Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Mar 21st, 2025
Feed Source
Tactic or Technique is
Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Attachment: Calendar invite with suspicious link leading to an open redirect | Sublime Security | 11mo ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-calendar-invite-with-suspicious-link-leading-to-an-open-redirect-5d6294c7 | |
Attachment: Callback Phishing solicitation via image file | @vector_sec | 11d ago Mar 12th, 2025 | /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36 | |
Attachment: Callback Phishing solicitation via pdf file | Sublime Security | 25d ago Feb 26th, 2025 | /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097 | |
Attachment: PDF file with Link to Fake Bitcoin Exchange | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-pdf-file-with-link-to-fake-bitcoin-exchange-47601cb7 | |
BEC/Fraud - Job Scam Fake thread or plaintext pivot to freemail | Sublime Security | 1y ago Jan 8th, 2024 | /feeds/core/detection-rules/becfraud-job-scam-fake-thread-or-plaintext-pivot-to-freemail-ce21c151 | |
BEC/Fraud: Romance Scam | Sublime Security | 2y ago Nov 23rd, 2023 | /feeds/core/detection-rules/becfraud-romance-scam-0243cdaa | |
BEC/Fraud: Scam Lure with freemail pivot | Sublime Security | 9mo ago Jun 3rd, 2024 | /feeds/core/detection-rules/becfraud-scam-lure-with-freemail-pivot-898c769f | |
BEC/Fraud - Student loan callback phishing | Sublime Security | 5mo ago Oct 4th, 2024 | /feeds/core/detection-rules/becfraud-student-loan-callback-phishing-a71f82c3 | |
BEC/Fraud: Urgent Language and Suspicious Sending/Infrastructure Patterns | Sublime Security | 13d ago Mar 10th, 2025 | /feeds/core/detection-rules/becfraud-urgent-language-and-suspicious-sendinginfrastructure-patterns-ba8a79e0 | |
BEC with unusual Reply-to or Return-path mismatch | Sublime Security | 6mo ago Aug 27th, 2024 | /feeds/core/detection-rules/bec-with-unusual-reply-to-or-return-path-mismatch-83e5e2df | |
Brand impersonation: Hulu | Sublime Security | 1mo ago Feb 4th, 2025 | /feeds/core/detection-rules/brand-impersonation-hulu-6833de58 | |
Brand impersonation: KnowBe4 | Sublime Security | 3mo ago Nov 25th, 2024 | /feeds/core/detection-rules/brand-impersonation-knowbe4-7c798386 | |
Brand impersonation: Norton | Sublime Security | 5mo ago Oct 8th, 2024 | /feeds/core/detection-rules/brand-impersonation-norton-32bd9efd | |
Brand Impersonation: SiriusXM | Sublime Security | 2mo ago Jan 9th, 2025 | /feeds/core/detection-rules/brand-impersonation-siriusxm-70eb3792 | |
Business Email Compromise (BEC) attempt with masked recipients and reply-to mismatch (unsolicited) | Sublime Security | 1y ago Feb 23rd, 2024 | /feeds/core/detection-rules/business-email-compromise-bec-attempt-with-masked-recipients-and-reply-to-mismatch-unsolicited-682191bf | |
Callback Phishing: Social Security Administration Fraud | Sublime Security | 27d ago Feb 24th, 2025 | /feeds/core/detection-rules/callback-phishing-social-security-administration-fraud-a9049d52 | |
Callback Phishing solicitation in message body | Sublime Security | 25d ago Feb 26th, 2025 | /feeds/core/detection-rules/callback-phishing-solicitation-in-message-body-10a3a446 | |
Callback phishing via Google Group abuse | Sublime Security | 11mo ago Apr 23rd, 2024 | /feeds/core/detection-rules/callback-phishing-via-google-group-abuse-199d873b | |
Callback phishing via Intuit service abuse | Sublime Security | 6d ago Mar 17th, 2025 | /feeds/core/detection-rules/callback-phishing-via-intuit-service-abuse-f2fe1294 | |
Callback phishing via Zoho service abuse | Sublime Security | 2mo ago Jan 10th, 2025 | /feeds/core/detection-rules/callback-phishing-via-zoho-service-abuse-61e351ec | |
ClickFunnels link infrastructure abuse | Sublime Security | 5mo ago Oct 8th, 2024 | /feeds/core/detection-rules/clickfunnels-link-infrastructure-abuse-9192fbe9 | |
Constant Contact link infrastructure abuse | Sublime Security | 2mo ago Jan 11th, 2025 | /feeds/core/detection-rules/constant-contact-link-infrastructure-abuse-8c5e8e4c | |
COVID-19 themed fraud with sender and reply-to mismatch or compensation award | Sublime Security | 19d ago Mar 4th, 2025 | /feeds/core/detection-rules/covid-19-themed-fraud-with-sender-and-reply-to-mismatch-or-compensation-award-a16480ef | |
Credential phishing: Engaging language and other indicators (untrusted sender) | Sublime Security | 3d ago Mar 20th, 2025 | /feeds/core/detection-rules/credential-phishing-engaging-language-and-other-indicators-untrusted-sender-c2bc8ca2 | |
Credential phishing language and suspicious indicators (unknown sender) | Sublime Security | 27d ago Feb 24th, 2025 | /feeds/core/detection-rules/credential-phishing-language-and-suspicious-indicators-unknown-sender-89c186f7 | |
