Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated May 15th, 2024
Feed Source
Tactic or Technique is
Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Advance Fee Fraud (AFF) from freemail provider or suspicious TLD | Sublime Security | 3 months ago Feb 23rd, 2024 | /feeds/core/detection-rules/advance-fee-fraud-aff-from-freemail-provider-or-suspicious-tld-6a5af373 | |
Attachment: Archive containing HTML file with file scheme link | Sublime Security | 2 months ago Mar 7th, 2024 | /feeds/core/detection-rules/attachment-archive-containing-html-file-with-file-scheme-link-edf6d0d9 | |
Attachment: Callback Phishing solicitation via image file | @vector_sec | a month ago Apr 2nd, 2024 | /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36 | |
Attachment: Callback Phishing solicitation via pdf file | Sublime Security | 10 hours ago May 15th, 2024 | /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097 | |
Attachment: Callback Phishing solicitation via text file with a large unknown recipient list | Sublime Security | a month ago Apr 8th, 2024 | /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-text-file-with-a-large-unknown-recipient-list-ca39c83a | |
Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d | Sublime Security | 20 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282 | |
Attachment: Dropbox image lure with no Dropbox domains in links | Sublime Security | 4 months ago Jan 23rd, 2024 | /feeds/core/detection-rules/attachment-dropbox-image-lure-with-no-dropbox-domains-in-links-500eee2d | |
Attachment: EML containing a base64 encoded script | Sublime Security | 3 months ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-eml-containing-a-base64-encoded-script-fc3d9445 | |
Attachment: EML with link to credential phishing page | Sublime Security | 9 days ago May 6th, 2024 | /feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca | |
Attachment: Fake attachment image lure | Sublime Security | 22 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-fake-attachment-image-lure-96b8b285 | |
Attachment: Fake scan-to-email | Sublime Security | a day ago May 14th, 2024 | /feeds/core/detection-rules/attachment-fake-scan-to-email-ea850cc1 | |
Attachment: Fake secure message and suspicious indicators | Sublime Security | 13 days ago May 2nd, 2024 | /feeds/core/detection-rules/attachment-fake-secure-message-and-suspicious-indicators-20a34d94 | |
Attachment: Fake Slack installer | Sublime Security | 6 months ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f | |
Attachment: Fake Zoom installer | Sublime Security | 6 months ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6 | |
Attachment: HTML Smuggling Microsoft Sign In | Sublime Security | 4 months ago Jan 31st, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385 | |
Attachment: HTML smuggling with embedded base64 streamed file download | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-streamed-file-download-e04de4e2 | |
Attachment: Microsoft 365 Credential Phishing | Sublime Security | 22 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-microsoft-365-credential-phishing-edce0229 | |
Attachment: Microsoft impersonation via PDF with link and suspicious language | Sublime Security | 13 days ago May 2nd, 2024 | /feeds/core/detection-rules/attachment-microsoft-impersonation-via-pdf-with-link-and-suspicious-language-70d41c7f | |
Attachment: Office file contains OLE relationship to credential phishing page | Sublime Security | 20 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-office-file-contains-ole-relationship-to-credential-phishing-page-d55793d0 | |
Attachment: PDF file with Link to Fake Bitcoin Exchange | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-pdf-file-with-link-to-fake-bitcoin-exchange-47601cb7 | |
Attachment: PDF with credential theft language and link to a free subdomain (unsolicited) | Sublime Security | 3 months ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-pdf-with-credential-theft-language-and-link-to-a-free-subdomain-unsolicited-90f4ef4e | |
Attachment: QR code with credential phishing indicators | Sublime Security | 20 days ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1 | |
Attachment: RFC822 containing suspicious file sharing language with links from untrusted sender | Sublime Security | a month ago Apr 3rd, 2024 | /feeds/core/detection-rules/attachment-rfc822-containing-suspicious-file-sharing-language-with-links-from-untrusted-sender-d96854d7 | |
