Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Feb 14th, 2025
Feed Source
Tactic or Technique is
Rule Name & Severity | Author | Last Updated | Labels | |
---|---|---|---|---|
Advance Fee Fraud (AFF) from freemail provider or suspicious TLD | Sublime Security | 3mo ago Nov 5th, 2024 | /feeds/core/detection-rules/advance-fee-fraud-aff-from-freemail-provider-or-suspicious-tld-6a5af373 | |
Attachment: Archive containing HTML file with file scheme link | Sublime Security | 11mo ago Mar 7th, 2024 | /feeds/core/detection-rules/attachment-archive-containing-html-file-with-file-scheme-link-edf6d0d9 | |
Attachment: Callback Phishing solicitation via image file | @vector_sec | 3mo ago Nov 4th, 2024 | /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36 | |
Attachment: Callback Phishing solicitation via pdf file | Sublime Security | 1mo ago Dec 19th, 2024 | /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097 | |
Attachment: Callback Phishing solicitation via text-based file with a large unknown recipient list | Sublime Security | 6mo ago Jul 26th, 2024 | /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-text-based-file-with-a-large-unknown-recipient-list-ca39c83a | |
Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d | Sublime Security | 9mo ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282 | |
Attachment: Dropbox image lure with no Dropbox domains in links | Sublime Security | 1y ago Jan 23rd, 2024 | /feeds/core/detection-rules/attachment-dropbox-image-lure-with-no-dropbox-domains-in-links-500eee2d | |
Attachment: EML containing a base64 encoded script | Sublime Security | 1y ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-eml-containing-a-base64-encoded-script-fc3d9445 | |
Attachment: EML with link to credential phishing page | Sublime Security | 5mo ago Sep 13th, 2024 | /feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca | |
Attachment: EML with Suspicious Indicators | Sublime Security | 2mo ago Nov 19th, 2024 | /feeds/core/detection-rules/attachment-eml-with-suspicious-indicators-deb5d08d | |
Attachment: Encrypted PDF With Credential Theft Body | Sublime Security | 4mo ago Oct 10th, 2024 | /feeds/core/detection-rules/attachment-encrypted-pdf-with-credential-theft-body-c9596c9a | |
Attachment: Fake attachment image lure | Sublime Security | 7mo ago Jul 19th, 2024 | /feeds/core/detection-rules/attachment-fake-attachment-image-lure-96b8b285 | |
Attachment: Fake scan-to-email | Sublime Security | 3mo ago Oct 28th, 2024 | /feeds/core/detection-rules/attachment-fake-scan-to-email-ea850cc1 | |
Attachment: Fake secure message and suspicious indicators | Sublime Security | 5mo ago Sep 16th, 2024 | /feeds/core/detection-rules/attachment-fake-secure-message-and-suspicious-indicators-20a34d94 | |
Attachment: Fake Slack installer | Sublime Security | 2y ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f | |
Attachment: Fake Zoom installer | Sublime Security | 2y ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6 | |
Attachment: HTML Smuggling Microsoft Sign In | Sublime Security | 1y ago Jan 31st, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385 | |
Attachment: HTML smuggling with embedded base64 streamed file download | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-streamed-file-download-e04de4e2 | |
Attachment: HTML smuggling with excessive string concatenation and suspicious patterns | Sublime Security | 5mo ago Aug 27th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-excessive-string-concatenation-and-suspicious-patterns-e34fce8d | |
Attachment: HTML With Emoji-to-Character Map | Sublime Security | 2mo ago Dec 2nd, 2024 | /feeds/core/detection-rules/attachment-html-with-emoji-to-character-map-3119d086 | |
Attachment: Link to Doubleclick.net Open Redirect | Sublime Security | 3mo ago Oct 24th, 2024 | /feeds/core/detection-rules/attachment-link-to-doubleclicknet-open-redirect-506c16cc | |
Attachment: Microsoft 365 Credential Phishing | Sublime Security | 4mo ago Oct 16th, 2024 | /feeds/core/detection-rules/attachment-microsoft-365-credential-phishing-edce0229 | |
Attachment: Microsoft impersonation via PDF with link and suspicious language | Sublime Security | 9mo ago May 2nd, 2024 | /feeds/core/detection-rules/attachment-microsoft-impersonation-via-pdf-with-link-and-suspicious-language-70d41c7f | |
Attachment: Office file contains OLE relationship to credential phishing page | Sublime Security | 2mo ago Dec 18th, 2024 | /feeds/core/detection-rules/attachment-office-file-contains-ole-relationship-to-credential-phishing-page-d55793d0 | |
Attachment: PDF file with Link to Fake Bitcoin Exchange | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-pdf-file-with-link-to-fake-bitcoin-exchange-47601cb7 | |
Attachment: PDF with credential theft language and link to a free subdomain (unsolicited) | Sublime Security | 1y ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-pdf-with-credential-theft-language-and-link-to-a-free-subdomain-unsolicited-90f4ef4e | |
Attachment: QR code with credential phishing indicators | Sublime Security | 6mo ago Jul 29th, 2024 | /feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1 | |
Attachment: RFC822 containing suspicious file sharing language with links from untrusted sender | Sublime Security | 10mo ago Apr 3rd, 2024 | /feeds/core/detection-rules/attachment-rfc822-containing-suspicious-file-sharing-language-with-links-from-untrusted-sender-d96854d7 | |
Attachment: RFP/RFQ impersonating government entities | Sublime Security | 1y ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-rfprfq-impersonating-government-entities-3b73e3b3 | |
Attachment: Small text file with link containing recipient email address | Sublime Security | 3mo ago Oct 23rd, 2024 | /feeds/core/detection-rules/attachment-small-text-file-with-link-containing-recipient-email-address-c0472c9d | |
Attachment with VBA macros from employee impersonation (unsolicited) | Sublime Security | 11mo ago Feb 26th, 2024 | /feeds/core/detection-rules/attachment-with-vba-macros-from-employee-impersonation-unsolicited-9b262123 | |
BEC: Employee impersonation with subject manipulation | Sublime Security | 1y ago Jan 22nd, 2024 | /feeds/core/detection-rules/bec-employee-impersonation-with-subject-manipulation-9adfc77b | |
BEC/Fraud: Generic Scam attempt to Undisclosed Receipients | Sublime Security | 9mo ago Apr 23rd, 2024 | /feeds/core/detection-rules/becfraud-generic-scam-attempt-to-undisclosed-receipients-5dac401f | |
BEC/Fraud: Romance Scam | Sublime Security | 2y ago Nov 23rd, 2023 | /feeds/core/detection-rules/becfraud-romance-scam-0243cdaa | |
BEC/Fraud - Student loan callback phishing | Sublime Security | 4mo ago Oct 4th, 2024 |