• Sublime Core Feed

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Sep 13th, 2024
Feed Source
GitHub
Tactic or Technique is
Rule Name & Severity
Author
Last Updated
Labels
Advance Fee Fraud (AFF) from freemail provider or suspicious TLD
Sublime Security
3 months ago
Jun 3rd, 2024
BEC/Fraud
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/advance-fee-fraud-aff-from-freemail-provider-or-suspicious-tld-6a5af373
Attachment: Archive containing HTML file with file scheme link
Sublime Security
6 months ago
Mar 7th, 2024
/feeds/core/detection-rules/attachment-archive-containing-html-file-with-file-scheme-link-edf6d0d9
Attachment: Callback Phishing solicitation via image file
@vector_sec
3 months ago
Jun 12th, 2024
/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36
Attachment: Callback Phishing solicitation via pdf file
Sublime Security
2 months ago
Jul 29th, 2024
/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097
Attachment: Callback Phishing solicitation via text-based file with a large unknown recipient list
Sublime Security
2 months ago
Jul 26th, 2024
/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-text-based-file-with-a-large-unknown-recipient-list-ca39c83a
Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d
Sublime Security
5 months ago
Apr 25th, 2024
/feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282
Attachment: Dropbox image lure with no Dropbox domains in links
Sublime Security
8 months ago
Jan 23rd, 2024
/feeds/core/detection-rules/attachment-dropbox-image-lure-with-no-dropbox-domains-in-links-500eee2d
Attachment: EML containing a base64 encoded script
Sublime Security
8 months ago
Jan 30th, 2024
/feeds/core/detection-rules/attachment-eml-containing-a-base64-encoded-script-fc3d9445
Attachment: EML with link to credential phishing page
Sublime Security
2 days ago
Sep 13th, 2024
/feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca
Attachment: Encrypted PDF With Credential Theft Body
Sublime Security
19 days ago
Aug 27th, 2024
/feeds/core/detection-rules/attachment-encrypted-pdf-with-credential-theft-body-c9596c9a
Attachment: Fake attachment image lure
Sublime Security
2 months ago
Jul 19th, 2024
/feeds/core/detection-rules/attachment-fake-attachment-image-lure-96b8b285
Attachment: Fake scan-to-email
Sublime Security
4 months ago
May 14th, 2024
/feeds/core/detection-rules/attachment-fake-scan-to-email-ea850cc1
Attachment: Fake secure message and suspicious indicators
Sublime Security
4 months ago
May 2nd, 2024
/feeds/core/detection-rules/attachment-fake-secure-message-and-suspicious-indicators-20a34d94
Attachment: Fake Slack installer
Sublime Security
10 months ago
Nov 29th, 2023
/feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f
Attachment: Fake Zoom installer
Sublime Security
10 months ago
Nov 29th, 2023
/feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6
Attachment: HTML Smuggling Microsoft Sign In
Sublime Security
8 months ago
Jan 31st, 2024
/feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385
Attachment: HTML smuggling with embedded base64 streamed file download
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-streamed-file-download-e04de4e2
Attachment: HTML smuggling with excessive string concatenation and suspicious patterns
Sublime Security
19 days ago
Aug 27th, 2024
/feeds/core/detection-rules/attachment-html-smuggling-with-excessive-string-concatenation-and-suspicious-patterns-e34fce8d
Attachment: Microsoft 365 Credential Phishing
Sublime Security
a month ago
Aug 7th, 2024
/feeds/core/detection-rules/attachment-microsoft-365-credential-phishing-edce0229
Attachment: Microsoft impersonation via PDF with link and suspicious language
Sublime Security
4 months ago
May 2nd, 2024
/feeds/core/detection-rules/attachment-microsoft-impersonation-via-pdf-with-link-and-suspicious-language-70d41c7f
Attachment: Office file contains OLE relationship to credential phishing page
Sublime Security
5 months ago
Apr 25th, 2024
/feeds/core/detection-rules/attachment-office-file-contains-ole-relationship-to-credential-phishing-page-d55793d0
