Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Apr 28th, 2025
Feed Source
Detection Method is
Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Attachment: OLE external relationship containing file scheme link to executable filetype | Sublime Security | 12d ago Apr 17th, 2025 | /feeds/core/detection-rules/attachment-ole-external-relationship-containing-file-scheme-link-to-executable-filetype-33bf6fd4 | |
Attachment: OLE external relationship containing file scheme link to IP address | Sublime Security | 1y ago Apr 12th, 2024 | /feeds/core/detection-rules/attachment-ole-external-relationship-containing-file-scheme-link-to-ip-address-3aab998c | |
Attachment: PDF with link to DMG file download | Sublime Security | 1y ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-pdf-with-link-to-dmg-file-download-2c486fe0 | |
Attachment: PDF with link to zip containing a wsf file | Sublime Security | 1y ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-pdf-with-link-to-zip-containing-a-wsf-file-93bc7db4 | |
Attachment: RFP/RFQ impersonating government entities | Sublime Security | 1y ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-rfprfq-impersonating-government-entities-3b73e3b3 | |
Attachment: Suspicious Employee Policy Update Document Lure | Sublime Security | 29d ago Mar 31st, 2025 | /feeds/core/detection-rules/attachment-suspicious-employee-policy-update-document-lure-a8bf1fd1 | |
Attachment: SVG file execution | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-svg-file-execution-084b0cde | |
Attachment: Web Files With Suspicious Comments | Sublime Security | 1d ago Apr 28th, 2025 | /feeds/core/detection-rules/attachment-web-files-with-suspicious-comments-93061d17 | |
BEC: Employee impersonation with subject manipulation | Sublime Security | 1y ago Jan 22nd, 2024 | /feeds/core/detection-rules/bec-employee-impersonation-with-subject-manipulation-9adfc77b | |
BEC/Fraud: Generic Scam attempt to Undisclosed Receipients | Sublime Security | 1y ago Apr 23rd, 2024 | /feeds/core/detection-rules/becfraud-generic-scam-attempt-to-undisclosed-receipients-5dac401f | |
BEC/Fraud - Job Scam Fake thread or plaintext pivot to freemail | Sublime Security | 1y ago Jan 8th, 2024 | /feeds/core/detection-rules/becfraud-job-scam-fake-thread-or-plaintext-pivot-to-freemail-ce21c151 | |
BEC/Fraud: Romance Scam | Sublime Security | 2y ago Nov 23rd, 2023 | /feeds/core/detection-rules/becfraud-romance-scam-0243cdaa | |
BEC/Fraud: Scam Lure with freemail pivot | Sublime Security | 10mo ago Jun 3rd, 2024 | /feeds/core/detection-rules/becfraud-scam-lure-with-freemail-pivot-898c769f | |
BEC/Fraud - Student loan callback phishing | Sublime Security | 6mo ago Oct 4th, 2024 | /feeds/core/detection-rules/becfraud-student-loan-callback-phishing-a71f82c3 | |
BEC/Fraud: Urgent Language and Suspicious Sending/Infrastructure Patterns | Sublime Security | 1mo ago Mar 10th, 2025 | /feeds/core/detection-rules/becfraud-urgent-language-and-suspicious-sendinginfrastructure-patterns-ba8a79e0 | |
BEC with unusual Reply-to or Return-path mismatch | Sublime Security | 8mo ago Aug 27th, 2024 | /feeds/core/detection-rules/bec-with-unusual-reply-to-or-return-path-mismatch-83e5e2df | |
Benefits Enrollment Impersonation | Sublime Security | 2mo ago Jan 30th, 2025 | /feeds/core/detection-rules/benefits-enrollment-impersonation-5a6eb5a8 | |
Brand impersonation: Adobe with suspicious language and link | Sublime Security | 7mo ago Sep 19th, 2024 | /feeds/core/detection-rules/brand-impersonation-adobe-with-suspicious-language-and-link-32cc8bf1 | |
Brand Impersonation: AliExpress | Sublime Security | 1d ago Apr 28th, 2025 | /feeds/core/detection-rules/brand-impersonation-aliexpress-b14703d8 | |
Brand impersonation: Aramco | Sublime Security | 6mo ago Oct 10th, 2024 | /feeds/core/detection-rules/brand-impersonation-aramco-96e87699 | |
Brand impersonation: Binance | Sublime Security | 2mo ago Feb 24th, 2025 | /feeds/core/detection-rules/brand-impersonation-binance-c3302a76 | |
Brand Impersonation: Coinbase with suspicious links | Sublime Security | 2y ago Nov 18th, 2023 | /feeds/core/detection-rules/brand-impersonation-coinbase-with-suspicious-links-b61e2f8e | |
Brand impersonation: DocuSign branded attachment lure with no DocuSign links | Sublime Security | 1d ago Apr 28th, 2025 | /feeds/core/detection-rules/brand-impersonation-docusign-branded-attachment-lure-with-no-docusign-links-814a5694 | |
Brand Impersonation: DocuSign with embedded QR code | Sublime Security | 12mo ago May 2nd, 2024 | /feeds/core/detection-rules/brand-impersonation-docusign-with-embedded-qr-code-f5cde463 | |
