Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Feb 14th, 2025
Feed Source
Tactic or Technique is
Rule Name & Severity | Author | Last Updated | Labels | |
---|---|---|---|---|
Adobe branded PDF file linking to a password-protected file from untrusted sender | Sublime Security | 11mo ago Feb 23rd, 2024 | /feeds/core/detection-rules/adobe-branded-pdf-file-linking-to-a-password-protected-file-from-untrusted-sender-5ea75469 | |
Attachment: Adobe image lure in body or attachment with suspicious link | Sublime Security | 10d ago Feb 7th, 2025 | /feeds/core/detection-rules/attachment-adobe-image-lure-in-body-or-attachment-with-suspicious-link-1d7add81 | |
Attachment: Decoy PDF Author (Julie P.) | Sublime Security | 4mo ago Oct 2nd, 2024 | /feeds/core/detection-rules/attachment-decoy-pdf-author-julie-p-4324213a | |
Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d | Sublime Security | 9mo ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282 | |
Attachment: Dropbox image lure with no Dropbox domains in links | Sublime Security | 1y ago Jan 23rd, 2024 | /feeds/core/detection-rules/attachment-dropbox-image-lure-with-no-dropbox-domains-in-links-500eee2d | |
Attachment: Fake secure message and suspicious indicators | Sublime Security | 5mo ago Sep 16th, 2024 | /feeds/core/detection-rules/attachment-fake-secure-message-and-suspicious-indicators-20a34d94 | |
Attachment: Fake Slack installer | Sublime Security | 2y ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f | |
Attachment: Fake Zoom installer | Sublime Security | 2y ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6 | |
Attachment: HTML Smuggling Microsoft Sign In | Sublime Security | 1y ago Jan 31st, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385 | |
Attachment: HTML With Emoji-to-Character Map | Sublime Security | 2mo ago Dec 2nd, 2024 | /feeds/core/detection-rules/attachment-html-with-emoji-to-character-map-3119d086 | |
Attachment: Microsoft 365 Credential Phishing | Sublime Security | 4mo ago Oct 16th, 2024 | /feeds/core/detection-rules/attachment-microsoft-365-credential-phishing-edce0229 | |
Attachment: Microsoft impersonation via PDF with link and suspicious language | Sublime Security | 9mo ago May 2nd, 2024 | /feeds/core/detection-rules/attachment-microsoft-impersonation-via-pdf-with-link-and-suspicious-language-70d41c7f | |
Attachment: PDF file with Link to Fake Bitcoin Exchange | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-pdf-file-with-link-to-fake-bitcoin-exchange-47601cb7 | |
Attachment: RFP/RFQ impersonating government entities | Sublime Security | 1y ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-rfprfq-impersonating-government-entities-3b73e3b3 | |
BEC/Fraud: Urgent Language and Suspicious Sending/Infrastructure Patterns | Sublime Security | 1mo ago Jan 16th, 2025 | /feeds/core/detection-rules/becfraud-urgent-language-and-suspicious-sendinginfrastructure-patterns-ba8a79e0 | |
Brand impersonation: Adobe (QR code) | Sublime Security | 2mo ago Dec 2nd, 2024 | /feeds/core/detection-rules/brand-impersonation-adobe-qr-code-2fc36c6d | |
Brand impersonation: Adobe with suspicious language and link | Sublime Security | 5mo ago Sep 19th, 2024 | /feeds/core/detection-rules/brand-impersonation-adobe-with-suspicious-language-and-link-32cc8bf1 | |
Brand impersonation: ADP | Sublime Security | 1y ago Jan 9th, 2024 | /feeds/core/detection-rules/brand-impersonation-adp-bb9cf46b | |
Brand impersonation: Amazon | Sublime Security | 1mo ago Jan 7th, 2025 | /feeds/core/detection-rules/brand-impersonation-amazon-13fc967d | |
Brand impersonation: Amazon with suspicious attachment | Sublime Security | 9mo ago May 3rd, 2024 | /feeds/core/detection-rules/brand-impersonation-amazon-with-suspicious-attachment-5751dcb9 | |
Brand impersonation: American Express (AMEX) | Sublime Security | 5mo ago Sep 12th, 2024 | /feeds/core/detection-rules/brand-impersonation-american-express-amex-992a9fa9 | |
Brand impersonation: Apple | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/brand-impersonation-apple-0b17f2c2 | |
Brand impersonation: Aramco | Sublime Security | 4mo ago Oct 10th, 2024 | /feeds/core/detection-rules/brand-impersonation-aramco-96e87699 | |
Brand impersonation: Bank of America | Sublime Security | 8mo ago Jun 14th, 2024 | /feeds/core/detection-rules/brand-impersonation-bank-of-america-d2fc6ea1 | |
Brand impersonation: Barracuda Networks | Sublime Security | 7mo ago Jul 8th, 2024 | /feeds/core/detection-rules/brand-impersonation-barracuda-networks-583fd5eb | |
Brand impersonation: Binance | Sublime Security | 9mo ago May 3rd, 2024 | /feeds/core/detection-rules/brand-impersonation-binance-c3302a76 | |
Brand impersonation: Blockchain[.]com | Sublime Security | 9mo ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-blockchaincom-0d85e555 | |
Brand Impersonation: Capital One | Sublime Security | 6d ago Feb 11th, 2025 | /feeds/core/detection-rules/brand-impersonation-capital-one-d53848e4 | |
Brand impersonation: Charles Schwab | Sublime Security | 4d ago Feb 13th, 2025 | /feeds/core/detection-rules/brand-impersonation-charles-schwab-7abde595 | |
Brand impersonation: Chase Bank | Sublime Security | 7mo ago Jul 9th, 2024 | /feeds/core/detection-rules/brand-impersonation-chase-bank-c680f1e7 | |
Brand Impersonation: Chase bank with credential phishing indicators | Sublime Security | 9mo ago Apr 25th, 2024 | /feeds/core/detection-rules/brand-impersonation-chase-bank-with-credential-phishing-indicators-d9577856 | |
Brand impersonation: Coinbase | Sublime Security | 9mo ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-coinbase-3dca757a | |
Brand Impersonation: Coinbase with suspicious links | Sublime Security | 2y ago Nov 18th, 2023 | /feeds/core/detection-rules/brand-impersonation-coinbase-with-suspicious-links-b61e2f8e | |
Brand impersonation: Dashlane | Sublime Security | 9mo ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-dashlane-9e400937 | |
Brand impersonation: DHL | Sublime Security | 10d ago Feb 7th, 2025 | /feeds/core/detection-rules/brand-impersonation-dhl-be4b4ae0 | |
Brand impersonation: Digital Ocean | Sublime Security | 11mo ago Mar 4th, 2024 | /feeds/core/detection-rules/brand-impersonation-digital-ocean-7f2f0e97 | |
Brand Impersonation: DocSend | Sublime Security | 5mo ago Sep 11th, 2024 | /feeds/core/detection-rules/brand-impersonation-docsend-cd9a3f7a | |
Brand impersonation: DocuSign | Sublime Security | 1mo ago Jan 10th, 2025 |