Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated May 15th, 2024
Feed Source
Detection Method is
Rule Name & Severity | Author | Last Updated | Labels | |
---|---|---|---|---|
Attachment: Adobe image lure with suspicious link | Sublime Security | 12 days ago May 2nd, 2024 | /feeds/core/detection-rules/attachment-adobe-image-lure-with-suspicious-link-1d7add81 | |
Attachment: Calendar invite with suspicious link leading to an open redirect | Sublime Security | 19 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-calendar-invite-with-suspicious-link-leading-to-an-open-redirect-5d6294c7 | |
Attachment: Callback Phishing solicitation via image file | @vector_sec | a month ago Apr 2nd, 2024 | /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36 | |
Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d | Sublime Security | 19 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282 | |
Attachment: EML file with IPFS links | Sublime Security | 19 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-eml-file-with-ipfs-links-1fe9d7e7 | |
Attachment: EML with link to credential phishing page | Sublime Security | 8 days ago May 6th, 2024 | /feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca | |
Attachment: Fake Slack installer | Sublime Security | 5 months ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f | |
Attachment: Fake Zoom installer | Sublime Security | 5 months ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6 | |
Attachment: HTML smuggling 'body onload' linking to suspicious destination | Sublime Security | 8 months ago Sep 22nd, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-body-onload-linking-to-suspicious-destination-c1e2beed | |
Attachment: HTML Smuggling Microsoft Sign In | Sublime Security | 3 months ago Jan 31st, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385 | |
Attachment: HTML smuggling - QR Code with suspicious links | Sublime Security | 19 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-qr-code-with-suspicious-links-010e757d | |
Attachment: HTML smuggling with atob and high entropy | Sublime Security | 21 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-03fcac11 | |
Attachment: HTML smuggling with auto-downloaded file | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-auto-downloaded-file-abf724f5 | |
Attachment: Office document loads remote document template | Sublime Security | 3 months ago Feb 12th, 2024 | /feeds/core/detection-rules/attachment-office-document-loads-remote-document-template-d9601104 | |
Attachment: Office Document with VSTO Add-in | @vector_sec | 4 months ago Jan 11th, 2024 | /feeds/core/detection-rules/attachment-office-document-with-vsto-add-in-27afa730 | |
Attachment: Office file contains OLE relationship to credential phishing page | Sublime Security | 19 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-office-file-contains-ole-relationship-to-credential-phishing-page-d55793d0 | |
Attachment: PDF file with Link to Fake Bitcoin Exchange | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-pdf-file-with-link-to-fake-bitcoin-exchange-47601cb7 | |
Attachment: PDF file with low reputation link to ZIP file (unsolicited) | Michael Tingle | 11 days ago May 3rd, 2024 | /feeds/core/detection-rules/attachment-pdf-file-with-low-reputation-link-to-zip-file-unsolicited-d1ee2859 | |
Attachment: PDF with credential theft language and link to a free subdomain (unsolicited) | Sublime Security | 3 months ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-pdf-with-credential-theft-language-and-link-to-a-free-subdomain-unsolicited-90f4ef4e | |
Attachment: PDF with link to DMG file download | Sublime Security | 19 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-pdf-with-link-to-dmg-file-download-2c486fe0 | |
Attachment: PDF with link to zip containing a wsf file | Sublime Security | 19 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-pdf-with-link-to-zip-containing-a-wsf-file-93bc7db4 | |
Attachment: PDF with suspicious language and redirect to suspicious file type | Sublime Security | 19 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-pdf-with-suspicious-language-and-redirect-to-suspicious-file-type-adda3c3f | |
Attachment: QR code with credential phishing indicators | Sublime Security | 19 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1 | |
Attachment: Small text file with link containing recipient email address | Sublime Security | 10 hours ago May 14th, 2024 | /feeds/core/detection-rules/attachment-small-text-file-with-link-containing-recipient-email-address-c0472c9d | |
Brand Impersonation: Chase bank with credential phishing indicators | Sublime Security | 19 days ago Apr 25th, 2024 | /feeds/core/detection-rules/brand-impersonation-chase-bank-with-credential-phishing-indicators-d9577856 | |