Brand impersonation: Dropbox | Sublime Security | 5mo ago Nov 13th, 2024 | /feeds/core/detection-rules/brand-impersonation-dropbox-61f11d12 | |
Brand impersonation: Enbridge | Sublime Security | 3mo ago Jan 24th, 2025 | /feeds/core/detection-rules/brand-impersonation-enbridge-203a6a28 | |
Brand Impersonation: Fake DocuSign HTML table not linking to DocuSign domains | Sublime Security | 2mo ago Feb 4th, 2025 | /feeds/core/detection-rules/brand-impersonation-fake-docusign-html-table-not-linking-to-docusign-domains-28923dde | |
Brand Impersonation: Fake Fax | Sublime Security | 4d ago Apr 25th, 2025 | /feeds/core/detection-rules/brand-impersonation-fake-fax-2a96b90a | |
Brand impersonation: Google Drive fake file share | Sublime Security | 1mo ago Mar 21st, 2025 | /feeds/core/detection-rules/brand-impersonation-google-drive-fake-file-share-b424a941 | |
Brand impersonation: Google using Microsoft Forms | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/brand-impersonation-google-using-microsoft-forms-1daac608 | |
Brand impersonation: Gusto | Sublime Security | 1y ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-gusto-54025c1c | |
Brand impersonation: Interac | Sublime Security | 7mo ago Sep 16th, 2024 | /feeds/core/detection-rules/brand-impersonation-interac-50a883dc | |
Brand Impersonation: Internal Revenue Service | Sublime Security | 22d ago Apr 7th, 2025 | /feeds/core/detection-rules/brand-impersonation-internal-revenue-service-3c63f8e9 | |
Brand impersonation: Microsoft | @amitchell516 | 3mo ago Jan 11th, 2025 | /feeds/core/detection-rules/brand-impersonation-microsoft-6e2f04e6 | |
Brand impersonation: Microsoft fake sign-in alert | Sublime Security | 1y ago Apr 25th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-fake-sign-in-alert-3f4c9e7a | |
Brand impersonation: Microsoft logo in HTML with fake quarantine release notification | Sublime Security | 1y ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-logo-in-html-with-fake-quarantine-release-notification-f12c615c | |
Brand impersonation: Microsoft logo or suspicious language with open redirect | Sublime Security | 1y ago Mar 7th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-logo-or-suspicious-language-with-open-redirect-27b8d8d8 | |
Brand Impersonation: Microsoft Planner With Suspicious Link | Sublime Security | 6mo ago Oct 9th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-planner-with-suspicious-link-ea363c08 | |
Brand impersonation: Microsoft quarantine release notification in body | Sublime Security | 10mo ago Jun 27th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-quarantine-release-notification-in-body-6d19527c | |
Brand impersonation: Microsoft quarantine release notification in image attachment | Sublime Security | 10mo ago Jun 27th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-quarantine-release-notification-in-image-attachment-185db6b3 | |
Brand impersonation: Microsoft Teams | Sublime Security | 4mo ago Dec 3rd, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-teams-9cd53055 | |
Brand impersonation: Microsoft with low reputation links | Sublime Security | 19d ago Apr 10th, 2025 | /feeds/core/detection-rules/brand-impersonation-microsoft-with-low-reputation-links-b59201b6 | |
Brand Impersonation: Navan | Sublime Security | 25d ago Apr 4th, 2025 | /feeds/core/detection-rules/brand-impersonation-navan-3573e9a8 | |
Brand impersonation: Norton | Sublime Security | 6mo ago Oct 8th, 2024 | /feeds/core/detection-rules/brand-impersonation-norton-32bd9efd | |
Brand impersonation: Okta | Sublime Security | 1y ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-okta-b7a2989a | |
Brand Impersonation: PayPal | Sublime Security | 19d ago Apr 10th, 2025 | /feeds/core/detection-rules/brand-impersonation-paypal-a6b2ceee | |
Brand impersonation: PNC | Sublime Security | 1y ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-pnc-1b5ae4fb | |
Brand impersonation: Quickbooks | Sublime Security | 28d ago Apr 1st, 2025 | /feeds/core/detection-rules/brand-impersonation-quickbooks-4fd791d1 | |
Brand Impersonation: QuickBooks Notification From Intuit Themed Company Name | Sublime Security | 1mo ago Mar 3rd, 2025 | /feeds/core/detection-rules/brand-impersonation-quickbooks-notification-from-intuit-themed-company-name-42058fc4 | |
Brand Impersonation: SendGrid | Sublime Security | 14d ago Apr 15th, 2025 | /feeds/core/detection-rules/brand-impersonation-sendgrid-d800124f |