• Sublime Core Feed

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Sep 13th, 2024
Feed Source
GitHub
Detection Method is
Rule Name & Severity
Author
Last Updated
Labels
Adobe branded PDF file linking to a password-protected file from untrusted sender
Sublime Security
7 months ago
Feb 23rd, 2024
Malware/Ransomware
Encryption
Evasion
Impersonation: Brand
PDF
Archive analysis
File analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/adobe-branded-pdf-file-linking-to-a-password-protected-file-from-untrusted-sender-5ea75469
Advance Fee Fraud (AFF) from freemail provider or suspicious TLD
Sublime Security
3 months ago
Jun 3rd, 2024
/feeds/core/detection-rules/advance-fee-fraud-aff-from-freemail-provider-or-suspicious-tld-6a5af373
Attachment: EML with link to credential phishing page
Sublime Security
2 days ago
Sep 13th, 2024
/feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca
Attachment: Encrypted PDF With Credential Theft Body
Sublime Security
19 days ago
Aug 27th, 2024
/feeds/core/detection-rules/attachment-encrypted-pdf-with-credential-theft-body-c9596c9a
Attachment: Fake attachment image lure
Sublime Security
2 months ago
Jul 19th, 2024
/feeds/core/detection-rules/attachment-fake-attachment-image-lure-96b8b285
Attachment: Fake scan-to-email
Sublime Security
4 months ago
May 14th, 2024
/feeds/core/detection-rules/attachment-fake-scan-to-email-ea850cc1
Attachment: Fake secure message and suspicious indicators
Sublime Security
4 months ago
May 2nd, 2024
/feeds/core/detection-rules/attachment-fake-secure-message-and-suspicious-indicators-20a34d94
Attachment: Fake Slack installer
Sublime Security
10 months ago
Nov 29th, 2023
/feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f
Attachment: Fake Zoom installer
Sublime Security
10 months ago
Nov 29th, 2023
/feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6
Attachment: HTML smuggling - QR Code with suspicious links
Sublime Security
5 months ago
Apr 25th, 2024
/feeds/core/detection-rules/attachment-html-smuggling-qr-code-with-suspicious-links-010e757d
Attachment: Microsoft impersonation via PDF with link and suspicious language
Sublime Security
4 months ago
May 2nd, 2024
/feeds/core/detection-rules/attachment-microsoft-impersonation-via-pdf-with-link-and-suspicious-language-70d41c7f
Attachment: Office file contains OLE relationship to credential phishing page
Sublime Security
5 months ago
Apr 25th, 2024
/feeds/core/detection-rules/attachment-office-file-contains-ole-relationship-to-credential-phishing-page-d55793d0
Attachment: PDF file with low reputation link to ZIP file (unsolicited)
Michael Tingle
4 months ago
May 3rd, 2024
/feeds/core/detection-rules/attachment-pdf-file-with-low-reputation-link-to-zip-file-unsolicited-d1ee2859
Attachment: PDF with credential theft language and link to a free subdomain (unsolicited)
Sublime Security
8 months ago
Jan 30th, 2024
/feeds/core/detection-rules/attachment-pdf-with-credential-theft-language-and-link-to-a-free-subdomain-unsolicited-90f4ef4e
Attachment: PDF with suspicious language and redirect to suspicious file type
Sublime Security
4 months ago
May 22nd, 2024
/feeds/core/detection-rules/attachment-pdf-with-suspicious-language-and-redirect-to-suspicious-file-type-adda3c3f
Attachment: QR code with credential phishing indicators
Sublime Security
2 months ago
Jul 29th, 2024
/feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1
Attachment: RFC822 containing suspicious file sharing language with links from untrusted sender
Sublime Security
5 months ago
Apr 3rd, 2024
/feeds/core/detection-rules/attachment-rfc822-containing-suspicious-file-sharing-language-with-links-from-untrusted-sender-d96854d7
Attachment: RFP/RFQ impersonating government entities
Sublime Security
8 months ago
Jan 30th, 2024
/feeds/core/detection-rules/attachment-rfprfq-impersonating-government-entities-3b73e3b3
BEC: Employee impersonation with subject manipulation
Sublime Security
8 months ago
Jan 22nd, 2024
/feeds/core/detection-rules/bec-employee-impersonation-with-subject-manipulation-9adfc77b
BEC/Fraud: Generic Scam attempt to Undisclosed Receipients
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/becfraud-generic-scam-attempt-to-undisclosed-receipients-5dac401f
