Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Sep 13th, 2024
Feed Source
Tactic or Technique is
Rule Name & Severity | Author | Last Updated | Labels | |
---|---|---|---|---|
Advance Fee Fraud (AFF) from freemail provider or suspicious TLD | Sublime Security | 3 months ago Jun 3rd, 2024 | /feeds/core/detection-rules/advance-fee-fraud-aff-from-freemail-provider-or-suspicious-tld-6a5af373 | |
Attachment: Archive containing HTML file with file scheme link | Sublime Security | 6 months ago Mar 7th, 2024 | /feeds/core/detection-rules/attachment-archive-containing-html-file-with-file-scheme-link-edf6d0d9 | |
Attachment: Callback Phishing solicitation via image file | @vector_sec | 3 months ago Jun 12th, 2024 | /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36 | |
Attachment: Callback Phishing solicitation via pdf file | Sublime Security | 2 months ago Jul 29th, 2024 | /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097 | |
Attachment: Callback Phishing solicitation via text-based file with a large unknown recipient list | Sublime Security | 2 months ago Jul 26th, 2024 | /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-text-based-file-with-a-large-unknown-recipient-list-ca39c83a | |
Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d | Sublime Security | 5 months ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282 | |
Attachment: Dropbox image lure with no Dropbox domains in links | Sublime Security | 8 months ago Jan 23rd, 2024 | /feeds/core/detection-rules/attachment-dropbox-image-lure-with-no-dropbox-domains-in-links-500eee2d | |
Attachment: EML containing a base64 encoded script | Sublime Security | 8 months ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-eml-containing-a-base64-encoded-script-fc3d9445 | |
Attachment: EML with link to credential phishing page | Sublime Security | 2 days ago Sep 13th, 2024 | /feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca | |
Attachment: Encrypted PDF With Credential Theft Body | Sublime Security | 19 days ago Aug 27th, 2024 | /feeds/core/detection-rules/attachment-encrypted-pdf-with-credential-theft-body-c9596c9a | |
Attachment: Fake attachment image lure | Sublime Security | 2 months ago Jul 19th, 2024 | /feeds/core/detection-rules/attachment-fake-attachment-image-lure-96b8b285 | |
Attachment: Fake scan-to-email | Sublime Security | 4 months ago May 14th, 2024 | /feeds/core/detection-rules/attachment-fake-scan-to-email-ea850cc1 | |
Attachment: Fake secure message and suspicious indicators | Sublime Security | 4 months ago May 2nd, 2024 | /feeds/core/detection-rules/attachment-fake-secure-message-and-suspicious-indicators-20a34d94 | |
Attachment: Fake Slack installer | Sublime Security | 10 months ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f | |
Attachment: Fake Zoom installer | Sublime Security | 10 months ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6 | |
Attachment: HTML Smuggling Microsoft Sign In | Sublime Security | 8 months ago Jan 31st, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385 | |
Attachment: HTML smuggling with embedded base64 streamed file download | Sublime Security | a year ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-streamed-file-download-e04de4e2 | |
Attachment: HTML smuggling with excessive string concatenation and suspicious patterns | Sublime Security | 19 days ago Aug 27th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-excessive-string-concatenation-and-suspicious-patterns-e34fce8d | |
Attachment: Microsoft 365 Credential Phishing | Sublime Security | a month ago Aug 7th, 2024 | /feeds/core/detection-rules/attachment-microsoft-365-credential-phishing-edce0229 | |
Attachment: Microsoft impersonation via PDF with link and suspicious language | Sublime Security | 4 months ago May 2nd, 2024 | /feeds/core/detection-rules/attachment-microsoft-impersonation-via-pdf-with-link-and-suspicious-language-70d41c7f | |
Attachment: Office file contains OLE relationship to credential phishing page | Sublime Security | 5 months ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-office-file-contains-ole-relationship-to-credential-phishing-page-d55793d0 | |
Attachment: PDF file with Link to Fake Bitcoin Exchange | Sublime Security | a year ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-pdf-file-with-link-to-fake-bitcoin-exchange-47601cb7 | |
