Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated May 15th, 2024
Feed Source
Tactic or Technique is
Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Attachment: Archive contains DLL-loading macro | Sublime Security | 5 months ago Dec 28th, 2023 | /feeds/core/detection-rules/attachment-archive-contains-dll-loading-macro-3a193f5f | |
Attachment: .csproj with suspicious commands | Sublime Security | 9 months ago Aug 17th, 2023 | /feeds/core/detection-rules/attachment-csproj-with-suspicious-commands-fe45b81d | |
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability | Sublime Security | 5 months ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-cve-2021-40444-mshtml-remote-code-execution-vulnerability-8cefcf7f | |
Attachment: Double Base64-encoded Zip File in HTML Smuggling Attachment | @ajpc500 | 7 months ago Oct 4th, 2023 | /feeds/core/detection-rules/attachment-double-base64-encoded-zip-file-in-html-smuggling-attachment-61ebb07b | |
Attachment: Embedded Javascript in SVG file (unsolicited) | Sublime Security | 7 months ago Oct 4th, 2023 | /feeds/core/detection-rules/attachment-embedded-javascript-in-svg-file-unsolicited-f70293bc | |
Attachment: Embedded VBScript in MHT file (unsolicited) | Sublime Security | 7 months ago Oct 4th, 2023 | /feeds/core/detection-rules/attachment-embedded-vbscript-in-mht-file-unsolicited-b30353a6 | |
Attachment: EML containing a base64 encoded script | Sublime Security | 3 months ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-eml-containing-a-base64-encoded-script-fc3d9445 | |
Attachment: Encrypted Microsoft Office file (unsolicited) | Sublime Security | 5 months ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-encrypted-microsoft-office-file-unsolicited-1e47e953 | |
Attachment: Fake Slack installer | Sublime Security | 6 months ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f | |
Attachment: Fake Zoom installer | Sublime Security | 6 months ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6 | |
Attachment: File execution via Javascript | Sublime Security | 5 months ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-file-execution-via-javascript-627ae0b1 | |
Attachment: HTML Attachment with Javascript location | @vector_sec | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-attachment-with-javascript-location-e0611295 | |
Attachment: HTML Attachment with Login Portal Indicators | @ajpc500 | 22 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-html-attachment-with-login-portal-indicators-3aabf4a7 | |
Attachment: HTML file contains exclusively Javascript | Sublime Security | 3 months ago Feb 1st, 2024 | /feeds/core/detection-rules/attachment-html-file-contains-exclusively-javascript-b6d38168 | |
Attachment: HTML file with reference to recipient and suspicious patterns | Sublime Security | 12 days ago May 3rd, 2024 | /feeds/core/detection-rules/attachment-html-file-with-reference-to-recipient-and-suspicious-patterns-5333493d | |
Attachment: HTML smuggling 'body onload' linking to suspicious destination | Sublime Security | 8 months ago Sep 22nd, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-body-onload-linking-to-suspicious-destination-c1e2beed | |
Attachment: HTML smuggling 'body onload' with high entropy and suspicious text | Sublime Security | 8 months ago Sep 25th, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-body-onload-with-high-entropy-and-suspicious-text-329ac12d | |
Attachment: HTML smuggling with atob and high entropy | Sublime Security | 22 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-03fcac11 | |
Attachment: HTML smuggling with auto-downloaded file | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-auto-downloaded-file-abf724f5 | |
Attachment: HTML smuggling with base64 encoded JavaScript function | Sublime Security | 9 months ago Aug 27th, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-base64-encoded-javascript-function-4e8a12ec | |
Attachment: HTML smuggling with concatenation obfuscation | @vector_sec | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-concatenation-obfuscation-108ab346 | |
Attachment: HTML smuggling with decimal encoding | Sublime Security | 22 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-decimal-encoding-f99213c4 | |
