Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Mar 21st, 2025
Feed Source
Tactic or Technique is
Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Attachment: Calendar invite with suspicious link leading to an open redirect | Sublime Security | 11mo ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-calendar-invite-with-suspicious-link-leading-to-an-open-redirect-5d6294c7 | |
Attachment: EML file with IPFS links | Sublime Security | 11mo ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-eml-file-with-ipfs-links-1fe9d7e7 | |
Attachment: EML with link to credential phishing page | Sublime Security | 6mo ago Sep 13th, 2024 | /feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca | |
Attachment: Fake scan-to-email | Sublime Security | 4mo ago Oct 28th, 2024 | /feeds/core/detection-rules/attachment-fake-scan-to-email-ea850cc1 | |
Brand impersonation: Fake fax | Sublime Security | 1y ago Feb 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-fake-fax-2a96b90a | |
Brand impersonation: Microsoft quarantine release notification in image attachment | Sublime Security | 8mo ago Jun 27th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-quarantine-release-notification-in-image-attachment-185db6b3 | |
Brand impersonation: Microsoft with low reputation links | Sublime Security | 3mo ago Dec 18th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-with-low-reputation-links-b59201b6 | |
Credential phishing: Engaging language with IPFS link | Sublime Security | 10mo ago May 3rd, 2024 | /feeds/core/detection-rules/credential-phishing-engaging-language-with-ipfs-link-996c4d83 | |
Credential Phishing: Hyper-linked image leading to free file host | Sublime Security | 10mo ago May 2nd, 2024 | /feeds/core/detection-rules/credential-phishing-hyper-linked-image-leading-to-free-file-host-f5cb1eca | |
Fake scan-to-email message | Sublime Security | 9mo ago Jun 7th, 2024 | /feeds/core/detection-rules/fake-scan-to-email-message-78851fbe | |
Fake shipping notification with link to free file hosting | Sublime Security | 8mo ago Jul 10th, 2024 | /feeds/core/detection-rules/fake-shipping-notification-with-link-to-free-file-hosting-6d3fe05e | |
File sharing link from suspicious sender domain | Sublime Security | 2mo ago Jan 13th, 2025 | /feeds/core/detection-rules/file-sharing-link-from-suspicious-sender-domain-95f20354 | |
File sharing link with a suspicious subject | Sublime Security | 11mo ago Apr 23rd, 2024 | /feeds/core/detection-rules/file-sharing-link-with-a-suspicious-subject-a306e2a6 | |
Google Drive abuse: Credential phishing link | Sublime Security | 7mo ago Jul 31st, 2024 | /feeds/core/detection-rules/google-drive-abuse-credential-phishing-link-c74aece0 | |
Google Drive direct download link from unsolicited sender | Sublime Security | 18d ago Mar 5th, 2025 | /feeds/core/detection-rules/google-drive-direct-download-link-from-unsolicited-sender-78a19343 | |
Google Share Notification with Suspicious Comments | Sublime Security | 4mo ago Nov 13th, 2024 | /feeds/core/detection-rules/google-share-notification-with-suspicious-comments-c69c9924 | |
Invoicera infrastructure abuse | Sublime Security | 1y ago Mar 7th, 2024 | /feeds/core/detection-rules/invoicera-infrastructure-abuse-1e56f310 | |
Link: Abused Adobe Express | Sublime Security | 3mo ago Dec 16th, 2024 | /feeds/core/detection-rules/link-abused-adobe-express-c7d17bfd | |
Link: Adobe Share from Unsolicited Sender | Sublime Security | 5mo ago Oct 24th, 2024 | /feeds/core/detection-rules/link-adobe-share-from-unsolicited-sender-8e29ab33 | |
Link: Adobe Share with Suspicious Indicators | Sublime Security | 3mo ago Dec 3rd, 2024 | /feeds/core/detection-rules/link-adobe-share-with-suspicious-indicators-b33cae80 | |
Link: Google Calendar invite linking to an open redirect from an untrusted freemail sender | Sublime Security | 5mo ago Oct 10th, 2024 | /feeds/core/detection-rules/link-google-calendar-invite-linking-to-an-open-redirect-from-an-untrusted-freemail-sender-bb4f1ea9 | |
