Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated May 14th, 2024
Feed Source
Tactic or Technique is
Rule Name & Severity | Author | Last Updated | Labels | |
---|---|---|---|---|
Adobe branded PDF file linking to a password-protected file from untrusted sender | Sublime Security | 3 months ago Feb 23rd, 2024 | /feeds/core/detection-rules/adobe-branded-pdf-file-linking-to-a-password-protected-file-from-untrusted-sender-5ea75469 | |
Attachment: Any HTML file within archive (unsolicited) | Sublime Security | 6 months ago Nov 14th, 2023 | /feeds/core/detection-rules/attachment-any-html-file-within-archive-unsolicited-6a67c02c | |
Attachment: Archive containing disallowed file type | Sublime Security | 3 months ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-archive-containing-disallowed-file-type-3859e3e7 | |
Attachment: Archive containing HTML file with file scheme link | Sublime Security | 2 months ago Mar 7th, 2024 | /feeds/core/detection-rules/attachment-archive-containing-html-file-with-file-scheme-link-edf6d0d9 | |
Attachment: Archive with embedded CHM file | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-archive-with-embedded-chm-file-5280e94d | |
Attachment: Archive with embedded EXE file | Sublime Security | 3 months ago Feb 27th, 2024 | /feeds/core/detection-rules/attachment-archive-with-embedded-exe-file-e2b0ad86 | |
Attachment: Archive with pdf, txt and wsf files | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-archive-with-pdf-txt-and-wsf-files-16b2e239 | |
Attachment: Callback Phishing solicitation via image file | @vector_sec | a month ago Apr 2nd, 2024 | /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36 | |
Attachment: Callback Phishing solicitation via pdf file | Sublime Security | 6 days ago May 8th, 2024 | /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097 | |
Attachment: Callback Phishing solicitation via text file with a large unknown recipient list | Sublime Security | a month ago Apr 8th, 2024 | /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-text-file-with-a-large-unknown-recipient-list-ca39c83a | |
Attachment: .csproj with suspicious commands | Sublime Security | 9 months ago Aug 17th, 2023 | /feeds/core/detection-rules/attachment-csproj-with-suspicious-commands-fe45b81d | |
Attachment: DocX embedded Binary | Sublime Security | 2 months ago Mar 26th, 2024 | /feeds/core/detection-rules/attachment-docx-embedded-binary-feff0241 | |
Attachment: Double Base64-encoded Zip File in HTML Smuggling Attachment | @ajpc500 | 7 months ago Oct 4th, 2023 | /feeds/core/detection-rules/attachment-double-base64-encoded-zip-file-in-html-smuggling-attachment-61ebb07b | |
Attachment: Embedded VBScript in MHT file (unsolicited) | Sublime Security | 7 months ago Oct 4th, 2023 | /feeds/core/detection-rules/attachment-embedded-vbscript-in-mht-file-unsolicited-b30353a6 | |
Attachment: EML containing a base64 encoded script | Sublime Security | 3 months ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-eml-containing-a-base64-encoded-script-fc3d9445 | |
Attachment: EML file contains HTML attachment with login portal indicators | Sublime Security | 7 months ago Oct 19th, 2023 | /feeds/core/detection-rules/attachment-eml-file-contains-html-attachment-with-login-portal-indicators-6e4df158 | |
Attachment: EML file with HTML attachment (unsolicited) | Sublime Security | 6 months ago Nov 14th, 2023 | /feeds/core/detection-rules/attachment-eml-file-with-html-attachment-unsolicited-c24fd191 | |
Attachment: EML file with IPFS links | Sublime Security | 19 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-eml-file-with-ipfs-links-1fe9d7e7 | |
Attachment: EML with link to credential phishing page | Sublime Security | 8 days ago May 6th, 2024 | /feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca | |
Attachment: Emotet heavily padded doc in zip file | Sublime Security | 7 months ago Oct 4th, 2023 | /feeds/core/detection-rules/attachment-emotet-heavily-padded-doc-in-zip-file-9a5332ed | |
Attachment: Excel Web Query File (IQY) | @jkcoote | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-excel-web-query-file-iqy-510412b5 | |
Attachment: Fake attachment image lure | Sublime Security | 21 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-fake-attachment-image-lure-96b8b285 | |
Attachment: Fake Slack installer | Sublime Security | 5 months ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f | |
