Rule Name & Severity | Last Updated | Author | Types, Tactics & Capabilities | |
---|---|---|---|---|
Spoofable internal domain with suspicious signals | 17h ago Jul 23rd, 2025 UTC | Sublime Security | /feeds/core/detection-rules/spoofable-internal-domain-with-suspicious-signals-40089d69 | |
Vendor Compromise: GovDelivery Message With Suspicious Link | 17h ago Jul 23rd, 2025 UTC | Sublime Security | /feeds/core/detection-rules/vendor-compromise-govdelivery-message-with-suspicious-link-0d2d5172 | |
Brand Impersonation: Coinbase with suspicious links | 17h ago Jul 23rd, 2025 UTC | Sublime Security | /feeds/core/detection-rules/brand-impersonation-coinbase-with-suspicious-links-b61e2f8e | |
Link: Multistage Landing - Abused Docusign | 17h ago Jul 23rd, 2025 UTC | Sublime Security | /feeds/core/detection-rules/link-multistage-landing-abused-docusign-4189a645 | |
Low reputation link to auto-downloaded HTML file with smuggling indicators | 17h ago Jul 23rd, 2025 UTC | Sublime Security | /feeds/core/detection-rules/low-reputation-link-to-auto-downloaded-html-file-with-smuggling-indicators-339676c6 | |
Link: Abused Adobe Express | 17h ago Jul 23rd, 2025 UTC | Sublime Security | /feeds/core/detection-rules/link-abused-adobe-express-c7d17bfd | |
Attachment: Calendar invite with suspicious link leading to an open redirect | 8d ago Jul 16th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/attachment-calendar-invite-with-suspicious-link-leading-to-an-open-redirect-5d6294c7 | |
Link: IPFS | 8d ago Jul 16th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/link-ipfs-19fa6442 | |
Link: Jensi File Preview Link from Unsolicited Sender | 8d ago Jul 16th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/link-jensi-file-preview-link-from-unsolicited-sender-122b39f3 | |
Attachment: PDF with credential theft language and link to a free subdomain (unsolicited) | 8d ago Jul 16th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/attachment-pdf-with-credential-theft-language-and-link-to-a-free-subdomain-unsolicited-90f4ef4e | |
Attachment: HTML Smuggling Microsoft Sign In | 8d ago Jul 16th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385 | |
Spam: Link to blob.core.windows.net from new domain (<30d) | 8d ago Jul 16th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/spam-link-to-blobcorewindowsnet-from-new-domain-less30d-a09b3800 | |
Free subdomain link with login or captcha (untrusted sender) | 8d ago Jul 16th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/free-subdomain-link-with-login-or-captcha-untrusted-sender-93288f82 | |
Link: Free Subdomain host with undisclosed recipients | 8d ago Jul 16th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/link-free-subdomain-host-with-undisclosed-recipients-c23d979d | |
Attachment: EML with link to credential phishing page | 8d ago Jul 16th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca | |
Brand Impersonation: Fake Fax | 13d ago Jul 11th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/brand-impersonation-fake-fax-2a96b90a | |
Deceptive Dropbox Mention | 28d ago Jun 26th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/deceptive-dropbox-mention-58a107bc | |
Zoom Events Newsletter Abuse | 1mo ago Jun 23rd, 2025 UTC | Sublime Security | /feeds/core/detection-rules/zoom-events-newsletter-abuse-c8fce846 | |
Link: Webflow Link from Unsolicited Sender | 1mo ago Jun 13th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/link-webflow-link-from-unsolicited-sender-d4f3b8cf | |
Credential phishing: Onedrive impersonation | 1mo ago Jun 4th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/credential-phishing-onedrive-impersonation-1f990c92 |