Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Sep 13th, 2024
Feed Source
Detection Method is
Rule Name & Severity | Author | Last Updated | Labels | |
---|---|---|---|---|
Attachment: Adobe image lure in body or attachment with suspicious link | Sublime Security | a month ago Aug 7th, 2024 | /feeds/core/detection-rules/attachment-adobe-image-lure-in-body-or-attachment-with-suspicious-link-1d7add81 | |
Attachment: Calendar invite with suspicious link leading to an open redirect | Sublime Security | 5 months ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-calendar-invite-with-suspicious-link-leading-to-an-open-redirect-5d6294c7 | |
Attachment: Callback Phishing solicitation via image file | @vector_sec | 3 months ago Jun 12th, 2024 | /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36 | |
Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d | Sublime Security | 5 months ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282 | |
Attachment: EML file with IPFS links | Sublime Security | 5 months ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-eml-file-with-ipfs-links-1fe9d7e7 | |
Attachment: EML with link to credential phishing page | Sublime Security | 2 days ago Sep 13th, 2024 | /feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca | |
Attachment: Fake Slack installer | Sublime Security | 10 months ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f | |
Attachment: Fake Zoom installer | Sublime Security | 10 months ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6 | |
Attachment: HTML smuggling 'body onload' linking to suspicious destination | Sublime Security | a year ago Sep 22nd, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-body-onload-linking-to-suspicious-destination-c1e2beed | |
Attachment: HTML Smuggling Microsoft Sign In | Sublime Security | 8 months ago Jan 31st, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385 | |
Attachment: HTML smuggling - QR Code with suspicious links | Sublime Security | 5 months ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-qr-code-with-suspicious-links-010e757d | |
Attachment: HTML smuggling with atob and high entropy | Sublime Security | 17 days ago Aug 29th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-03fcac11 | |
Attachment: HTML smuggling with auto-downloaded file | Sublime Security | a year ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-auto-downloaded-file-abf724f5 | |
Attachment: Office document loads remote document template | Sublime Security | 7 months ago Feb 12th, 2024 | /feeds/core/detection-rules/attachment-office-document-loads-remote-document-template-d9601104 | |
Attachment: Office Document with VSTO Add-in | @vector_sec | 8 months ago Jan 11th, 2024 | /feeds/core/detection-rules/attachment-office-document-with-vsto-add-in-27afa730 | |
Attachment: Office file contains OLE relationship to credential phishing page | Sublime Security | 5 months ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-office-file-contains-ole-relationship-to-credential-phishing-page-d55793d0 | |
Attachment: PDF file with Link to Fake Bitcoin Exchange | Sublime Security | a year ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-pdf-file-with-link-to-fake-bitcoin-exchange-47601cb7 | |
Attachment: PDF file with low reputation link to ZIP file (unsolicited) | Michael Tingle | 4 months ago May 3rd, 2024 | /feeds/core/detection-rules/attachment-pdf-file-with-low-reputation-link-to-zip-file-unsolicited-d1ee2859 | |
Attachment: PDF with credential theft language and link to a free subdomain (unsolicited) | Sublime Security | 8 months ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-pdf-with-credential-theft-language-and-link-to-a-free-subdomain-unsolicited-90f4ef4e | |
Attachment: PDF with link to DMG file download | Sublime Security | 5 months ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-pdf-with-link-to-dmg-file-download-2c486fe0 | |
Attachment: PDF with link to zip containing a wsf file | Sublime Security | 5 months ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-pdf-with-link-to-zip-containing-a-wsf-file-93bc7db4 | |