Domain Impersonation: Freemail ReplyTo_Local Lookalike with Financial Request | Sublime Security | 10mo ago May 3rd, 2024 | /feeds/core/detection-rules/domain-impersonation-freemail-replytolocal-lookalike-with-financial-request-43026a40 | |
Employee Impersonation: Payroll Fraud | Sublime Security | 3mo ago Dec 16th, 2024 | /feeds/core/detection-rules/employee-impersonation-payroll-fraud-2beb7d85 | |
Extortion / Sextortion - PDF attachment leveraging breach data from freemail sender | Sublime Security | 1mo ago Feb 3rd, 2025 | /feeds/core/detection-rules/extortion-sextortion-pdf-attachment-leveraging-breach-data-from-freemail-sender-efb5a213 | |
Fake Message Thread - Untrusted Sender with a Mismatched Freemail Reply-To Address | Sublime Security | 2mo ago Jan 9th, 2025 | /feeds/core/detection-rules/fake-message-thread-untrusted-sender-with-a-mismatched-freemail-reply-to-address-ca64e819 | |
Google Services Using G.co Shortlinks | Sublime Security | 1mo ago Jan 29th, 2025 | /feeds/core/detection-rules/google-services-using-gco-shortlinks-09ff8a73 | |
Honorific greeting BEC attempt with sender and reply-to mismatch | Sublime Security | 6mo ago Aug 27th, 2024 | /feeds/core/detection-rules/honorific-greeting-bec-attempt-with-sender-and-reply-to-mismatch-aa41b1b7 | |
Impersonation: Chrome Web Store Policy | Sublime Security | 5d ago Mar 18th, 2025 | /feeds/core/detection-rules/impersonation-chrome-web-store-policy-4a98f283 | |
Impersonation: Suspected supplier impersonation with suspicious content | Sublime Security | 1mo ago Feb 3rd, 2025 | /feeds/core/detection-rules/impersonation-suspected-supplier-impersonation-with-suspicious-content-63d8b1ce | |
Link: Google Calendar invite linking to an open redirect from an untrusted freemail sender | Sublime Security | 5mo ago Oct 10th, 2024 | /feeds/core/detection-rules/link-google-calendar-invite-linking-to-an-open-redirect-from-an-untrusted-freemail-sender-bb4f1ea9 | |
Link: Invoice or receipt from freemail sender with customer service number | @vector_sec | 2y ago Oct 4th, 2023 | /feeds/core/detection-rules/link-invoice-or-receipt-from-freemail-sender-with-customer-service-number-3825232d | |
Link: Multistage Landing - Abused Google Drive | Sublime Security | 3mo ago Dec 3rd, 2024 | /feeds/core/detection-rules/link-multistage-landing-abused-google-drive-c86288b4 | |
Mass campaign: Cross Site Scripting (XSS) attempt | Sublime Security | 12mo ago Mar 27th, 2024 | /feeds/core/detection-rules/mass-campaign-cross-site-scripting-xss-attempt-6cbb7124 | |
Message Traversed Multiple onmicrosoft.com Tenants | Sublime Security | 3mo ago Dec 18th, 2024 | /feeds/core/detection-rules/message-traversed-multiple-onmicrosoftcom-tenants-9cf01c0d | |
PenPal Scam | Sublime Security | 11mo ago Apr 23rd, 2024 | /feeds/core/detection-rules/penpal-scam-a4bdfa17 | |
Request for Quote or Purchase (RFQ|RFP) with suspicious sender or recipient pattern | Sublime Security | 11d ago Mar 12th, 2025 | /feeds/core/detection-rules/request-for-quote-or-purchase-rfqorrfp-with-suspicious-sender-or-recipient-pattern-2ac0d329 | |
Scam: Piano Giveaway | Sublime Security | 1mo ago Feb 20th, 2025 | /feeds/core/detection-rules/scam-piano-giveaway-1a91a203 | |
Service Abuse: Google Drive Share From an Unsolicited Reply-To Address | Sublime Security | 2mo ago Jan 2nd, 2025 | /feeds/core/detection-rules/service-abuse-google-drive-share-from-an-unsolicited-reply-to-address-4581ec0c | |
Service Abuse: Google Drive Share From New Reply-To Domain | Sublime Security | 2mo ago Jan 9th, 2025 | /feeds/core/detection-rules/service-abuse-google-drive-share-from-new-reply-to-domain-c1a2d367 | |
Spam: Default Microsoft Exchange Online sender domain (onmicrosoft.com) | Sublime Security | 2mo ago Jan 10th, 2025 | /feeds/core/detection-rules/spam-default-microsoft-exchange-online-sender-domain-onmicrosoftcom-3f2a64ce | |
Spam: New link domain (<=10d) and emojis | Sublime Security | 11mo ago Apr 25th, 2024 | /feeds/core/detection-rules/spam-new-link-domain-less10d-and-emojis-33677993 | |
Spam: Sexually Explicit Google Group Invitation | Sublime Security | 2mo ago Jan 16th, 2025 | /feeds/core/detection-rules/spam-sexually-explicit-google-group-invitation-4e0bec29 | |
Spam: Sexually Explicit Looker Studio Report | Sublime Security | 2mo ago Jan 16th, 2025 | /feeds/core/detection-rules/spam-sexually-explicit-looker-studio-report-f1e649cd | |
Spam: Unsolicited malformed PDF | Sublime Security | 10mo ago May 23rd, 2024 | /feeds/core/detection-rules/spam-unsolicited-malformed-pdf-f0c50031 | |
Spam: URL shortener with short body content and emojis | Sublime Security | 2y ago Oct 4th, 2023 | /feeds/core/detection-rules/spam-url-shortener-with-short-body-content-and-emojis-b7797e4c | |
Suspicious mailer received from Gmail servers | Sublime Security | 5mo ago Oct 8th, 2024 | /feeds/core/detection-rules/suspicious-mailer-received-from-gmail-servers-f05f04ee |