Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated May 23rd, 2025
Feed Source
Tactic or Technique is
Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Attachment: Calendar invite with suspicious link leading to an open redirect | Sublime Security | 1y ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-calendar-invite-with-suspicious-link-leading-to-an-open-redirect-5d6294c7 | |
Attachment: Link to Doubleclick.net Open Redirect | Sublime Security | 7mo ago Oct 24th, 2024 | /feeds/core/detection-rules/attachment-link-to-doubleclicknet-open-redirect-506c16cc | |
Brand impersonation: Microsoft logo or suspicious language with open redirect | Sublime Security | 1y ago Mar 7th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-logo-or-suspicious-language-with-open-redirect-27b8d8d8 | |
Constant Contact link infrastructure abuse | Sublime Security | 4mo ago Jan 11th, 2025 | /feeds/core/detection-rules/constant-contact-link-infrastructure-abuse-8c5e8e4c | |
Fake Zoho Sign template abuse | Sublime Security | 7mo ago Sep 30th, 2024 | /feeds/core/detection-rules/fake-zoho-sign-template-abuse-785fd0d5 | |
Google Accelerated Mobile Pages (AMP) abuse | Sublime Security | 1y ago Apr 25th, 2024 | /feeds/core/detection-rules/google-accelerated-mobile-pages-amp-abuse-46907029 | |
Google Presentation Open Redirect Phishing | Sublime Security | 29d ago Apr 24th, 2025 | /feeds/core/detection-rules/google-presentation-open-redirect-phishing-5d01ee3a | |
Image as content with a link to an open redirect (unsolicited) | Sublime Security | 1y ago Apr 23rd, 2024 | /feeds/core/detection-rules/image-as-content-with-a-link-to-an-open-redirect-unsolicited-f5cec36b | |
Link: Google Calendar invite linking to an open redirect from an untrusted freemail sender | Sublime Security | 7mo ago Oct 10th, 2024 | /feeds/core/detection-rules/link-google-calendar-invite-linking-to-an-open-redirect-from-an-untrusted-freemail-sender-bb4f1ea9 | |
Link: Google Translate (unsolicited) | @ajpc500 | 2y ago Nov 14th, 2023 | /feeds/core/detection-rules/link-google-translate-unsolicited-6949e115 | |
Link: QR code in EML attachment with credential phishing indicators | Sublime Security | 1y ago Apr 25th, 2024 | /feeds/core/detection-rules/link-qr-code-in-eml-attachment-with-credential-phishing-indicators-9908ed3a | |
Link: Referrer Anonymization Service From Untrusted Sender | Sublime Security | 2mo ago Mar 12th, 2025 | /feeds/core/detection-rules/link-referrer-anonymization-service-from-untrusted-sender-9fab2e1e | |
Link to Google Apps Script macro (unsolicited) | Sublime Security | 2y ago Oct 4th, 2023 | /feeds/core/detection-rules/link-to-google-apps-script-macro-unsolicited-d10146df | |
Low reputation link to auto-downloaded HTML file with smuggling indicators | Sublime Security | 1y ago May 9th, 2024 | /feeds/core/detection-rules/low-reputation-link-to-auto-downloaded-html-file-with-smuggling-indicators-339676c6 | |
Open Redirect: adnxs.com | Sublime Security | 25d ago Apr 28th, 2025 | /feeds/core/detection-rules/open-redirect-adnxscom-7fc92916 | |
Open Redirect: agena-smile.com | Sublime Security | 2mo ago Mar 18th, 2025 | /feeds/core/detection-rules/open-redirect-agena-smilecom-4a8ebce6 | |
Open Redirect: amaterasu-for-website-5.com | Sublime Security | 2mo ago Mar 18th, 2025 | /feeds/core/detection-rules/open-redirect-amaterasu-for-website-5com-d31f7cb8 | |
Open Redirect: api.spently.com | Sublime Security | 3mo ago Feb 6th, 2025 | /feeds/core/detection-rules/open-redirect-apispentlycom-69740e97 | |
Open redirect: Artisteer | Sublime Security | 8mo ago Sep 11th, 2024 | /feeds/core/detection-rules/open-redirect-artisteer-1f65eec3 | |
Open Redirect: artkaderne | Sublime Security | 9mo ago Aug 23rd, 2024 | /feeds/core/detection-rules/open-redirect-artkaderne-cc16a3f4 | |
Open Redirect: astroarts.co.jp | Sublime Security | 3mo ago Feb 6th, 2025 | /feeds/core/detection-rules/open-redirect-astroartscojp-6dd617af | |
Open redirect: Atdmt | @vector_sec | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/open-redirect-atdmt-fafbd230 | |
