sublime-rules

sublime-rules copied to clipboard

Update link_credential_phishing_intent_and_other_indicators.yml

1

# Description FP avoidance with topic analysis

morriscode

Update spam_fake_photo_share.yml

1

# Description adding `sad announcement` to suspicious subject and body checks # Associated samples Link to samples that are affected by your change. For example, samples you are negating, samples...

peterdj45

Create callback_phishing_calendar_invite.yml

2

# Description Detects calendar invites containing callback phishing language in the DESCRIPTION of the invite. # Associated samples - https://platform.sublime.security/messages/af2bb955ea5461f95785feabde04c55ff14f698751fba3c4bde904a19afa2fc5?preview_id=01962084-86af-7057-ad3a-d18d4c10830c - https://platform.sublime.security/messages/hunt?huntId=0196219d-810c-752f-96ff-ad27e96bd69a

aidenmitchell

Update link_credential_phishing_voicemail_language.yml

3

# Description adding condition to sender profile check to look for spoofed recipient addresses # Associated samples - https://platform.sublime.security/messages/a241be9f7c6d7c95570512203877f9cc982441adec1951691f53cb6b077b58db?preview_id=0195c922-29fb-746e-8306-4b20e684e735

peterdj45

Update impersonation_stripe.yml

1

# Description adding check for fake stripe invoices in attachments # Associated samples - https://platform.sublime.security/messages/bb6b6e848b77940e895e0d2fe8cc3e4dfe15eb54daed668982625921c447c355?preview_id=0195b617-a916-7e5d-a5d6-b778f46b3a65

peterdj45

Create generic_service_abuse_reply_to.yml

1

# Description Detects messages from services that write the true sender to the reply-to field, where the sender has no prior legitimate message history and is newly registered. Indicative of...

aidenmitchell

Create canva_link_abuse.yml

1

# Description Detects when a sender outside of Canva shares a single Canva link, where the sender has low historical sending volume. # Associated samples - https://platform.sublime.security/hunts/01961116-8dda-7642-bb03-c3f2ed39f80f

aidenmitchell

Update salesforce_infra_abuse.yml

1

# Description adding German language keywords to `subject.subject` regex # Associated samples -https://platform.sublime.security/messages/22624aa2704618f17d4ff2f5c61aeaec0e2ed4b4de5577c93b01b42699e94241?preview_id=019600d2-923d-78ef-903e-489e8b7c7cdb -https://platform.sublime.security/messages/d1f3a8bac30e33d101a65f2b2eebd1101907c8bdcfb8855b0df14ce80feb85f2?preview_id=019600d3-94b1-77b8-9511-44c1f5d0a244 -https://platform.sublime.security/messages/82093a7ca25396cbbea35f9cb0d97aa137205ebfdacc4fa61cc37a77ad057bcb?preview_id=01958fa3-7a3a-7f14-a520-d4b7b2fb5237

peterdj45

Create vendor_compromise_microsoft.yml

6

# Description Message contains suspicious links and Microsoft impersonation from a sender common to your environment. Indicative of vendor compromise. # Associated samples - https://platform.sublime.security/messages/88497823a501feb43fb1de2a71417f7551b63a9436a28167d078e648a5737cc1?preview_id=019565e2-8c2a-713d-9351-eb68745fad30

aidenmitchell

Create attachment_fake_vm_pdf.yml

1

# Description Add specific detection for fake VM notifications within attached PDFs # Associated samples - [Sample 1](https://platform.sublime.security/messages/6cfe348605296b82679262bf97283d54eb7f02fd288176ba969c2a28655b2005?preview_id=0195f0e9-05df-72a2-a180-86ba5055fc83)

zoomequipd