• Sublime Core Feed

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Sep 13th, 2024
Feed Source
GitHub
Detection Method is
Rule Name & Severity
Author
Last Updated
Labels
Advance Fee Fraud (AFF) from freemail provider or suspicious TLD
Sublime Security
3 months ago
Jun 3rd, 2024
BEC/Fraud
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/advance-fee-fraud-aff-from-freemail-provider-or-suspicious-tld-6a5af373
AnonymousFox Indicators
Sublime Security
2 months ago
Jul 19th, 2024
/feeds/core/detection-rules/anonymousfox-indicators-2506206e
Attachment: Callback Phishing solicitation via text-based file with a large unknown recipient list
Sublime Security
2 months ago
Jul 26th, 2024
/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-text-based-file-with-a-large-unknown-recipient-list-ca39c83a
Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d
Sublime Security
5 months ago
Apr 25th, 2024
/feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282
Attachment: Dropbox image lure with no Dropbox domains in links
Sublime Security
8 months ago
Jan 23rd, 2024
/feeds/core/detection-rules/attachment-dropbox-image-lure-with-no-dropbox-domains-in-links-500eee2d
Attachment: EML file contains HTML attachment with login portal indicators
Sublime Security
a year ago
Oct 19th, 2023
/feeds/core/detection-rules/attachment-eml-file-contains-html-attachment-with-login-portal-indicators-6e4df158
Attachment: EML file with HTML attachment (unsolicited)
Sublime Security
3 months ago
Jun 6th, 2024
/feeds/core/detection-rules/attachment-eml-file-with-html-attachment-unsolicited-c24fd191
Attachment: EML with link to credential phishing page
Sublime Security
2 days ago
Sep 13th, 2024
/feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca
Attachment: Fake secure message and suspicious indicators
Sublime Security
4 months ago
May 2nd, 2024
/feeds/core/detection-rules/attachment-fake-secure-message-and-suspicious-indicators-20a34d94
Attachment: HTML Smuggling Microsoft Sign In
Sublime Security
8 months ago
Jan 31st, 2024
/feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385
Attachment: HTML smuggling - QR Code with suspicious links
Sublime Security
5 months ago
Apr 25th, 2024
/feeds/core/detection-rules/attachment-html-smuggling-qr-code-with-suspicious-links-010e757d
Attachment: Microsoft 365 Credential Phishing
Sublime Security
a month ago
Aug 7th, 2024
/feeds/core/detection-rules/attachment-microsoft-365-credential-phishing-edce0229
Attachment: Microsoft impersonation via PDF with link and suspicious language
Sublime Security
4 months ago
May 2nd, 2024
/feeds/core/detection-rules/attachment-microsoft-impersonation-via-pdf-with-link-and-suspicious-language-70d41c7f
Attachment: QR code with credential phishing indicators
Sublime Security
2 months ago
Jul 29th, 2024
/feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1
Attachment: RFC822 containing suspicious file sharing language with links from untrusted sender
Sublime Security
5 months ago
Apr 3rd, 2024
/feeds/core/detection-rules/attachment-rfc822-containing-suspicious-file-sharing-language-with-links-from-untrusted-sender-d96854d7
Attachment with auto-executing macro (unsolicited)
Sublime Security
9 months ago
Dec 19th, 2023
/feeds/core/detection-rules/attachment-with-auto-executing-macro-unsolicited-af6624c3
BEC/Fraud: Generic Scam attempt to Undisclosed Receipients
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/becfraud-generic-scam-attempt-to-undisclosed-receipients-5dac401f
BEC/Fraud: Romance Scam
Sublime Security
10 months ago
Nov 23rd, 2023
/feeds/core/detection-rules/becfraud-romance-scam-0243cdaa
BEC/Fraud: Scam Lure with freemail pivot
Sublime Security
3 months ago
Jun 3rd, 2024
/feeds/core/detection-rules/becfraud-scam-lure-with-freemail-pivot-898c769f
BEC with unusual Reply-to or Return-path mismatch
Sublime Security
19 days ago
Aug 27th, 2024
/feeds/core/detection-rules/bec-with-unusual-reply-to-or-return-path-mismatch-83e5e2df
Brand impersonation: Adobe (QR code)
Sublime Security
19 days ago
Aug 27th, 2024
/feeds/core/detection-rules/brand-impersonation-adobe-qr-code-2fc36c6d
Brand impersonation: Adobe with suspicious language and link
