Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Jun 18th, 2025
Feed Source
Tactic or Technique is
Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Attachment: Any HTML file (unsolicited) | Sublime Security | 1y ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-any-html-file-unsolicited-ef36763f | |
Attachment: Any HTML file (untrusted sender) | Sublime Security | 1y ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-any-html-file-untrusted-sender-57a8f5c5 | |
Attachment: Any HTML file within archive (unsolicited) | Sublime Security | 2y ago Nov 14th, 2023 | /feeds/core/detection-rules/attachment-any-html-file-within-archive-unsolicited-6a67c02c | |
Attachment: Archive containing HTML file with file scheme link | Sublime Security | 1y ago Mar 7th, 2024 | /feeds/core/detection-rules/attachment-archive-containing-html-file-with-file-scheme-link-edf6d0d9 | |
Attachment: Double Base64-encoded Zip File in HTML Smuggling Attachment | @ajpc500 | 2y ago Oct 4th, 2023 | /feeds/core/detection-rules/attachment-double-base64-encoded-zip-file-in-html-smuggling-attachment-61ebb07b | |
Attachment: EML containing a base64 encoded script | Sublime Security | 1y ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-eml-containing-a-base64-encoded-script-fc3d9445 | |
Attachment: EML file contains HTML attachment with login portal indicators | Sublime Security | 2y ago Oct 19th, 2023 | /feeds/core/detection-rules/attachment-eml-file-contains-html-attachment-with-login-portal-indicators-6e4df158 | |
Attachment: EML file with HTML attachment (unsolicited) | Sublime Security | 2mo ago Mar 28th, 2025 | /feeds/core/detection-rules/attachment-eml-file-with-html-attachment-unsolicited-c24fd191 | |
Attachment: EML with Suspicious Indicators | Sublime Security | 17d ago Jun 2nd, 2025 | /feeds/core/detection-rules/attachment-eml-with-suspicious-indicators-deb5d08d | |
Attachment: Fake Slack installer | Sublime Security | 2y ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f | |
Attachment: Fake Zoom installer | Sublime Security | 2y ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6 | |
Attachment: HTML Attachment with Javascript location | @vector_sec | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-attachment-with-javascript-location-e0611295 | |
Attachment: HTML Attachment with Login Portal Indicators | @ajpc500 | 1y ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-html-attachment-with-login-portal-indicators-3aabf4a7 | |
Attachment: HTML file contains exclusively Javascript | Sublime Security | 1y ago Feb 1st, 2024 | /feeds/core/detection-rules/attachment-html-file-contains-exclusively-javascript-b6d38168 | |
Attachment: HTML file with excessive 'const' declarations and abnormally long timeouts | Sublime Security | 4mo ago Feb 3rd, 2025 | /feeds/core/detection-rules/attachment-html-file-with-excessive-const-declarations-and-abnormally-long-timeouts-66f8a07a | |
Attachment: HTML file with excessive padding and suspicious patterns | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-file-with-excessive-padding-and-suspicious-patterns-0a6aee1e | |
Attachment: HTML file with reference to recipient and suspicious patterns | Sublime Security | 1y ago May 3rd, 2024 | /feeds/core/detection-rules/attachment-html-file-with-reference-to-recipient-and-suspicious-patterns-5333493d | |
Attachment: HTML smuggling 'body onload' linking to suspicious destination | Sublime Security | 2y ago Sep 22nd, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-body-onload-linking-to-suspicious-destination-c1e2beed | |
Attachment: HTML smuggling 'body onload' with high entropy and suspicious text | Sublime Security | 2y ago Sep 25th, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-body-onload-with-high-entropy-and-suspicious-text-329ac12d | |
Attachment: HTML Smuggling Microsoft Sign In | Sublime Security | 1y ago Jan 31st, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385 | |
Attachment: HTML smuggling with atob and high entropy | Sublime Security | 9mo ago Aug 29th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-03fcac11 | |
Attachment: HTML smuggling with atob and high entropy via calendar invite | Sublime Security | 16d ago Jun 3rd, 2025 | /feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-via-calendar-invite-94d84614 | |
