• Sublime Core Feed

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Feb 14th, 2025
Feed Source
GitHub
Detection Method is
Rule Name & Severity
Author
Last Updated
Labels
Adobe branded PDF file linking to a password-protected file from untrusted sender
Sublime Security
11mo ago
Feb 23rd, 2024
Malware/Ransomware
Encryption
Evasion
Impersonation: Brand
PDF
Archive analysis
File analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/adobe-branded-pdf-file-linking-to-a-password-protected-file-from-untrusted-sender-5ea75469
Advance Fee Fraud (AFF) from freemail provider or suspicious TLD
Sublime Security
3mo ago
Nov 5th, 2024
/feeds/core/detection-rules/advance-fee-fraud-aff-from-freemail-provider-or-suspicious-tld-6a5af373
Attachment: EML with link to credential phishing page
Sublime Security
5mo ago
Sep 13th, 2024
/feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca
Attachment: Encrypted PDF With Credential Theft Body
Sublime Security
4mo ago
Oct 10th, 2024
/feeds/core/detection-rules/attachment-encrypted-pdf-with-credential-theft-body-c9596c9a
Attachment: Fake attachment image lure
Sublime Security
7mo ago
Jul 19th, 2024
/feeds/core/detection-rules/attachment-fake-attachment-image-lure-96b8b285
Attachment: Fake scan-to-email
Sublime Security
3mo ago
Oct 28th, 2024
/feeds/core/detection-rules/attachment-fake-scan-to-email-ea850cc1
Attachment: Fake secure message and suspicious indicators
Sublime Security
5mo ago
Sep 16th, 2024
/feeds/core/detection-rules/attachment-fake-secure-message-and-suspicious-indicators-20a34d94
Attachment: Fake Slack installer
Sublime Security
2y ago
Nov 29th, 2023
/feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f
Attachment: Fake Zoom installer
Sublime Security
2y ago
Nov 29th, 2023
/feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6
Attachment: HTML smuggling - QR Code with suspicious links
Sublime Security
9mo ago
Apr 25th, 2024
/feeds/core/detection-rules/attachment-html-smuggling-qr-code-with-suspicious-links-010e757d
Attachment: Microsoft impersonation via PDF with link and suspicious language
Sublime Security
9mo ago
May 2nd, 2024
/feeds/core/detection-rules/attachment-microsoft-impersonation-via-pdf-with-link-and-suspicious-language-70d41c7f
Attachment: Office file contains OLE relationship to credential phishing page
Sublime Security
2mo ago
Dec 18th, 2024
/feeds/core/detection-rules/attachment-office-file-contains-ole-relationship-to-credential-phishing-page-d55793d0
Attachment: PDF file with low reputation link to ZIP file (unsolicited)
Michael Tingle
9mo ago
May 3rd, 2024
/feeds/core/detection-rules/attachment-pdf-file-with-low-reputation-link-to-zip-file-unsolicited-d1ee2859
Attachment: PDF with credential theft language and link to a free subdomain (unsolicited)
Sublime Security
1y ago
Jan 30th, 2024
/feeds/core/detection-rules/attachment-pdf-with-credential-theft-language-and-link-to-a-free-subdomain-unsolicited-90f4ef4e
Attachment: PDF with suspicious language and redirect to suspicious file type
Sublime Security
9mo ago
May 22nd, 2024
/feeds/core/detection-rules/attachment-pdf-with-suspicious-language-and-redirect-to-suspicious-file-type-adda3c3f
Attachment: QR code with credential phishing indicators
Sublime Security
6mo ago
Jul 29th, 2024
/feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1
Attachment: RFC822 containing suspicious file sharing language with links from untrusted sender
Sublime Security
10mo ago
Apr 3rd, 2024
/feeds/core/detection-rules/attachment-rfc822-containing-suspicious-file-sharing-language-with-links-from-untrusted-sender-d96854d7
Attachment: RFP/RFQ impersonating government entities
Sublime Security
1y ago
Jan 30th, 2024
/feeds/core/detection-rules/attachment-rfprfq-impersonating-government-entities-3b73e3b3
BEC: Employee impersonation with subject manipulation
Sublime Security
1y ago
Jan 22nd, 2024
/feeds/core/detection-rules/bec-employee-impersonation-with-subject-manipulation-9adfc77b
BEC/Fraud: Generic Scam attempt to Undisclosed Receipients
Sublime Security
9mo ago
Apr 23rd, 2024
/feeds/core/detection-rules/becfraud-generic-scam-attempt-to-undisclosed-receipients-5dac401f
BEC/Fraud - Job Scam Fake thread or plaintext pivot to freemail
Sublime Security
1y ago
Jan 8th, 2024
/feeds/core/detection-rules/becfraud-job-scam-fake-thread-or-plaintext-pivot-to-freemail-ce21c151
BEC/Fraud - Student loan callback phishing
Sublime Security
4mo ago
Oct 4th, 2024
/feeds/core/detection-rules/becfraud-student-loan-callback-phishing-a71f82c3
BEC with unusual Reply-to or Return-path mismatch
Sublime Security
5mo ago
Aug 27th, 2024
/feeds/core/detection-rules/bec-with-unusual-reply-to-or-return-path-mismatch-83e5e2df
Brand impersonation: Amazon with suspicious attachment
Sublime Security
9mo ago
May 3rd, 2024
/feeds/core/detection-rules/brand-impersonation-amazon-with-suspicious-attachment-5751dcb9
Brand impersonation: Aramco
Sublime Security
4mo ago
Oct 10th, 2024
/feeds/core/detection-rules/brand-impersonation-aramco-96e87699
Brand impersonation: Binance
Sublime Security
9mo ago
May 3rd, 2024
/feeds/core/detection-rules/brand-impersonation-binance-c3302a76
Brand Impersonation: Chase bank with credential phishing indicators
Sublime Security
9mo ago
Apr 25th, 2024
/feeds/core/detection-rules/brand-impersonation-chase-bank-with-credential-phishing-indicators-d9577856
Brand impersonation: DocuSign branded attachment lure with no DocuSign links
Sublime Security
2mo ago
Dec 18th, 2024
/feeds/core/detection-rules/brand-impersonation-docusign-branded-attachment-lure-with-no-docusign-links-814a5694
Brand Impersonation: DocuSign pdf attachment with suspicious link
Sublime Security
14d ago
Feb 3rd, 2025
/feeds/core/detection-rules/brand-impersonation-docusign-pdf-attachment-with-suspicious-link-2601cbb7
Brand Impersonation: Exodus
Sublime Security
9mo ago
Apr 25th, 2024
/feeds/core/detection-rules/brand-impersonation-exodus-40c77ecc
Brand impersonation: Interac
Sublime Security
5mo ago
Sep 16th, 2024
/feeds/core/detection-rules/brand-impersonation-interac-50a883dc
Brand impersonation: Microsoft logo or suspicious language with open redirect
Sublime Security
11mo ago
Mar 7th, 2024
/feeds/core/detection-rules/brand-impersonation-microsoft-logo-or-suspicious-language-with-open-redirect-27b8d8d8
Brand Impersonation: Microsoft Planner With Suspicious Link
Sublime Security
4mo ago
Oct 9th, 2024
/feeds/core/detection-rules/brand-impersonation-microsoft-planner-with-suspicious-link-ea363c08
Brand impersonation: Microsoft quarantine release notification in image attachment
Sublime Security
7mo ago
Jun 27th, 2024