Attachment: RFP/RFQ impersonating government entities | Sublime Security | 4 months ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-rfprfq-impersonating-government-entities-3b73e3b3 | |
Attachment: Small text file with link containing recipient email address | Sublime Security | a day ago May 14th, 2024 | /feeds/core/detection-rules/attachment-small-text-file-with-link-containing-recipient-email-address-c0472c9d | |
Attachment with VBA macros from employee impersonation (unsolicited) | Sublime Security | 3 months ago Feb 26th, 2024 | /feeds/core/detection-rules/attachment-with-vba-macros-from-employee-impersonation-unsolicited-9b262123 | |
BEC: Employee impersonation with subject manipulation | Sublime Security | 4 months ago Jan 22nd, 2024 | /feeds/core/detection-rules/bec-employee-impersonation-with-subject-manipulation-9adfc77b | |
BEC/Fraud: Generic Scam attempt to Undisclosed Receipients | Sublime Security | 22 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/becfraud-generic-scam-attempt-to-undisclosed-receipients-5dac401f | |
BEC/Fraud: Romance Scam | Sublime Security | 6 months ago Nov 23rd, 2023 | /feeds/core/detection-rules/becfraud-romance-scam-0243cdaa | |
BEC with unusual Reply-to or Return-path mismatch | Sublime Security | 22 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/bec-with-unusual-reply-to-or-return-path-mismatch-83e5e2df | |
Brand impersonation: Adobe with suspicious language and link | Sublime Security | 21 days ago Apr 24th, 2024 | /feeds/core/detection-rules/brand-impersonation-adobe-with-suspicious-language-and-link-32cc8bf1 | |
Brand impersonation: ADP | Sublime Security | 4 months ago Jan 9th, 2024 | /feeds/core/detection-rules/brand-impersonation-adp-bb9cf46b | |
Brand impersonation: Amazon | Sublime Security | 22 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-amazon-13fc967d | |
Brand impersonation: Amazon with suspicious attachment | Sublime Security | 12 days ago May 3rd, 2024 | /feeds/core/detection-rules/brand-impersonation-amazon-with-suspicious-attachment-5751dcb9 | |
Brand impersonation: American Express (AMEX) | Sublime Security | 22 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-american-express-amex-992a9fa9 | |
Brand impersonation: Apple | Sublime Security | 9 months ago Aug 21st, 2023 | /feeds/core/detection-rules/brand-impersonation-apple-0b17f2c2 | |
Brand impersonation: Aramco | Sublime Security | 12 days ago May 3rd, 2024 | /feeds/core/detection-rules/brand-impersonation-aramco-96e87699 | |
Brand impersonation: Bank of America | Sublime Security | 22 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-bank-of-america-d2fc6ea1 | |
Brand impersonation: Barracuda Networks | Sublime Security | 5 months ago Dec 6th, 2023 | /feeds/core/detection-rules/brand-impersonation-barracuda-networks-583fd5eb | |
Brand impersonation: Binance | Sublime Security | 12 days ago May 3rd, 2024 | /feeds/core/detection-rules/brand-impersonation-binance-c3302a76 | |
Brand impersonation: Blockchain[.]com | Sublime Security | 22 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-blockchaincom-0d85e555 | |
Brand impersonation: Chase Bank | Sublime Security | 22 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-chase-bank-c680f1e7 | |
Brand Impersonation: Chase bank with credential phishing indicators | Sublime Security | 20 days ago Apr 25th, 2024 | /feeds/core/detection-rules/brand-impersonation-chase-bank-with-credential-phishing-indicators-d9577856 | |
Brand impersonation: Coinbase | Sublime Security | 22 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-coinbase-3dca757a | |
Brand impersonation: Dashlane | Sublime Security | 22 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-dashlane-9e400937 | |
Brand impersonation: DHL | Sublime Security | a day ago May 14th, 2024 | /feeds/core/detection-rules/brand-impersonation-dhl-be4b4ae0 | |
Brand impersonation: Digital Ocean | Sublime Security | 2 months ago Mar 4th, 2024 | /feeds/core/detection-rules/brand-impersonation-digital-ocean-7f2f0e97 | |
Brand impersonation: DocuSign | Sublime Security | 22 days ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-docusign-4d29235c | |
Brand impersonation: DocuSign image attachment lure with no DocuSign links | Sublime Security | 2 months ago Mar 26th, 2024 | /feeds/core/detection-rules/brand-impersonation-docusign-image-attachment-lure-with-no-docusign-links-814a5694 | |
Brand impersonation: DocuSign (QR code) | Sublime Security | 5 months ago Dec 23rd, 2023 | /feeds/core/detection-rules/brand-impersonation-docusign-qr-code-0b16c28a |