Attachment: HTML smuggling with auto-downloaded file | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-auto-downloaded-file-abf724f5 | |
Attachment: HTML smuggling with base64 encoded JavaScript function | Sublime Security | 2y ago Aug 27th, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-base64-encoded-javascript-function-4e8a12ec | |
Attachment: HTML smuggling with concatenation obfuscation | @vector_sec | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-concatenation-obfuscation-108ab346 | |
Attachment: HTML smuggling with decimal encoding | Sublime Security | 1y ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-decimal-encoding-f99213c4 | |
Attachment: HTML smuggling with embedded base64-encoded executable | Sublime Security | 1y ago Mar 25th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-executable-b00c4527 | |
Attachment: HTML smuggling with embedded base64-encoded ISO | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-iso-294ecd2d | |
Attachment: HTML smuggling with embedded base64 streamed file download | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-streamed-file-download-e04de4e2 | |
Attachment: HTML smuggling with eval and atob | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-eval-and-atob-9f521ca2 | |
Attachment: HTML smuggling with eval and atob via calendar invite | Sublime Security | 16d ago Jun 3rd, 2025 | /feeds/core/detection-rules/attachment-html-smuggling-with-eval-and-atob-via-calendar-invite-597c2edd | |
Attachment: HTML smuggling with excessive line break obfuscation | Sublime Security | 2y ago Sep 8th, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-excessive-line-break-obfuscation-7e901440 | |
Attachment: HTML smuggling with excessive string concatenation and suspicious patterns | Sublime Security | 9mo ago Aug 27th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-excessive-string-concatenation-and-suspicious-patterns-e34fce8d | |
Attachment: HTML smuggling with fromCharCode and other signals | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-fromcharcode-and-other-signals-a68ce0ef | |
Attachment: HTML smuggling with hex strings | @ajpc500 | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-hex-strings-b4208ed6 | |
Attachment: HTML smuggling with high entropy and other signals | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-high-entropy-and-other-signals-be157288 | |
Attachment: HTML smuggling with raw array buffer | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-raw-array-buffer-a0d5c3dc | |
Attachment: HTML smuggling with RC4 decryption | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-rc4-decryption-3a46d765 | |
Attachment: HTML smuggling with ROT13 | @Kyle_Parrish_ | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-rot13-6eacc4cf | |
Attachment: HTML smuggling with setTimeout | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-settimeout-4e0b2c32 | |
Attachment: HTML smuggling with unescape | Sublime Security | 2y ago Sep 22nd, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-unescape-0b0fed36 | |
Attachment: HTML With Emoji-to-Character Map | Sublime Security | 6mo ago Dec 2nd, 2024 | /feeds/core/detection-rules/attachment-html-with-emoji-to-character-map-3119d086 | |
Attachment: HTML with obfuscation and recipient's email in JavaScript strings | Sublime Security | 2mo ago Apr 10th, 2025 | /feeds/core/detection-rules/attachment-html-with-obfuscation-and-recipients-email-in-javascript-strings-1aff486b | |
Attachment: Web Files With Suspicious Comments | Sublime Security | 1mo ago Apr 28th, 2025 | /feeds/core/detection-rules/attachment-web-files-with-suspicious-comments-93061d17 | |
CVE-2023-5631 - Roundcube Webmail XSS via crafted SVG | Sublime Security | 1y ago Feb 23rd, 2024 | /feeds/core/detection-rules/cve-2023-5631-roundcube-webmail-xss-via-crafted-svg-8405d61b | |
HTML smuggling containing recipient email address | Sublime Security | 2mo ago Apr 1st, 2025 | /feeds/core/detection-rules/html-smuggling-containing-recipient-email-address-af32ff2f | |
HTML smuggling with atob in message body | Sublime Security | 2y ago Aug 17th, 2023 | /feeds/core/detection-rules/html-smuggling-with-atob-in-message-body-0f86851f | |
Low reputation link to auto-downloaded HTML file with smuggling indicators | Sublime Security | 1y ago May 9th, 2024 | /feeds/core/detection-rules/low-reputation-link-to-auto-downloaded-html-file-with-smuggling-indicators-339676c6 |