Brand Impersonation: Coinbase with suspicious links | Sublime Security | 6 months ago Nov 18th, 2023 | /feeds/core/detection-rules/brand-impersonation-coinbase-with-suspicious-links-b61e2f8e | |
Brand impersonation: DocuSign | Sublime Security | 21 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-docusign-4d29235c | |
Brand Impersonation: Fake DocuSign HTML table not linking to DocuSign domains | Sublime Security | 7 days ago May 7th, 2024 | /feeds/core/detection-rules/brand-impersonation-fake-docusign-html-table-not-linking-to-docusign-domains-28923dde | |
Brand impersonation: Fake fax | Sublime Security | 3 months ago Feb 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-fake-fax-2a96b90a | |
Brand impersonation: Google fake sign-in warning | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/brand-impersonation-google-fake-sign-in-warning-2d998eee | |
Brand impersonation: Microsoft logo or suspicious language with open redirect | Sublime Security | 2 months ago Mar 7th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-logo-or-suspicious-language-with-open-redirect-27b8d8d8 | |
Brand impersonation: Microsoft with low reputation links | Sublime Security | 5 days ago May 9th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-with-low-reputation-links-b59201b6 | |
Brand impersonation: Sharepoint fake file share | Sublime Security | 21 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-sharepoint-fake-file-share-ff8b296b | |
Callback Phishing via DocuSign comment | Sublime Security | a day ago May 13th, 2024 | /feeds/core/detection-rules/callback-phishing-via-docusign-comment-48aec918 | |
Commonly abused sender TLD with engaging language | Sublime Security | 11 days ago May 3rd, 2024 | /feeds/core/detection-rules/commonly-abused-sender-tld-with-engaging-language-447386dc | |
Credential phishing content and link (untrusted sender) | Sublime Security | 5 days ago May 9th, 2024 | /feeds/core/detection-rules/credential-phishing-content-and-link-untrusted-sender-f0c95bb7 | |
Credential phishing: Engaging language and other indicators (untrusted sender) | Sublime Security | 12 days ago May 2nd, 2024 | /feeds/core/detection-rules/credential-phishing-engaging-language-and-other-indicators-untrusted-sender-c2bc8ca2 | |
Credential phishing: Engaging language with IPFS link | Sublime Security | 11 days ago May 3rd, 2024 | /feeds/core/detection-rules/credential-phishing-engaging-language-with-ipfs-link-996c4d83 | |
Credential Phishing: Hyper-linked image leading to free file host | Sublime Security | 13 days ago May 2nd, 2024 | /feeds/core/detection-rules/credential-phishing-hyper-linked-image-leading-to-free-file-host-f5cb1eca | |
Credential phishing language and suspicious indicators (unknown sender) | Sublime Security | 19 days ago Apr 25th, 2024 | /feeds/core/detection-rules/credential-phishing-language-and-suspicious-indicators-unknown-sender-89c186f7 | |
Credential phishing link (unknown sender) | Sublime Security | 19 days ago Apr 25th, 2024 | /feeds/core/detection-rules/credential-phishing-link-unknown-sender-a278012b | |
Credential Phishing: Suspicious language, link, recipients and other indicators | Sublime Security | 3 months ago Feb 23rd, 2024 | /feeds/core/detection-rules/credential-phishing-suspicious-language-link-recipients-and-other-indicators-dcb39190 | |
Fake message thread with a suspicious link and engaging language from an unknown sender | Sublime Security | 21 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/fake-message-thread-with-a-suspicious-link-and-engaging-language-from-an-unknown-sender-8fd0e211 | |
Fake scan-to-email message | Sublime Security | 3 months ago Feb 7th, 2024 | /feeds/core/detection-rules/fake-scan-to-email-message-78851fbe | |
Fake voicemail notification (untrusted sender) | Sublime Security | 11 days ago May 3rd, 2024 | /feeds/core/detection-rules/fake-voicemail-notification-untrusted-sender-74ba7787 | |
File sharing link from suspicious sender domain | Sublime Security | 5 months ago Dec 15th, 2023 | /feeds/core/detection-rules/file-sharing-link-from-suspicious-sender-domain-95f20354 | |
File sharing link with a suspicious subject | Sublime Security | 21 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/file-sharing-link-with-a-suspicious-subject-a306e2a6 | |
Free subdomain link with credential theft indicators | Sublime Security | 19 days ago Apr 25th, 2024 | /feeds/core/detection-rules/free-subdomain-link-with-credential-theft-indicators-9187479c | |
Google Accelerated Mobile Pages (AMP) abuse | Sublime Security | 19 days ago Apr 25th, 2024 | /feeds/core/detection-rules/google-accelerated-mobile-pages-amp-abuse-46907029 | |
Google Drive abuse: Credential phishing link | Sublime Security | 19 days ago Apr 25th, 2024 | /feeds/core/detection-rules/google-drive-abuse-credential-phishing-link-c74aece0 |