BEC/Fraud - Job Scam Fake thread or plaintext pivot to freemail
Sublime Security
8 months ago
Jan 8th, 2024
/feeds/core/detection-rules/becfraud-job-scam-fake-thread-or-plaintext-pivot-to-freemail-ce21c151
BEC with unusual Reply-to or Return-path mismatch
Sublime Security
19 days ago
Aug 27th, 2024
/feeds/core/detection-rules/bec-with-unusual-reply-to-or-return-path-mismatch-83e5e2df
Brand impersonation: Amazon with suspicious attachment
Sublime Security
4 months ago
May 3rd, 2024
/feeds/core/detection-rules/brand-impersonation-amazon-with-suspicious-attachment-5751dcb9
Brand impersonation: Aramco
Sublime Security
3 months ago
Jun 20th, 2024
/feeds/core/detection-rules/brand-impersonation-aramco-96e87699
Brand impersonation: Binance
Sublime Security
4 months ago
May 3rd, 2024
/feeds/core/detection-rules/brand-impersonation-binance-c3302a76
Brand Impersonation: Chase bank with credential phishing indicators
Sublime Security
5 months ago
Apr 25th, 2024
/feeds/core/detection-rules/brand-impersonation-chase-bank-with-credential-phishing-indicators-d9577856
Brand impersonation: DocuSign image attachment lure with no DocuSign links
Sublime Security
25 days ago
Aug 21st, 2024
/feeds/core/detection-rules/brand-impersonation-docusign-image-attachment-lure-with-no-docusign-links-814a5694
Brand Impersonation: Exodus
Sublime Security
5 months ago
Apr 25th, 2024
/feeds/core/detection-rules/brand-impersonation-exodus-40c77ecc
Brand impersonation: Microsoft logo or suspicious language with open redirect
Sublime Security
6 months ago
Mar 7th, 2024
/feeds/core/detection-rules/brand-impersonation-microsoft-logo-or-suspicious-language-with-open-redirect-27b8d8d8
Brand Impersonation: Microsoft Planner With Suspicious Link
Sublime Security
19 days ago
Aug 27th, 2024
/feeds/core/detection-rules/brand-impersonation-microsoft-planner-with-suspicious-link-ea363c08
Brand impersonation: Microsoft quarantine release notification in image attachment
Sublime Security
3 months ago
Jun 27th, 2024
/feeds/core/detection-rules/brand-impersonation-microsoft-quarantine-release-notification-in-image-attachment-185db6b3
Brand impersonation: Microsoft with embedded logo and credential theft language
Sublime Security
3 months ago
Jun 28th, 2024
/feeds/core/detection-rules/brand-impersonation-microsoft-with-embedded-logo-and-credential-theft-language-3ee9ef3d
Brand impersonation: Microsoft with low reputation links
Sublime Security
a month ago
Aug 2nd, 2024
/feeds/core/detection-rules/brand-impersonation-microsoft-with-low-reputation-links-b59201b6
Brand impersonation: Sharepoint
Sublime Security
4 months ago
May 6th, 2024
/feeds/core/detection-rules/brand-impersonation-sharepoint-284b1b70
Brand impersonation: USPS
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/brand-impersonation-usps-28b9130a
Brand impersonation: Wise
Sublime Security
2 days ago
Sep 13th, 2024
/feeds/core/detection-rules/brand-impersonation-wise-01480f95
Business Email Compromise (BEC) attempt from untrusted sender
Sublime Security
3 months ago
Jun 24th, 2024
/feeds/core/detection-rules/business-email-compromise-bec-attempt-from-untrusted-sender-96d4c35a
Business Email Compromise (BEC) with request for mobile number
Sublime Security
17 days ago
Aug 29th, 2024
/feeds/core/detection-rules/business-email-compromise-bec-with-request-for-mobile-number-514ffd68
Callback Phishing: Branded invoice from sender/reply-to domain less than 30 days old
Sublime Security
5 months ago
Apr 25th, 2024
/feeds/core/detection-rules/callback-phishing-branded-invoice-from-senderreply-to-domain-less-than-30-days-old-e6f4af53
Callback Phishing in body or attachment (untrusted sender)
Sublime Security
a month ago
Aug 7th, 2024
/feeds/core/detection-rules/callback-phishing-in-body-or-attachment-untrusted-sender-b93c6f94
Callback Phishing via extensionless rfc822 attachment
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/callback-phishing-via-extensionless-rfc822-attachment-197722c4
Callback phishing via Google Group abuse
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/callback-phishing-via-google-group-abuse-199d873b
Commonly abused sender TLD with engaging language
Sublime Security
a month ago
Aug 16th, 2024