Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Mar 21st, 2025
Feed Source
Tactic or Technique is
Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Attachment: HTML smuggling - QR Code with suspicious links | Sublime Security | 11mo ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-qr-code-with-suspicious-links-010e757d | |
Attachment: QR Code Link With Base64-Encoded Recipient Address | Sublime Security | 26d ago Feb 25th, 2025 | /feeds/core/detection-rules/attachment-qr-code-link-with-base64-encoded-recipient-address-927a0c1a | |
Attachment: QR code with credential phishing indicators | Sublime Security | 5d ago Mar 18th, 2025 | /feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1 | |
Attachment: QR Code With Userinfo Portion | Sublime Security | 30d ago Feb 21st, 2025 | /feeds/core/detection-rules/attachment-qr-code-with-userinfo-portion-9d62cc5c | |
Attachment: SVG Files With Evasion Elements | Sublime Security | 30d ago Feb 21st, 2025 | /feeds/core/detection-rules/attachment-svg-files-with-evasion-elements-5d2dbb60 | |
Brand impersonation: Adobe (QR code) | Sublime Security | 27d ago Feb 24th, 2025 | /feeds/core/detection-rules/brand-impersonation-adobe-qr-code-2fc36c6d | |
Brand impersonation: DocuSign (QR code) | Sublime Security | 9mo ago Jun 12th, 2024 | /feeds/core/detection-rules/brand-impersonation-docusign-qr-code-0b16c28a | |
Brand Impersonation: DocuSign with embedded QR code | Sublime Security | 10mo ago May 2nd, 2024 | /feeds/core/detection-rules/brand-impersonation-docusign-with-embedded-qr-code-f5cde463 | |
Brand Impersonation: Google (QR Code) | Sublime Security | 11mo ago Apr 3rd, 2024 | /feeds/core/detection-rules/brand-impersonation-google-qr-code-7ffd184c | |
Brand impersonation: Microsoft (QR code) | Sublime Security | 7mo ago Aug 9th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-qr-code-ed0f772a | |
Extortion / Sextortion - PDF attachment leveraging breach data from freemail sender | Sublime Security | 1mo ago Feb 3rd, 2025 | /feeds/core/detection-rules/extortion-sextortion-pdf-attachment-leveraging-breach-data-from-freemail-sender-efb5a213 | |
Link: QR code in EML attachment with credential phishing indicators | Sublime Security | 11mo ago Apr 25th, 2024 | /feeds/core/detection-rules/link-qr-code-in-eml-attachment-with-credential-phishing-indicators-9908ed3a | |
Link: QR code with phishing disposition in img or pdf | Sublime Security | 11mo ago Apr 25th, 2024 | /feeds/core/detection-rules/link-qr-code-with-phishing-disposition-in-img-or-pdf-8e8949f6 | |
Link: QR Code with suspicious language (untrusted sender) | Sublime Security | 26d ago Feb 25th, 2025 | /feeds/core/detection-rules/link-qr-code-with-suspicious-language-untrusted-sender-25a84d1c | |
Open redirect: typedrawers.com | Sublime Security | 3mo ago Nov 26th, 2024 | /feeds/core/detection-rules/open-redirect-typedrawerscom-158d9e95 | |
QR Code with suspicious indicators | Sublime Security | 1mo ago Feb 7th, 2025 | /feeds/core/detection-rules/qr-code-with-suspicious-indicators-04f5c34f |