Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated May 15th, 2024
Feed Source
Detection Method is
Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Adobe branded PDF file linking to a password-protected file from untrusted sender | Sublime Security | 3 months ago Feb 23rd, 2024 | /feeds/core/detection-rules/adobe-branded-pdf-file-linking-to-a-password-protected-file-from-untrusted-sender-5ea75469 | |
Advance Fee Fraud (AFF) from freemail provider or suspicious TLD | Sublime Security | 3 months ago Feb 23rd, 2024 | /feeds/core/detection-rules/advance-fee-fraud-aff-from-freemail-provider-or-suspicious-tld-6a5af373 | |
AnonymousFox Indicators | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/anonymousfox-indicators-2506206e | |
Attachment: Adobe image lure with suspicious link | Sublime Security | 13 days ago May 2nd, 2024 | /feeds/core/detection-rules/attachment-adobe-image-lure-with-suspicious-link-1d7add81 | |
Attachment: Any HTML file (unsolicited) | Sublime Security | 22 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-any-html-file-unsolicited-ef36763f | |
Attachment: Any HTML file (untrusted sender) | Sublime Security | 22 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-any-html-file-untrusted-sender-57a8f5c5 | |
Attachment: Callback Phishing solicitation via image file | @vector_sec | a month ago Apr 2nd, 2024 | /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36 | |
Attachment: Callback Phishing solicitation via pdf file | Sublime Security | 9 hours ago May 15th, 2024 | /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097 | |
Attachment: Callback Phishing solicitation via text file with a large unknown recipient list | Sublime Security | a month ago Apr 8th, 2024 | /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-text-file-with-a-large-unknown-recipient-list-ca39c83a | |
Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d | Sublime Security | 20 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282 | |
Attachment: Double Base64-encoded Zip File in HTML Smuggling Attachment | @ajpc500 | 7 months ago Oct 4th, 2023 | /feeds/core/detection-rules/attachment-double-base64-encoded-zip-file-in-html-smuggling-attachment-61ebb07b | |
Attachment: Dropbox image lure with no Dropbox domains in links | Sublime Security | 4 months ago Jan 23rd, 2024 | /feeds/core/detection-rules/attachment-dropbox-image-lure-with-no-dropbox-domains-in-links-500eee2d | |
Attachment: Embedded Javascript in SVG file (unsolicited) | Sublime Security | 7 months ago Oct 4th, 2023 | /feeds/core/detection-rules/attachment-embedded-javascript-in-svg-file-unsolicited-f70293bc | |
Attachment: Embedded VBScript in MHT file (unsolicited) | Sublime Security | 7 months ago Oct 4th, 2023 | /feeds/core/detection-rules/attachment-embedded-vbscript-in-mht-file-unsolicited-b30353a6 | |
Attachment: EML containing a base64 encoded script | Sublime Security | 3 months ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-eml-containing-a-base64-encoded-script-fc3d9445 | |
Attachment: EML file contains HTML attachment with login portal indicators | Sublime Security | 7 months ago Oct 19th, 2023 | /feeds/core/detection-rules/attachment-eml-file-contains-html-attachment-with-login-portal-indicators-6e4df158 | |
Attachment: EML file with HTML attachment (unsolicited) | Sublime Security | 6 months ago Nov 14th, 2023 | /feeds/core/detection-rules/attachment-eml-file-with-html-attachment-unsolicited-c24fd191 | |
Attachment: Emotet heavily padded doc in zip file | Sublime Security | 7 months ago Oct 4th, 2023 | /feeds/core/detection-rules/attachment-emotet-heavily-padded-doc-in-zip-file-9a5332ed | |
Attachment: Encrypted Microsoft Office file (unsolicited) | Sublime Security | 5 months ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-encrypted-microsoft-office-file-unsolicited-1e47e953 | |
Attachment: Fake scan-to-email | Sublime Security | a day ago May 14th, 2024 | /feeds/core/detection-rules/attachment-fake-scan-to-email-ea850cc1 | |
Attachment: Fake secure message and suspicious indicators | Sublime Security | 13 days ago May 2nd, 2024 | /feeds/core/detection-rules/attachment-fake-secure-message-and-suspicious-indicators-20a34d94 | |
Attachment: File execution via Javascript | Sublime Security | 5 months ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-file-execution-via-javascript-627ae0b1 | |
Attachment: HTML Attachment with Login Portal Indicators | @ajpc500 | 22 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-html-attachment-with-login-portal-indicators-3aabf4a7 | |
Attachment: HTML Smuggling Microsoft Sign In | Sublime Security | 4 months ago Jan 31st, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385 | |
Attachment: HTML smuggling - QR Code with suspicious links | Sublime Security | 20 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-qr-code-with-suspicious-links-010e757d | |