Open redirect: Avast | Sublime Security | 2y ago Oct 4th, 2023 | /feeds/core/detection-rules/open-redirect-avast-5f635658 | |
Open Redirect: bestdeals.today | Sublime Security | 9mo ago Aug 22nd, 2024 | /feeds/core/detection-rules/open-redirect-bestdealstoday-666de100 | |
Open Redirect: Bitrix24 URL Path | Sublime Security | 2mo ago Mar 18th, 2025 | /feeds/core/detection-rules/open-redirect-bitrix24-url-path-e3c85e59 | |
Open redirect: BMW USA | Sublime Security | 2y ago Aug 17th, 2023 | /feeds/core/detection-rules/open-redirect-bmw-usa-1bf4e69a | |
Open Redirect: bubblelife.com | Sublime Security | 3mo ago Feb 5th, 2025 | /feeds/core/detection-rules/open-redirect-bubblelifecom-53c9b893 | |
Open Redirect: buildingengines.com | Sublime Security | 2mo ago Mar 18th, 2025 | /feeds/core/detection-rules/open-redirect-buildingenginescom-93df711e | |
Open Redirect: business.google.com website_shared URL Param | Sublime Security | 25d ago Apr 28th, 2025 | /feeds/core/detection-rules/open-redirect-businessgooglecom-websiteshared-url-param-f146be73 | |
Open Redirect: Cartoon Network | Sublime Security | 2mo ago Mar 18th, 2025 | /feeds/core/detection-rules/open-redirect-cartoon-network-7435e057 | |
Open Redirect: chkc.com.hk | Sublime Security | 9mo ago Aug 22nd, 2024 | /feeds/core/detection-rules/open-redirect-chkccomhk-aa683479 | |
Open redirect: City of Calgary | Sublime Security | 8mo ago Sep 11th, 2024 | /feeds/core/detection-rules/open-redirect-city-of-calgary-00321858 | |
Open Redirect: Club-OS | Sublime Security | 7mo ago Oct 8th, 2024 | /feeds/core/detection-rules/open-redirect-club-os-c6286914 | |
Open Redirect: convertcart.com | Sublime Security | 2mo ago Feb 24th, 2025 | /feeds/core/detection-rules/open-redirect-convertcartcom-deab563d | |
Open redirect: Dell | Sublime Security | 7mo ago Oct 4th, 2024 | /feeds/core/detection-rules/open-redirect-dell-718c2b0f | |
Open Redirect: designsori.com | Sublime Security | 3mo ago Jan 28th, 2025 | /feeds/core/detection-rules/open-redirect-designsoricom-4c38ff47 | |
Open Redirect: documentmailbox.com | Sublime Security | 9mo ago Aug 22nd, 2024 | /feeds/core/detection-rules/open-redirect-documentmailboxcom-9b2e9179 | |
Open redirect: Doubleclick.net | Sublime Security | 10mo ago Jul 8th, 2024 | /feeds/core/detection-rules/open-redirect-doubleclicknet-9c620146 | |
Open Redirect: eaoko.org | Sublime Security | 2mo ago Mar 18th, 2025 | /feeds/core/detection-rules/open-redirect-eaokoorg-f8fd9912 | |
Open Redirect: easycamp.com | Sublime Security | 4mo ago Dec 31st, 2024 | /feeds/core/detection-rules/open-redirect-easycampcom-f05d377d | |
Open Redirect: embluemail.com | Sublime Security | 3mo ago Feb 6th, 2025 | /feeds/core/detection-rules/open-redirect-embluemailcom-48c5abd3 | |
Open Redirect: emlakarsa | Sublime Security | 8mo ago Sep 9th, 2024 | /feeds/core/detection-rules/open-redirect-emlakarsa-ce5d5b63 | |
Open Redirect: emp.eduyield.com | Sublime Security | 3mo ago Jan 27th, 2025 | /feeds/core/detection-rules/open-redirect-empeduyieldcom-860e1381 | |
Open Redirect: eodcnetworkdirect.com | Sublime Security | 8mo ago Sep 16th, 2024 | /feeds/core/detection-rules/open-redirect-eodcnetworkdirectcom-ef31283e | |
Open Redirect: events.csiro.au | Sublime Security | 8mo ago Sep 18th, 2024 | /feeds/core/detection-rules/open-redirect-eventscsiroau-836f9a98 | |
Open Redirect: ExacTag | Sublime Security | 9mo ago Aug 22nd, 2024 | /feeds/core/detection-rules/open-redirect-exactag-5e40ea99 | |
Open Redirect: fenc.com | Sublime Security | 7mo ago Oct 8th, 2024 | /feeds/core/detection-rules/open-redirect-fenccom-6ff1ab52 | |
Open Redirect: g7.fr | Sublime Security | 9mo ago Aug 22nd, 2024 | /feeds/core/detection-rules/open-redirect-g7fr-4a8dbc58 | |
Open redirect: giving.lluh.org | Sublime Security | 6mo ago Oct 30th, 2024 | /feeds/core/detection-rules/open-redirect-givinglluhorg-a2bf1099 | |
Open Redirect (go2.aspx) leading to Microsoft credential phishing | Sublime Security | 1y ago Apr 25th, 2024 | /feeds/core/detection-rules/open-redirect-go2aspx-leading-to-microsoft-credential-phishing-51667096 |