Attachment: HTML smuggling with embedded base64 streamed file download | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-streamed-file-download-e04de4e2 | |
Attachment: HTML smuggling with eval and atob | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-eval-and-atob-9f521ca2 | |
Attachment: HTML smuggling with excessive line break obfuscation | Sublime Security | 8 months ago Sep 8th, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-excessive-line-break-obfuscation-7e901440 | |
Attachment: HTML smuggling with fromCharCode and other signals | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-fromcharcode-and-other-signals-a68ce0ef | |
Attachment: HTML smuggling with high entropy and other signals | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-high-entropy-and-other-signals-be157288 | |
Attachment: HTML smuggling with RC4 decryption | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-rc4-decryption-3a46d765 | |
Attachment: HTML smuggling with ROT13 | @Kyle_Parrish_ | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-rot13-6eacc4cf | |
Attachment: HTML smuggling with setTimeout | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-settimeout-4e0b2c32 | |
Attachment: HTML smuggling with unescape | Sublime Security | 8 months ago Sep 22nd, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-unescape-0b0fed36 | |
Attachment: HTML with obfuscation and recipient's email in JavaScript strings | Sublime Security | 3 months ago Feb 7th, 2024 | /feeds/core/detection-rules/attachment-html-with-obfuscation-and-recipients-email-in-javascript-strings-1aff486b | |
Attachment: JavaScript file with suspicious base64-encoded executable | Sublime Security | a month ago Apr 1st, 2024 | /feeds/core/detection-rules/attachment-javascript-file-with-suspicious-base64-encoded-executable-b8db0cf3 | |
Attachment: LNK with embedded content | @ajpc500 | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-lnk-with-embedded-content-41452f7a | |
Attachment: Macro with Suspected Use of COM ShellBrowserWindow Object for Process Creation | @ajpc500 | 5 months ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-macro-with-suspected-use-of-com-shellbrowserwindow-object-for-process-creation-527fc7f0 | |
Attachment: Malicious OneNote Commands | @Kyle_Parrish_ | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-malicious-onenote-commands-7319f0eb | |
Attachment: Microsoft impersonation via PDF with link and suspicious language | Sublime Security | 13 days ago May 2nd, 2024 | /feeds/core/detection-rules/attachment-microsoft-impersonation-via-pdf-with-link-and-suspicious-language-70d41c7f | |
Attachment: Office Document with VSTO Add-in | @vector_sec | 4 months ago Jan 11th, 2024 | /feeds/core/detection-rules/attachment-office-document-with-vsto-add-in-27afa730 | |
Attachment: Office file with suspicious function calls or downloaded file path | Sublime Security | 3 months ago Feb 9th, 2024 | /feeds/core/detection-rules/attachment-office-file-with-suspicious-function-calls-or-downloaded-file-path-4c78b969 | |
Attachment: PDF with embedded Javascript | Sublime Security | 5 months ago Nov 30th, 2023 | /feeds/core/detection-rules/attachment-pdf-with-embedded-javascript-d4cde94f | |
Attachment: PowerPoint with suspicious hyperlink | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-powerpoint-with-suspicious-hyperlink-0a999fb1 | |
Attachment: PowerShell Content | @ajpc500 | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-powershell-content-c12566db | |
Attachment: SFX archive containing commands | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-sfx-archive-containing-commands-343e6c8c | |
Attachment: SVG file execution | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-svg-file-execution-084b0cde | |
CVE-2023-5631 - Roundcube Webmail XSS via crafted SVG | Sublime Security | 3 months ago Feb 23rd, 2024 | /feeds/core/detection-rules/cve-2023-5631-roundcube-webmail-xss-via-crafted-svg-8405d61b | |
HTML smuggling containing recipient email address | Sublime Security | 12 days ago May 3rd, 2024 | /feeds/core/detection-rules/html-smuggling-containing-recipient-email-address-af32ff2f | |
Mass campaign: Cross Site Scripting (XSS) attempt | Sublime Security | 2 months ago Mar 27th, 2024 | /feeds/core/detection-rules/mass-campaign-cross-site-scripting-xss-attempt-6cbb7124 |
47 Rules