Attachment: PDF with credential theft language and link to a free subdomain (unsolicited) | Sublime Security | 8 months ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-pdf-with-credential-theft-language-and-link-to-a-free-subdomain-unsolicited-90f4ef4e | |
Attachment: QR code with credential phishing indicators | Sublime Security | 2 months ago Jul 29th, 2024 | /feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1 | |
Attachment: RFC822 containing suspicious file sharing language with links from untrusted sender | Sublime Security | 5 months ago Apr 3rd, 2024 | /feeds/core/detection-rules/attachment-rfc822-containing-suspicious-file-sharing-language-with-links-from-untrusted-sender-d96854d7 | |
Attachment: RFP/RFQ impersonating government entities | Sublime Security | 8 months ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-rfprfq-impersonating-government-entities-3b73e3b3 | |
Attachment: Small text file with link containing recipient email address | Sublime Security | 4 months ago May 14th, 2024 | /feeds/core/detection-rules/attachment-small-text-file-with-link-containing-recipient-email-address-c0472c9d | |
Attachment with VBA macros from employee impersonation (unsolicited) | Sublime Security | 7 months ago Feb 26th, 2024 | /feeds/core/detection-rules/attachment-with-vba-macros-from-employee-impersonation-unsolicited-9b262123 | |
BEC: Employee impersonation with subject manipulation | Sublime Security | 8 months ago Jan 22nd, 2024 | /feeds/core/detection-rules/bec-employee-impersonation-with-subject-manipulation-9adfc77b | |
BEC/Fraud: Generic Scam attempt to Undisclosed Receipients | Sublime Security | 5 months ago Apr 23rd, 2024 | /feeds/core/detection-rules/becfraud-generic-scam-attempt-to-undisclosed-receipients-5dac401f | |
BEC/Fraud: Romance Scam | Sublime Security | 10 months ago Nov 23rd, 2023 | /feeds/core/detection-rules/becfraud-romance-scam-0243cdaa | |
BEC with unusual Reply-to or Return-path mismatch | Sublime Security | 19 days ago Aug 27th, 2024 | /feeds/core/detection-rules/bec-with-unusual-reply-to-or-return-path-mismatch-83e5e2df | |
Brand impersonation: Adobe with suspicious language and link | Sublime Security | 2 months ago Jul 18th, 2024 | /feeds/core/detection-rules/brand-impersonation-adobe-with-suspicious-language-and-link-32cc8bf1 | |
Brand impersonation: ADP | Sublime Security | 8 months ago Jan 9th, 2024 | /feeds/core/detection-rules/brand-impersonation-adp-bb9cf46b | |
Brand impersonation: Amazon | Sublime Security | a month ago Aug 19th, 2024 | /feeds/core/detection-rules/brand-impersonation-amazon-13fc967d | |
Brand impersonation: Amazon with suspicious attachment | Sublime Security | 4 months ago May 3rd, 2024 | /feeds/core/detection-rules/brand-impersonation-amazon-with-suspicious-attachment-5751dcb9 | |
Brand impersonation: American Express (AMEX) | Sublime Security | 3 days ago Sep 12th, 2024 | /feeds/core/detection-rules/brand-impersonation-american-express-amex-992a9fa9 | |
Brand impersonation: Apple | Sublime Security | a year ago Aug 21st, 2023 | /feeds/core/detection-rules/brand-impersonation-apple-0b17f2c2 | |
Brand impersonation: Aramco | Sublime Security | 3 months ago Jun 20th, 2024 | /feeds/core/detection-rules/brand-impersonation-aramco-96e87699 | |
Brand impersonation: Bank of America | Sublime Security | 3 months ago Jun 14th, 2024 | /feeds/core/detection-rules/brand-impersonation-bank-of-america-d2fc6ea1 | |
Brand impersonation: Barracuda Networks | Sublime Security | 2 months ago Jul 8th, 2024 | /feeds/core/detection-rules/brand-impersonation-barracuda-networks-583fd5eb | |
Brand impersonation: Binance | Sublime Security | 4 months ago May 3rd, 2024 | /feeds/core/detection-rules/brand-impersonation-binance-c3302a76 | |
Brand impersonation: Blockchain[.]com | Sublime Security | 5 months ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-blockchaincom-0d85e555 | |
Brand impersonation: Chase Bank | Sublime Security | 2 months ago Jul 9th, 2024 | /feeds/core/detection-rules/brand-impersonation-chase-bank-c680f1e7 | |
Brand Impersonation: Chase bank with credential phishing indicators | Sublime Security | 5 months ago Apr 25th, 2024 |