• Sublime Core Feed

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Feb 14th, 2025
Feed Source
GitHub
Tactic or Technique is
Rule Name & Severity
Author
Last Updated
Labels
Advance Fee Fraud (AFF) from freemail provider or suspicious TLD
Sublime Security
3mo ago
Nov 5th, 2024
BEC/Fraud
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/advance-fee-fraud-aff-from-freemail-provider-or-suspicious-tld-6a5af373
Attachment: Archive containing HTML file with file scheme link
Sublime Security
11mo ago
Mar 7th, 2024
/feeds/core/detection-rules/attachment-archive-containing-html-file-with-file-scheme-link-edf6d0d9
Attachment: Callback Phishing solicitation via image file
@vector_sec
3mo ago
Nov 4th, 2024
/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36
Attachment: Callback Phishing solicitation via pdf file
Sublime Security
1mo ago
Dec 19th, 2024
/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097
Attachment: Callback Phishing solicitation via text-based file with a large unknown recipient list
Sublime Security
6mo ago
Jul 26th, 2024
/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-text-based-file-with-a-large-unknown-recipient-list-ca39c83a
Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d
Sublime Security
9mo ago
Apr 25th, 2024
/feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282
Attachment: Dropbox image lure with no Dropbox domains in links
Sublime Security
1y ago
Jan 23rd, 2024
/feeds/core/detection-rules/attachment-dropbox-image-lure-with-no-dropbox-domains-in-links-500eee2d
Attachment: EML containing a base64 encoded script
Sublime Security
1y ago
Jan 30th, 2024
/feeds/core/detection-rules/attachment-eml-containing-a-base64-encoded-script-fc3d9445
Attachment: EML with link to credential phishing page
Sublime Security
5mo ago
Sep 13th, 2024
/feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca
Attachment: EML with Suspicious Indicators
Sublime Security
2mo ago
Nov 19th, 2024
/feeds/core/detection-rules/attachment-eml-with-suspicious-indicators-deb5d08d
Attachment: Encrypted PDF With Credential Theft Body
Sublime Security
4mo ago
Oct 10th, 2024
/feeds/core/detection-rules/attachment-encrypted-pdf-with-credential-theft-body-c9596c9a
Attachment: Fake attachment image lure
Sublime Security
7mo ago
Jul 19th, 2024
/feeds/core/detection-rules/attachment-fake-attachment-image-lure-96b8b285
Attachment: Fake scan-to-email
Sublime Security
3mo ago
Oct 28th, 2024
/feeds/core/detection-rules/attachment-fake-scan-to-email-ea850cc1
Attachment: Fake secure message and suspicious indicators
Sublime Security
5mo ago
Sep 16th, 2024
/feeds/core/detection-rules/attachment-fake-secure-message-and-suspicious-indicators-20a34d94
Attachment: Fake Slack installer
Sublime Security
2y ago
Nov 29th, 2023
/feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f
Attachment: Fake Zoom installer
Sublime Security
2y ago
Nov 29th, 2023
/feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6
Attachment: HTML Smuggling Microsoft Sign In
Sublime Security
1y ago
Jan 31st, 2024
/feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385
Attachment: HTML smuggling with embedded base64 streamed file download
Sublime Security
2y ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-streamed-file-download-e04de4e2
Attachment: HTML smuggling with excessive string concatenation and suspicious patterns
Sublime Security
5mo ago
Aug 27th, 2024
/feeds/core/detection-rules/attachment-html-smuggling-with-excessive-string-concatenation-and-suspicious-patterns-e34fce8d
Attachment: HTML With Emoji-to-Character Map
Sublime Security
2mo ago
Dec 2nd, 2024
/feeds/core/detection-rules/attachment-html-with-emoji-to-character-map-3119d086
Attachment: Link to Doubleclick.net Open Redirect
Sublime Security
3mo ago
Oct 24th, 2024
/feeds/core/detection-rules/attachment-link-to-doubleclicknet-open-redirect-506c16cc
Attachment: Microsoft 365 Credential Phishing
Sublime Security
4mo ago
Oct 16th, 2024
/feeds/core/detection-rules/attachment-microsoft-365-credential-phishing-edce0229
Attachment: Microsoft impersonation via PDF with link and suspicious language
Sublime Security
9mo ago
May 2nd, 2024
/feeds/core/detection-rules/attachment-microsoft-impersonation-via-pdf-with-link-and-suspicious-language-70d41c7f
Attachment: Office file contains OLE relationship to credential phishing page
Sublime Security
2mo ago
Dec 18th, 2024
/feeds/core/detection-rules/attachment-office-file-contains-ole-relationship-to-credential-phishing-page-d55793d0
Attachment: PDF file with Link to Fake Bitcoin Exchange
Sublime Security
2y ago
Aug 21st, 2023
/feeds/core/detection-rules/attachment-pdf-file-with-link-to-fake-bitcoin-exchange-47601cb7
Attachment: PDF with credential theft language and link to a free subdomain (unsolicited)
Sublime Security
1y ago
Jan 30th, 2024
/feeds/core/detection-rules/attachment-pdf-with-credential-theft-language-and-link-to-a-free-subdomain-unsolicited-90f4ef4e
Attachment: QR code with credential phishing indicators
Sublime Security
6mo ago
Jul 29th, 2024
/feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1
Attachment: RFC822 containing suspicious file sharing language with links from untrusted sender
Sublime Security
10mo ago
Apr 3rd, 2024
/feeds/core/detection-rules/attachment-rfc822-containing-suspicious-file-sharing-language-with-links-from-untrusted-sender-d96854d7
Attachment: RFP/RFQ impersonating government entities
Sublime Security
1y ago
Jan 30th, 2024
/feeds/core/detection-rules/attachment-rfprfq-impersonating-government-entities-3b73e3b3
Attachment: Small text file with link containing recipient email address
Sublime Security
3mo ago
Oct 23rd, 2024
/feeds/core/detection-rules/attachment-small-text-file-with-link-containing-recipient-email-address-c0472c9d
Attachment with VBA macros from employee impersonation (unsolicited)
Sublime Security
11mo ago
Feb 26th, 2024
/feeds/core/detection-rules/attachment-with-vba-macros-from-employee-impersonation-unsolicited-9b262123
BEC: Employee impersonation with subject manipulation
Sublime Security
1y ago
Jan 22nd, 2024
/feeds/core/detection-rules/bec-employee-impersonation-with-subject-manipulation-9adfc77b
BEC/Fraud: Generic Scam attempt to Undisclosed Receipients
Sublime Security
9mo ago
Apr 23rd, 2024
/feeds/core/detection-rules/becfraud-generic-scam-attempt-to-undisclosed-receipients-5dac401f
BEC/Fraud: Romance Scam
Sublime Security
2y ago
Nov 23rd, 2023
/feeds/core/detection-rules/becfraud-romance-scam-0243cdaa
BEC/Fraud - Student loan callback phishing
Sublime Security
4mo ago
Oct 4th, 2024