Attachment: PDF with suspicious language and redirect to suspicious file type | Sublime Security | 4 months ago May 22nd, 2024 | /feeds/core/detection-rules/attachment-pdf-with-suspicious-language-and-redirect-to-suspicious-file-type-adda3c3f | |
Attachment: QR code with credential phishing indicators | Sublime Security | 2 months ago Jul 29th, 2024 | /feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1 | |
Attachment: RTF file with suspicious link | Sublime Security | a month ago Aug 2nd, 2024 | /feeds/core/detection-rules/attachment-rtf-file-with-suspicious-link-c848f9aa | |
Attachment: Small text file with link containing recipient email address | Sublime Security | 4 months ago May 14th, 2024 | /feeds/core/detection-rules/attachment-small-text-file-with-link-containing-recipient-email-address-c0472c9d | |
Brand Impersonation: Chase bank with credential phishing indicators | Sublime Security | 5 months ago Apr 25th, 2024 | /feeds/core/detection-rules/brand-impersonation-chase-bank-with-credential-phishing-indicators-d9577856 | |
Brand Impersonation: Coinbase with suspicious links | Sublime Security | 10 months ago Nov 18th, 2023 | /feeds/core/detection-rules/brand-impersonation-coinbase-with-suspicious-links-b61e2f8e | |
Brand impersonation: DocuSign | Sublime Security | 10 days ago Sep 5th, 2024 | /feeds/core/detection-rules/brand-impersonation-docusign-4d29235c | |
Brand Impersonation: Fake DocuSign HTML table not linking to DocuSign domains | Sublime Security | 4 months ago May 7th, 2024 | /feeds/core/detection-rules/brand-impersonation-fake-docusign-html-table-not-linking-to-docusign-domains-28923dde | |
Brand impersonation: Fake fax | Sublime Security | 7 months ago Feb 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-fake-fax-2a96b90a | |
Brand impersonation: Google fake sign-in warning | Sublime Security | a year ago Aug 21st, 2023 | /feeds/core/detection-rules/brand-impersonation-google-fake-sign-in-warning-2d998eee | |
Brand impersonation: Microsoft logo or suspicious language with open redirect | Sublime Security | 6 months ago Mar 7th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-logo-or-suspicious-language-with-open-redirect-27b8d8d8 | |
Brand Impersonation: Microsoft Planner With Suspicious Link | Sublime Security | 19 days ago Aug 27th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-planner-with-suspicious-link-ea363c08 | |
Brand impersonation: Microsoft with low reputation links | Sublime Security | a month ago Aug 2nd, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-with-low-reputation-links-b59201b6 | |
Brand impersonation: Sharepoint fake file share | Sublime Security | 10 days ago Sep 5th, 2024 | /feeds/core/detection-rules/brand-impersonation-sharepoint-fake-file-share-ff8b296b | |
Brand Impersonation: Stripe Notification | Sublime Security | 19 days ago Aug 27th, 2024 | /feeds/core/detection-rules/brand-impersonation-stripe-notification-3ffd2b03 | |
Callback Phishing via DocuSign comment | Sublime Security | 2 months ago Jul 26th, 2024 | /feeds/core/detection-rules/callback-phishing-via-docusign-comment-48aec918 | |
Commonly abused sender TLD with engaging language | Sublime Security | a month ago Aug 16th, 2024 | /feeds/core/detection-rules/commonly-abused-sender-tld-with-engaging-language-447386dc | |
Credential phishing content and link (untrusted sender) | Sublime Security | 2 months ago Jul 29th, 2024 | /feeds/core/detection-rules/credential-phishing-content-and-link-untrusted-sender-f0c95bb7 | |
Credential phishing: Engaging language and other indicators (untrusted sender) | Sublime Security | 2 days ago Sep 13th, 2024 | /feeds/core/detection-rules/credential-phishing-engaging-language-and-other-indicators-untrusted-sender-c2bc8ca2 | |
Credential phishing: Engaging language with IPFS link | Sublime Security | 4 months ago May 3rd, 2024 | /feeds/core/detection-rules/credential-phishing-engaging-language-with-ipfs-link-996c4d83 | |
Credential Phishing: Hyper-linked image leading to free file host | Sublime Security | 4 months ago May 2nd, 2024 | /feeds/core/detection-rules/credential-phishing-hyper-linked-image-leading-to-free-file-host-f5cb1eca | |
Credential phishing language and suspicious indicators (unknown sender) | Sublime Security | 2 months ago Jul 29th, 2024 |