Sublime Core Feed

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated May 16th, 2024

Feed Source

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d	Sublime Security	25 days ago Apr 25th, 2024	Credential Phishing Impersonation: Brand PDF Social engineering Header analysis Sender analysis URL analysis File analysis Computer Vision Whois	/feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282
Brand impersonation: Microsoft fake sign-in alert	Sublime Security	25 days ago Apr 25th, 2024	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Header analysis Sender analysis Whois	/feeds/core/detection-rules/brand-impersonation-microsoft-fake-sign-in-alert-3f4c9e7a
Brand impersonation: Silicon Valley Bank	Sublime Security	25 days ago Apr 25th, 2024	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Sender analysis Whois	/feeds/core/detection-rules/brand-impersonation-silicon-valley-bank-a01f61d9
Callback Phishing: Branded invoice from sender/reply-to domain less than 30 days old	Sublime Security	25 days ago Apr 25th, 2024	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Header analysis Natural Language Understanding Optical Character Recognition Whois	/feeds/core/detection-rules/callback-phishing-branded-invoice-from-senderreply-to-domain-less-than-30-days-old-e6f4af53
Impersonation: Suspected supplier impersonation with suspicious content	Sublime Security	5 days ago May 15th, 2024	BEC/Fraud Evasion Free email provider Lookalike domain Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis Whois	/feeds/core/detection-rules/impersonation-suspected-supplier-impersonation-with-suspicious-content-63d8b1ce
Link: Google Firebase Dynamic Link that Redirects to New Domain (<7 days old)	@ajpc500	25 days ago Apr 25th, 2024	Credential Phishing Malware/Ransomware Evasion URL analysis Whois	/feeds/core/detection-rules/link-google-firebase-dynamic-link-that-redirects-to-new-domain-less7-days-old-5a204a37
New link domain (<=10d) from untrusted sender	Sublime Security	25 days ago Apr 25th, 2024	Credential Phishing Malware/Ransomware Sender analysis URL analysis Whois	/feeds/core/detection-rules/new-link-domain-less10d-from-untrusted-sender-4805b0e6
New sender domain (<=10d) from untrusted sender	Sublime Security	25 days ago Apr 25th, 2024	Sender analysis Whois	/feeds/core/detection-rules/new-sender-domain-less10d-from-untrusted-sender-d87fa543
Spam: Fake photo share	Sublime Security	10 days ago May 10th, 2024	Spam Evasion Social engineering Content analysis Sender analysis URL analysis Whois	/feeds/core/detection-rules/spam-fake-photo-share-eb086f7d
Spam: New link domain (<=10d) and emojis	Sublime Security	25 days ago Apr 25th, 2024	Spam Free email provider Content analysis Sender analysis URL analysis Whois	/feeds/core/detection-rules/spam-new-link-domain-less10d-and-emojis-33677993
Suspicious newly registered reply-to domain with engaging financial or urgent language	Sublime Security	25 days ago Apr 25th, 2024	BEC/Fraud Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis Whois	/feeds/core/detection-rules/suspicious-newly-registered-reply-to-domain-with-engaging-financial-or-urgent-language-db4d9bb3
VIP impersonation: Fake thread with display name match, email mismatch	Sublime Security	11 days ago May 9th, 2024	BEC/Fraud Evasion Impersonation: VIP Social engineering Spoofing Content analysis Header analysis Sender analysis Whois	/feeds/core/detection-rules/vip-impersonation-fake-thread-with-display-name-match-email-mismatch-11cc3e28

12 Rules