Link: IPFS | Sublime Security | 5mo ago Oct 16th, 2024 | /feeds/core/detection-rules/link-ipfs-19fa6442 | |
Link: Jensi File Preview Link from Unsolicited Sender | Sublime Security | 5mo ago Oct 2nd, 2024 | /feeds/core/detection-rules/link-jensi-file-preview-link-from-unsolicited-sender-122b39f3 | |
Link: Multistage Landing - Abused Adobe frame.io | Sublime Security | 20d ago Mar 3rd, 2025 | /feeds/core/detection-rules/link-multistage-landing-abused-adobe-frameio-a6c457c5 | |
Link: Multistage Landing - Abused Docusign | Sublime Security | 2mo ago Jan 3rd, 2025 | /feeds/core/detection-rules/link-multistage-landing-abused-docusign-4189a645 | |
Link: Multistage Landing - Abused Google Drive | Sublime Security | 3mo ago Dec 3rd, 2024 | /feeds/core/detection-rules/link-multistage-landing-abused-google-drive-c86288b4 | |
Link: Secure SharePoint file share from new or unusual sender | Sublime Security | 20d ago Mar 3rd, 2025 | /feeds/core/detection-rules/link-secure-sharepoint-file-share-from-new-or-unusual-sender-74ed3020 | |
Link: Suspicious SharePoint Document Name | Sublime Security | 1mo ago Jan 24th, 2025 | /feeds/core/detection-rules/link-suspicious-sharepoint-document-name-f95fee6e | |
Link: Suspicious Sharepoint Folder Share | Sublime Security | 6mo ago Sep 23rd, 2024 | /feeds/core/detection-rules/link-suspicious-sharepoint-folder-share-6168a08c | |
Link: Webflow Link from Unsolicited Sender | Sublime Security | 6mo ago Sep 16th, 2024 | /feeds/core/detection-rules/link-webflow-link-from-unsolicited-sender-d4f3b8cf | |
Link: Zoho Form Link from Unsolicited Sender | Sublime Security | 4mo ago Nov 5th, 2024 | /feeds/core/detection-rules/link-zoho-form-link-from-unsolicited-sender-eb04a9f2 | |
Low reputation link to auto-downloaded HTML file with smuggling indicators | Sublime Security | 10mo ago May 9th, 2024 | /feeds/core/detection-rules/low-reputation-link-to-auto-downloaded-html-file-with-smuggling-indicators-339676c6 | |
Notion suspicious file share | Sublime Security | 2y ago Dec 15th, 2023 | /feeds/core/detection-rules/notion-suspicious-file-share-f7307929 | |
Service Abuse: DocSend Share From an Unsolicited Reply-To Address | Sublime Security | 3mo ago Dec 18th, 2024 | /feeds/core/detection-rules/service-abuse-docsend-share-from-an-unsolicited-reply-to-address-b377e64c | |
Service Abuse: DocSend Share From Newly Registered Domain | Sublime Security | 3mo ago Dec 18th, 2024 | /feeds/core/detection-rules/service-abuse-docsend-share-from-newly-registered-domain-3bc152f2 | |
Service Abuse: DocuSign Share From an Unsolicited Reply-To Address | Sublime Security | 3mo ago Dec 18th, 2024 | /feeds/core/detection-rules/service-abuse-docusign-share-from-an-unsolicited-reply-to-address-2f12d616 | |
Service Abuse: Google Drive Share From an Unsolicited Reply-To Address | Sublime Security | 2mo ago Jan 2nd, 2025 | /feeds/core/detection-rules/service-abuse-google-drive-share-from-an-unsolicited-reply-to-address-4581ec0c | |
Service Abuse: Google Drive Share From New Reply-To Domain | Sublime Security | 2mo ago Jan 9th, 2025 | /feeds/core/detection-rules/service-abuse-google-drive-share-from-new-reply-to-domain-c1a2d367 | |
Spam: Campaign with excessive space/char obfuscation and free file hosted link | Sublime Security | 2y ago Nov 18th, 2023 | /feeds/core/detection-rules/spam-campaign-with-excessive-spacechar-obfuscation-and-free-file-hosted-link-122bc0ca | |
Spoofable internal domain with suspicious signals | Sublime Security | 10mo ago May 3rd, 2024 | /feeds/core/detection-rules/spoofable-internal-domain-with-suspicious-signals-40089d69 | |
Suspicious DocuSign Share From New Domain | Sublime Security | 2mo ago Jan 2nd, 2025 | /feeds/core/detection-rules/suspicious-docusign-share-from-new-domain-d430a1f3 | |
Suspicious SharePoint File Sharing | Sublime Security | 3mo ago Dec 18th, 2024 | /feeds/core/detection-rules/suspicious-sharepoint-file-sharing-971c3d9c |