• Sublime Core Feed

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Feb 14th, 2025
Feed Source
GitHub
Tactic or Technique is
Rule Name & Severity
Author
Last Updated
Labels
Adobe branded PDF file linking to a password-protected file from untrusted sender
Sublime Security
11mo ago
Feb 23rd, 2024
Malware/Ransomware
Encryption
Evasion
Impersonation: Brand
PDF
Archive analysis
File analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/adobe-branded-pdf-file-linking-to-a-password-protected-file-from-untrusted-sender-5ea75469
Attachment: Adobe image lure in body or attachment with suspicious link
Sublime Security
10d ago
Feb 7th, 2025
/feeds/core/detection-rules/attachment-adobe-image-lure-in-body-or-attachment-with-suspicious-link-1d7add81
Attachment: Decoy PDF Author (Julie P.)
Sublime Security
4mo ago
Oct 2nd, 2024
/feeds/core/detection-rules/attachment-decoy-pdf-author-julie-p-4324213a
Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d
Sublime Security
9mo ago
Apr 25th, 2024
/feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282
Attachment: Dropbox image lure with no Dropbox domains in links
Sublime Security
1y ago
Jan 23rd, 2024
/feeds/core/detection-rules/attachment-dropbox-image-lure-with-no-dropbox-domains-in-links-500eee2d
Attachment: Fake secure message and suspicious indicators
Sublime Security
5mo ago
Sep 16th, 2024
/feeds/core/detection-rules/attachment-fake-secure-message-and-suspicious-indicators-20a34d94
Attachment: Fake Slack installer
Sublime Security
2y ago
Nov 29th, 2023
/feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f
Attachment: Fake Zoom installer
Sublime Security
2y ago
Nov 29th, 2023
/feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6
Attachment: HTML Smuggling Microsoft Sign In
Sublime Security
1y ago
Jan 31st, 2024
/feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385
Attachment: HTML With Emoji-to-Character Map
Sublime Security
2mo ago
Dec 2nd, 2024
/feeds/core/detection-rules/attachment-html-with-emoji-to-character-map-3119d086
Attachment: Microsoft 365 Credential Phishing
Sublime Security
4mo ago
Oct 16th, 2024
/feeds/core/detection-rules/attachment-microsoft-365-credential-phishing-edce0229
Attachment: Microsoft impersonation via PDF with link and suspicious language
Sublime Security
9mo ago
May 2nd, 2024
/feeds/core/detection-rules/attachment-microsoft-impersonation-via-pdf-with-link-and-suspicious-language-70d41c7f
Attachment: PDF file with Link to Fake Bitcoin Exchange
Sublime Security
2y ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-pdf-file-with-link-to-fake-bitcoin-exchange-47601cb7
Attachment: RFP/RFQ impersonating government entities
Sublime Security
1y ago
Jan 30th, 2024
/feeds/core/detection-rules/attachment-rfprfq-impersonating-government-entities-3b73e3b3
BEC/Fraud: Urgent Language and Suspicious Sending/Infrastructure Patterns
Sublime Security
1mo ago
Jan 16th, 2025
/feeds/core/detection-rules/becfraud-urgent-language-and-suspicious-sendinginfrastructure-patterns-ba8a79e0
Brand impersonation: Adobe (QR code)
Sublime Security
2mo ago
Dec 2nd, 2024
/feeds/core/detection-rules/brand-impersonation-adobe-qr-code-2fc36c6d
Brand impersonation: Adobe with suspicious language and link
Sublime Security
5mo ago
Sep 19th, 2024
/feeds/core/detection-rules/brand-impersonation-adobe-with-suspicious-language-and-link-32cc8bf1
Brand impersonation: ADP
Sublime Security
1y ago
Jan 9th, 2024
/feeds/core/detection-rules/brand-impersonation-adp-bb9cf46b
Brand impersonation: Amazon
Sublime Security
1mo ago
Jan 7th, 2025
/feeds/core/detection-rules/brand-impersonation-amazon-13fc967d
Brand impersonation: Amazon with suspicious attachment
Sublime Security
9mo ago
May 3rd, 2024
/feeds/core/detection-rules/brand-impersonation-amazon-with-suspicious-attachment-5751dcb9
Brand impersonation: American Express (AMEX)
Sublime Security
5mo ago
Sep 12th, 2024
/feeds/core/detection-rules/brand-impersonation-american-express-amex-992a9fa9
Brand impersonation: Apple
Sublime Security
2y ago
Aug 21st, 2023
/feeds/core/detection-rules/brand-impersonation-apple-0b17f2c2
Brand impersonation: Aramco
Sublime Security
4mo ago
Oct 10th, 2024
/feeds/core/detection-rules/brand-impersonation-aramco-96e87699
Brand impersonation: Bank of America
Sublime Security
8mo ago
Jun 14th, 2024
/feeds/core/detection-rules/brand-impersonation-bank-of-america-d2fc6ea1
Brand impersonation: Barracuda Networks
Sublime Security
7mo ago
Jul 8th, 2024
/feeds/core/detection-rules/brand-impersonation-barracuda-networks-583fd5eb
Brand impersonation: Binance
Sublime Security
9mo ago
May 3rd, 2024
/feeds/core/detection-rules/brand-impersonation-binance-c3302a76
Brand impersonation: Blockchain[.]com
Sublime Security
9mo ago
Apr 23rd, 2024
/feeds/core/detection-rules/brand-impersonation-blockchaincom-0d85e555
Brand Impersonation: Capital One
Sublime Security
6d ago
Feb 11th, 2025
/feeds/core/detection-rules/brand-impersonation-capital-one-d53848e4
Brand impersonation: Charles Schwab
Sublime Security
4d ago
Feb 13th, 2025
/feeds/core/detection-rules/brand-impersonation-charles-schwab-7abde595
Brand impersonation: Chase Bank
Sublime Security
7mo ago
Jul 9th, 2024
/feeds/core/detection-rules/brand-impersonation-chase-bank-c680f1e7
Brand Impersonation: Chase bank with credential phishing indicators
Sublime Security
9mo ago
Apr 25th, 2024
/feeds/core/detection-rules/brand-impersonation-chase-bank-with-credential-phishing-indicators-d9577856
Brand impersonation: Coinbase
Sublime Security
9mo ago
Apr 23rd, 2024
/feeds/core/detection-rules/brand-impersonation-coinbase-3dca757a
Brand Impersonation: Coinbase with suspicious links
Sublime Security
2y ago
Nov 18th, 2023
/feeds/core/detection-rules/brand-impersonation-coinbase-with-suspicious-links-b61e2f8e
Brand impersonation: Dashlane
Sublime Security
9mo ago
Apr 23rd, 2024
/feeds/core/detection-rules/brand-impersonation-dashlane-9e400937
Brand impersonation: DHL
Sublime Security
10d ago
Feb 7th, 2025
/feeds/core/detection-rules/brand-impersonation-dhl-be4b4ae0
Brand impersonation: Digital Ocean
Sublime Security
11mo ago
Mar 4th, 2024
/feeds/core/detection-rules/brand-impersonation-digital-ocean-7f2f0e97
Brand Impersonation: DocSend
Sublime Security
5mo ago
Sep 11th, 2024
/feeds/core/detection-rules/brand-impersonation-docsend-cd9a3f7a
Brand impersonation: DocuSign
Sublime Security
1mo ago
Jan 10th, 2025