Attachment: Fake Zoom installer | Sublime Security | 5 months ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6 | |
Attachment: File execution via Javascript | Sublime Security | 5 months ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-file-execution-via-javascript-627ae0b1 | |
Attachment: Filename Containing Unicode Right-to-Left Override Character | @vector_sec | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-filename-containing-unicode-right-to-left-override-character-357c57a1 | |
Attachment: HTML Attachment with Javascript location | @vector_sec | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-attachment-with-javascript-location-e0611295 | |
Attachment: HTML file contains exclusively Javascript | Sublime Security | 3 months ago Feb 1st, 2024 | /feeds/core/detection-rules/attachment-html-file-contains-exclusively-javascript-b6d38168 | |
Attachment: HTML file with excessive padding and suspicious patterns | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-file-with-excessive-padding-and-suspicious-patterns-0a6aee1e | |
Attachment: HTML smuggling 'body onload' linking to suspicious destination | Sublime Security | 8 months ago Sep 22nd, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-body-onload-linking-to-suspicious-destination-c1e2beed | |
Attachment: HTML smuggling 'body onload' with high entropy and suspicious text | Sublime Security | 8 months ago Sep 25th, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-body-onload-with-high-entropy-and-suspicious-text-329ac12d | |
Attachment: HTML smuggling with concatenation obfuscation | @vector_sec | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-concatenation-obfuscation-108ab346 | |
Attachment: HTML smuggling with decimal encoding | Sublime Security | 21 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-decimal-encoding-f99213c4 | |
Attachment: HTML smuggling with embedded base64-encoded executable | Sublime Security | 2 months ago Mar 25th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-executable-b00c4527 | |
Attachment: HTML smuggling with embedded base64-encoded ISO | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-iso-294ecd2d | |
Attachment: HTML smuggling with eval and atob | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-eval-and-atob-9f521ca2 | |
Attachment: HTML smuggling with excessive line break obfuscation | Sublime Security | 8 months ago Sep 8th, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-excessive-line-break-obfuscation-7e901440 | |
Attachment: HTML smuggling with fromCharCode and other signals | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-fromcharcode-and-other-signals-a68ce0ef | |
Attachment: HTML smuggling with hex strings | @ajpc500 | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-hex-strings-b4208ed6 | |
Attachment: HTML smuggling with high entropy and other signals | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-high-entropy-and-other-signals-be157288 | |
Attachment: HTML smuggling with raw array buffer | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-raw-array-buffer-a0d5c3dc | |
Attachment: HTML smuggling with RC4 decryption | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-rc4-decryption-3a46d765 | |
Attachment: HTML smuggling with ROT13 | @Kyle_Parrish_ | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-rot13-6eacc4cf | |
Attachment: HTML smuggling with setTimeout | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-settimeout-4e0b2c32 | |
Attachment: HTML smuggling with unescape | Sublime Security | 8 months ago Sep 22nd, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-unescape-0b0fed36 | |
Attachment: ICS with embedded document | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-ics-with-embedded-document-8f9957d9 | |
Attachment: JavaScript file with suspicious base64-encoded executable | Sublime Security | a month ago Apr 1st, 2024 | /feeds/core/detection-rules/attachment-javascript-file-with-suspicious-base64-encoded-executable-b8db0cf3 | |
Attachment: Link file with UNC path | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-link-file-with-unc-path-3b7ee0fb | |
Attachment: MSI Installer file | @ajpc500 | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-msi-installer-file-ae17b1a9 | |
Attachment: Office file contains OLE relationship to credential phishing page | Sublime Security | 19 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-office-file-contains-ole-relationship-to-credential-phishing-page-d55793d0 |