Attachment: HTML smuggling with atob and high entropy | Sublime Security | 22 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-03fcac11 | |
Attachment: HTML smuggling with auto-downloaded file | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-auto-downloaded-file-abf724f5 | |
Attachment: HTML smuggling with embedded base64-encoded ISO | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-iso-294ecd2d | |
Attachment: Microsoft 365 Credential Phishing | Sublime Security | 22 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-microsoft-365-credential-phishing-edce0229 | |
Attachment: Microsoft impersonation via PDF with link and suspicious language | Sublime Security | 13 days ago May 2nd, 2024 | /feeds/core/detection-rules/attachment-microsoft-impersonation-via-pdf-with-link-and-suspicious-language-70d41c7f | |
Attachment: Office Document with VSTO Add-in | @vector_sec | 4 months ago Jan 11th, 2024 | /feeds/core/detection-rules/attachment-office-document-with-vsto-add-in-27afa730 | |
Attachment: OLE external relationship containing file scheme link to executable filetype | Sublime Security | a month ago Apr 4th, 2024 | /feeds/core/detection-rules/attachment-ole-external-relationship-containing-file-scheme-link-to-executable-filetype-33bf6fd4 | |
Attachment: OLE external relationship containing file scheme link to IP address | Sublime Security | a month ago Apr 12th, 2024 | /feeds/core/detection-rules/attachment-ole-external-relationship-containing-file-scheme-link-to-ip-address-3aab998c | |
Attachment: PDF file with Link to Fake Bitcoin Exchange | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-pdf-file-with-link-to-fake-bitcoin-exchange-47601cb7 | |
Attachment: PDF file with low reputation links to suspicious filetypes (unsolicited) | Sublime Security | 12 days ago May 3rd, 2024 | /feeds/core/detection-rules/attachment-pdf-file-with-low-reputation-links-to-suspicious-filetypes-unsolicited-6144f880 | |
Attachment: PDF file with low reputation link to ZIP file (unsolicited) | Michael Tingle | 12 days ago May 3rd, 2024 | /feeds/core/detection-rules/attachment-pdf-file-with-low-reputation-link-to-zip-file-unsolicited-d1ee2859 | |
Attachment: PDF with credential theft language and link to a free subdomain (unsolicited) | Sublime Security | 3 months ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-pdf-with-credential-theft-language-and-link-to-a-free-subdomain-unsolicited-90f4ef4e | |
Attachment: QR code with credential phishing indicators | Sublime Security | 20 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1 | |
Attachment: RFC822 containing suspicious file sharing language with links from untrusted sender | Sublime Security | a month ago Apr 3rd, 2024 | /feeds/core/detection-rules/attachment-rfc822-containing-suspicious-file-sharing-language-with-links-from-untrusted-sender-d96854d7 | |
Attachment: RFP/RFQ impersonating government entities | Sublime Security | 4 months ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-rfprfq-impersonating-government-entities-3b73e3b3 | |
Attachment soliciting user to enable macros | Sublime Security | 5 months ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-soliciting-user-to-enable-macros-e9d75515 | |
Attachment with auto-executing macro (unsolicited) | Sublime Security | 5 months ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-with-auto-executing-macro-unsolicited-af6624c3 | |
Attachment with auto-opening VBA macro (unsolicited) | Sublime Security | 5 months ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-with-auto-opening-vba-macro-unsolicited-d48b3e53 | |
Attachment with encrypted zip (unsolicited) | Sublime Security | 6 months ago Nov 25th, 2023 | /feeds/core/detection-rules/attachment-with-encrypted-zip-unsolicited-697c87ae | |
Attachment with high risk VBA macro (unsolicited) | Sublime Security | 5 months ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-with-high-risk-vba-macro-unsolicited-a2b20e16 | |
Attachment with suspicious author (unsolicited) | Sublime Security | 7 months ago Oct 4th, 2023 | /feeds/core/detection-rules/attachment-with-suspicious-author-unsolicited-40f518b9 | |
Attachment with unscannable encrypted zip (unsolicited) | Sublime Security | 6 months ago Nov 1st, 2023 | /feeds/core/detection-rules/attachment-with-unscannable-encrypted-zip-unsolicited-529d4a9a | |
Attachment with VBA macros from employee impersonation (unsolicited) | Sublime Security | 3 months ago Feb 26th, 2024 | /feeds/core/detection-rules/attachment-with-vba-macros-from-employee-impersonation-unsolicited-9b262123 | |
BEC: Employee impersonation with subject manipulation | Sublime Security | 4 months ago Jan 22nd, 2024 | /feeds/core/detection-rules/bec-employee-impersonation-with-subject-manipulation-9adfc77b | |
BEC/Fraud: Generic Scam attempt to Undisclosed Receipients | Sublime Security | 22 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/becfraud-generic-scam-attempt-to-undisclosed-receipients-5dac401f |