/detection-rules/brand-impersonation-docusign-qr-code-0b16c28a | |
Brand impersonation: DoorDash | Sublime Security | a month ago Aug 12th, 2024 | /feeds/core/detection-rules/brand-impersonation-doordash-b0aaaed5 | |
Brand impersonation: Dotloop | Sublime Security | 5 months ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-dotloop-f997581a | |
Brand impersonation: Dropbox | Sublime Security | a month ago Aug 7th, 2024 | /feeds/core/detection-rules/brand-impersonation-dropbox-61f11d12 | |
Brand Impersonation: Exodus | Sublime Security | 5 months ago Apr 25th, 2024 | /feeds/core/detection-rules/brand-impersonation-exodus-40c77ecc | |
Brand Impersonation: Fake DocuSign HTML table not linking to DocuSign domains | Sublime Security | 4 months ago May 7th, 2024 | /feeds/core/detection-rules/brand-impersonation-fake-docusign-html-table-not-linking-to-docusign-domains-28923dde | |
Brand impersonation: FedEx | Sublime Security | 5 months ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-fedex-94a2b602 | |
Brand impersonation: FINRA | Sublime Security | 9 months ago Dec 20th, 2023 | /feeds/core/detection-rules/brand-impersonation-finra-15c81db4 | |
Brand impersonation: Github | Sublime Security | 17 days ago Aug 29th, 2024 | /feeds/core/detection-rules/brand-impersonation-github-9402f92b | |
Brand Impersonation: Google (QR Code) | Sublime Security | 5 months ago Apr 3rd, 2024 |