Attachment: PDF file with Link to Fake Bitcoin Exchange
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-pdf-file-with-link-to-fake-bitcoin-exchange-47601cb7
Attachment: PDF with credential theft language and link to a free subdomain (unsolicited)
Sublime Security
8 months ago
Jan 30th, 2024
/feeds/core/detection-rules/attachment-pdf-with-credential-theft-language-and-link-to-a-free-subdomain-unsolicited-90f4ef4e
Attachment: QR code with credential phishing indicators
Sublime Security
2 months ago
Jul 29th, 2024
/feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1
Attachment: RFC822 containing suspicious file sharing language with links from untrusted sender
Sublime Security
5 months ago
Apr 3rd, 2024
/feeds/core/detection-rules/attachment-rfc822-containing-suspicious-file-sharing-language-with-links-from-untrusted-sender-d96854d7
Attachment: RFP/RFQ impersonating government entities
Sublime Security
8 months ago
Jan 30th, 2024
/feeds/core/detection-rules/attachment-rfprfq-impersonating-government-entities-3b73e3b3
Attachment: Small text file with link containing recipient email address
Sublime Security
4 months ago
May 14th, 2024
/feeds/core/detection-rules/attachment-small-text-file-with-link-containing-recipient-email-address-c0472c9d
Attachment with VBA macros from employee impersonation (unsolicited)
Sublime Security
7 months ago
Feb 26th, 2024
/feeds/core/detection-rules/attachment-with-vba-macros-from-employee-impersonation-unsolicited-9b262123
BEC: Employee impersonation with subject manipulation
Sublime Security
8 months ago
Jan 22nd, 2024
/feeds/core/detection-rules/bec-employee-impersonation-with-subject-manipulation-9adfc77b
BEC/Fraud: Generic Scam attempt to Undisclosed Receipients
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/becfraud-generic-scam-attempt-to-undisclosed-receipients-5dac401f
BEC/Fraud: Romance Scam
Sublime Security
10 months ago
Nov 23rd, 2023
/feeds/core/detection-rules/becfraud-romance-scam-0243cdaa
BEC with unusual Reply-to or Return-path mismatch
Sublime Security
19 days ago
Aug 27th, 2024
/feeds/core/detection-rules/bec-with-unusual-reply-to-or-return-path-mismatch-83e5e2df
Brand impersonation: Adobe with suspicious language and link
Sublime Security
2 months ago
Jul 18th, 2024
/feeds/core/detection-rules/brand-impersonation-adobe-with-suspicious-language-and-link-32cc8bf1
Brand impersonation: ADP
Sublime Security
8 months ago
Jan 9th, 2024
/feeds/core/detection-rules/brand-impersonation-adp-bb9cf46b
Brand impersonation: Amazon
Sublime Security
a month ago
Aug 19th, 2024
/feeds/core/detection-rules/brand-impersonation-amazon-13fc967d
Brand impersonation: Amazon with suspicious attachment
Sublime Security
4 months ago
May 3rd, 2024
/feeds/core/detection-rules/brand-impersonation-amazon-with-suspicious-attachment-5751dcb9
Brand impersonation: American Express (AMEX)
Sublime Security
3 days ago
Sep 12th, 2024
/feeds/core/detection-rules/brand-impersonation-american-express-amex-992a9fa9
Brand impersonation: Apple
Sublime Security
a year ago
Aug 21st, 2023
/feeds/core/detection-rules/brand-impersonation-apple-0b17f2c2
Brand impersonation: Aramco
Sublime Security
3 months ago
Jun 20th, 2024
/feeds/core/detection-rules/brand-impersonation-aramco-96e87699
Brand impersonation: Bank of America
Sublime Security
3 months ago
Jun 14th, 2024
/feeds/core/detection-rules/brand-impersonation-bank-of-america-d2fc6ea1
Brand impersonation: Barracuda Networks
Sublime Security
2 months ago
Jul 8th, 2024
/feeds/core/detection-rules/brand-impersonation-barracuda-networks-583fd5eb
Brand impersonation: Binance
Sublime Security
4 months ago
May 3rd, 2024
/feeds/core/detection-rules/brand-impersonation-binance-c3302a76
Brand impersonation: Blockchain[.]com
Sublime Security
5 months ago
Apr 23rd, 2024
/feeds/core/detection-rules/brand-impersonation-blockchaincom-0d85e555
Brand impersonation: Chase Bank
Sublime Security
2 months ago
Jul 9th, 2024
/feeds/core/detection-rules/brand-impersonation-chase-bank-c680f1e7
Brand Impersonation: Chase bank with credential phishing indicators
Sublime Security
5 months ago
Apr 25th, 2024