Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Attachment: ICS calendar with embedded file from internal sender with SPF failure | Sublime Security | 1mo ago Oct 22nd, 2025 | /feeds/core/detection-rules/attachment-ics-calendar-with-embedded-file-from-internal-sender-with-spf-failure-d9ce9db8 | |
Body: Embedded email headers indicative of thread hijacking/abuse | Sublime Security | 4d ago Dec 1st, 2025 | /feeds/core/detection-rules/body-embedded-email-headers-indicative-of-thread-hijackingabuse-6e8eeebb | |
Brand impersonation: DocuSign | Sublime Security | 6mo ago May 21st, 2025 | /feeds/core/detection-rules/brand-impersonation-docusign-4d29235c | |
Brand impersonation: Navan | Sublime Security | 2mo ago Sep 22nd, 2025 | /feeds/core/detection-rules/brand-impersonation-navan-3573e9a8 | |
Brand impersonation: Survey request with credential theft indicators | Sublime Security | 27d ago Nov 8th, 2025 | /feeds/core/detection-rules/brand-impersonation-survey-request-with-credential-theft-indicators-ea1c0e09 | |
Brand spoof: Dropbox | Sublime Security | 1y ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-spoof-dropbox-bd99740a | |
Business Email Compromise (BEC) attempt from unsolicited sender | Sublime Security | 4mo ago Jul 16th, 2025 | /feeds/core/detection-rules/business-email-compromise-bec-attempt-from-unsolicited-sender-57eccc45 | |
Cyrillic vowel substitution in subject or display name from unknown sender | Sublime Security | 4mo ago Jul 16th, 2025 | /feeds/core/detection-rules/cyrillic-vowel-substitution-in-subject-or-display-name-from-unknown-sender-74bc0b0c | |
DocuSign impersonation via spoofed Intuit sender | Sublime Security | 4mo ago Aug 5th, 2025 | /feeds/core/detection-rules/docusign-impersonation-via-spoofed-intuit-sender-d437710b | |
Extortion / sextortion in attachment from untrusted sender | Sublime Security | 4mo ago Aug 5th, 2025 | /feeds/core/detection-rules/extortion-sextortion-in-attachment-from-untrusted-sender-3cb8d32c | |
Extortion / sextortion (untrusted sender) | Sublime Security | 1mo ago Oct 31st, 2025 | /feeds/core/detection-rules/extortion-sextortion-untrusted-sender-265913eb | |
Headers: Outlook Express mailer | Sublime Security | 29d ago Nov 6th, 2025 | /feeds/core/detection-rules/headers-outlook-express-mailer-b7a698de | |
Headers: System account impersonation with empty sender address | Sublime Security | 2mo ago Oct 1st, 2025 | /feeds/core/detection-rules/headers-system-account-impersonation-with-empty-sender-address-887f7953 | |
Impersonation: SharePoint reply header anomaly | Sublime Security | 4mo ago Aug 5th, 2025 | /feeds/core/detection-rules/impersonation-sharepoint-reply-header-anomaly-78875848 | |
Service Abuse: Nifty.com with impersonation | Sublime Security | 30d ago Nov 5th, 2025 | /feeds/core/detection-rules/service-abuse-niftycom-with-impersonation-370cfdac | |
SPF temp error | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/spf-temp-error-2df7e839 | |
Spoofable internal domain with suspicious signals | Sublime Security | 4mo ago Jul 23rd, 2025 | /feeds/core/detection-rules/spoofable-internal-domain-with-suspicious-signals-40089d69 | |
Vendor impersonation: Thread hijacking with typosquat domain | Sublime Security | 1mo ago Nov 4th, 2025 | /feeds/core/detection-rules/vendor-impersonation-thread-hijacking-with-typosquat-domain-9c2f38ed | |
VIP impersonation: Fake thread with display name match, email mismatch | Sublime Security | 1y ago Jul 29th, 2024 | /feeds/core/detection-rules/vip-impersonation-fake-thread-with-display-name-match-email-mismatch-11cc3e28 | |
VIP Impersonation via Google Group relay with suspicious indicators | Sublime Security | 23d ago Nov 12th, 2025 | /feeds/core/detection-rules/vip-impersonation-via-google-group-relay-with-suspicious-indicators-57f9cd3b | |
VIP local_part impersonation from unsolicited sender | Sublime Security | 3mo ago Aug 12th, 2025 | /feeds/core/detection-rules/vip-localpart-impersonation-from-unsolicited-sender-74035fdc |