Sublime Security
2 months ago
Jul 18th, 2024
/feeds/core/detection-rules/brand-impersonation-adobe-with-suspicious-language-and-link-32cc8bf1
Brand impersonation: ADP
Sublime Security
8 months ago
Jan 9th, 2024
/feeds/core/detection-rules/brand-impersonation-adp-bb9cf46b
Brand impersonation: Amazon
Sublime Security
a month ago
Aug 19th, 2024
/feeds/core/detection-rules/brand-impersonation-amazon-13fc967d
Brand impersonation: Amazon with suspicious attachment
Sublime Security
4 months ago
May 3rd, 2024
/feeds/core/detection-rules/brand-impersonation-amazon-with-suspicious-attachment-5751dcb9
Brand impersonation: American Express (AMEX)
Sublime Security
3 days ago
Sep 12th, 2024
/feeds/core/detection-rules/brand-impersonation-american-express-amex-992a9fa9
Brand impersonation: Apple
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/brand-impersonation-apple-0b17f2c2
Brand impersonation: Aramco
Sublime Security
3 months ago
Jun 20th, 2024
/feeds/core/detection-rules/brand-impersonation-aramco-96e87699
Brand impersonation: Bank of America
Sublime Security
3 months ago
Jun 14th, 2024
/feeds/core/detection-rules/brand-impersonation-bank-of-america-d2fc6ea1
Brand impersonation: Barracuda Networks
Sublime Security
2 months ago
Jul 8th, 2024
/feeds/core/detection-rules/brand-impersonation-barracuda-networks-583fd5eb
Brand impersonation: Binance
Sublime Security
4 months ago
May 3rd, 2024
/feeds/core/detection-rules/brand-impersonation-binance-c3302a76
Brand impersonation: Blockchain[.]com
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/brand-impersonation-blockchaincom-0d85e555
Brand impersonation: Chase Bank
Sublime Security
2 months ago
Jul 9th, 2024
/feeds/core/detection-rules/brand-impersonation-chase-bank-c680f1e7
Brand impersonation: Coinbase
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/brand-impersonation-coinbase-3dca757a
Brand impersonation: Dashlane
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/brand-impersonation-dashlane-9e400937
Brand impersonation: DHL
Sublime Security
3 months ago
Jun 17th, 2024
/feeds/core/detection-rules/brand-impersonation-dhl-be4b4ae0
Brand impersonation: Digital Ocean
Sublime Security
6 months ago
Mar 4th, 2024
/feeds/core/detection-rules/brand-impersonation-digital-ocean-7f2f0e97
Brand Impersonation: DocSend
Sublime Security
4 days ago
Sep 11th, 2024
/feeds/core/detection-rules/brand-impersonation-docsend-cd9a3f7a
Brand impersonation: DocuSign
Sublime Security
10 days ago
Sep 5th, 2024
/feeds/core/detection-rules/brand-impersonation-docusign-4d29235c
Brand impersonation: DocuSign image attachment lure with no DocuSign links
Sublime Security
25 days ago
Aug 21st, 2024
/feeds/core/detection-rules/brand-impersonation-docusign-image-attachment-lure-with-no-docusign-links-814a5694
Brand impersonation: DocuSign (QR code)
Sublime Security
3 months ago
Jun 12th, 2024
/feeds/core/detection-rules/brand-impersonation-docusign-qr-code-0b16c28a
Brand impersonation: DoorDash
Sublime Security
a month ago
Aug 12th, 2024
/feeds/core/detection-rules/brand-impersonation-doordash-b0aaaed5
Brand impersonation: Dotloop
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/brand-impersonation-dotloop-f997581a
Brand impersonation: Dropbox
Sublime Security
a month ago
Aug 7th, 2024
/feeds/core/detection-rules/brand-impersonation-dropbox-61f11d12
Brand Impersonation: Exodus
Sublime Security
5 months ago
Apr 25th, 2024
/feeds/core/detection-rules/brand-impersonation-exodus-40c77ecc
Brand Impersonation: Fake DocuSign HTML table not linking to DocuSign domains
Sublime Security
4 months ago
May 7th, 2024
/feeds/core/detection-rules/brand-impersonation-fake-docusign-html-table-not-linking-to-docusign-domains-28923dde
Brand impersonation: FedEx
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/brand-impersonation-fedex-94a2b602
Brand impersonation: FINRA
Sublime Security
9 months ago
Dec 20th, 2023
/feeds/core/detection-rules/brand-impersonation-finra-15c81db4
Brand impersonation: Github
Sublime Security
17 days ago
Aug 29th, 2024
/feeds/core/detection-rules/brand-impersonation-github-9402f92b
Brand Impersonation: Google (QR Code)
Sublime Security
5 months ago
Apr 3rd, 2024