Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Apr 2nd, 2026

Feed Source

GitHub

Attack Type is

Rule Name & Severity	Author	Last Updated	Labels
Advance Fee Fraud (AFF) from freemail provider or suspicious TLD	Sublime Security	5mo ago Nov 3rd, 2025	BEC/Fraud Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
AnonymousFox indicators	Sublime Security	8mo ago Aug 5th, 2025	BEC/Fraud Credential Phishing Malware/Ransomware Header analysis Sender analysis
Attachment: Calendar file with invisible Unicode characters	Sublime Security	2mo ago Jan 12th, 2026	BEC/Fraud Credential Phishing Malware/Ransomware Evasion File analysis Content analysis
Attachment: Credit card application with WhatsApp contact	Sublime Security	4mo ago Nov 20th, 2025	BEC/Fraud Social engineering Out of band pivot Content analysis File analysis Natural Language Understanding QR code analysis
Attachment: EML with Sharepoint link likely unrelated to sender	Sublime Security	6mo ago Sep 23rd, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Evasion File analysis URL analysis Header analysis Sender analysis
Attachment: Encrypted zip file with payment-related lure	Sublime Security	4mo ago Nov 25th, 2025	BEC/Fraud Malware/Ransomware Encryption Evasion Social engineering Archive analysis Content analysis File analysis
Attachment: Fake lawyer & sports agent identities	Sublime Security	2mo ago Jan 26th, 2026	BEC/Fraud Impersonation: VIP Social engineering Content analysis Exif analysis File analysis Optical Character Recognition
Attachment: Fictitious invoice using LinkedIn's address	Sublime Security	7mo ago Sep 3rd, 2025	BEC/Fraud PDF Social engineering File analysis Optical Character Recognition Natural Language Understanding Content analysis Exif analysis
Attachment: ICS file with meeting prefix	Sublime Security	2mo ago Jan 26th, 2026	BEC/Fraud Credential Phishing Social engineering File analysis Header analysis
Attachment: ICS with employee policy review lure	Sublime Security	18d ago Mar 16th, 2026	Credential Phishing BEC/Fraud Evasion Social engineering File analysis Content analysis
Attachment: Invoice and W-9 PDFs with suspicious creators	Sublime Security	2mo ago Jan 21st, 2026	BEC/Fraud PDF Social engineering Impersonation: Brand File analysis Optical Character Recognition Exif analysis Content analysis
Attachment: Legal themed message or PDF with suspicious indicators	Sublime Security	1mo ago Feb 5th, 2026	Credential Phishing Extortion BEC/Fraud Evasion PDF Social engineering Content analysis File analysis Natural Language Understanding Optical Character Recognition URL analysis Whois Header analysis Exif analysis
Attachment: Link to Doubleclick.net open redirect	Sublime Security	8mo ago Aug 5th, 2025	BEC/Fraud Credential Phishing Evasion Open redirect Social engineering Content analysis File analysis URL analysis
Attachment: PDF bid/proposal lure with credential theft indicators	Sublime Security	7d ago Mar 27th, 2026	BEC/Fraud Credential Phishing PDF Social engineering Free file host Free subdomain host File analysis Content analysis Optical Character Recognition Natural Language Understanding URL analysis Exif analysis
Attachment: PDF contains W9 or invoice YARA signatures	Sublime Security	16d ago Mar 18th, 2026	BEC/Fraud Credential Phishing PDF Social engineering File analysis YARA
Attachment: PDF file with link to fake Bitcoin exchange	Sublime Security	2mo ago Jan 12th, 2026	BEC/Fraud Free email provider Impersonation: Brand PDF Social engineering Exif analysis File analysis Sender analysis URL analysis
Attachment: PDF generated with wkhtmltopdf tool and default title	Sublime Security	3mo ago Dec 19th, 2025	BEC/Fraud Callback Phishing Credential Phishing Malware/Ransomware PDF Evasion File analysis Exif analysis
Attachment: RFP/RFQ impersonating government entities	Sublime Security	2y ago Jan 30th, 2024	BEC/Fraud Impersonation: Brand PDF Social engineering Content analysis File analysis Natural Language Understanding Optical Character Recognition Sender analysis
Attachment: USDA bid invitation impersonation	Sublime Security	8mo ago Aug 5th, 2025	BEC/Fraud Impersonation: Brand PDF Macros Social engineering Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis
BEC: Employee impersonation with subject manipulation	Sublime Security	2mo ago Jan 16th, 2026	BEC/Fraud Impersonation: Employee Social engineering Content analysis Natural Language Understanding Sender analysis
BEC/Fraud: Generic scam attempt to undisclosed recipients	Sublime Security	2mo ago Jan 12th, 2026	BEC/Fraud Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
BEC/Fraud: Job scam fake thread or plaintext pivot to freemail	Sublime Security	2mo ago Jan 12th, 2026	BEC/Fraud Free email provider Out of band pivot Content analysis File analysis Natural Language Understanding
BEC/Fraud: Penpal scam	Sublime Security	8mo ago Aug 5th, 2025	BEC/Fraud Free email provider Social engineering Content analysis Header analysis Sender analysis
BEC/Fraud: Reply-chain manipulation with urgent keywords and self-reply	Sublime Security	23d ago Mar 11th, 2026	BEC/Fraud Social engineering Evasion Content analysis Header analysis Sender analysis
BEC/Fraud: Romance scam	Sublime Security	25d ago Mar 9th, 2026	BEC/Fraud Free email provider Social engineering Content analysis Header analysis
BEC/Fraud: Scam lure with freemail pivot	Sublime Security	8mo ago Aug 5th, 2025	BEC/Fraud Free email provider Out of band pivot Content analysis Header analysis Sender analysis
BEC/Fraud: Student loan callback phishing	Sublime Security	6mo ago Sep 5th, 2025	BEC/Fraud Free email provider Out of band pivot Social engineering Content analysis Natural Language Understanding Sender analysis
BEC/Fraud: Urgent language and suspicious sending/infrastructure patterns	Sublime Security	2mo ago Jan 12th, 2026	BEC/Fraud Callback Phishing Spam Impersonation: Brand Social engineering Free email provider Content analysis Header analysis Sender analysis Whois
BEC with unusual reply-to or return-path mismatch	Sublime Security	1mo ago Mar 3rd, 2026	BEC/Fraud Evasion Free email provider Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Body: Embedded email headers indicative of thread hijacking/abuse	Sublime Security	4mo ago Dec 1st, 2025	Credential Phishing BEC/Fraud Spam Evasion Social engineering Spoofing Content analysis Header analysis Sender analysis
Body: PayApp transaction reference pattern	Sublime Security	7d ago Mar 27th, 2026	Callback Phishing BEC/Fraud Impersonation: Brand Social engineering Content analysis
Brand impersonation: AARP	Sublime Security	4mo ago Dec 1st, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis
Brand impersonation: Aquent	Sublime Security	5mo ago Oct 9th, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis
Brand impersonation: Aramco	Sublime Security	2mo ago Jan 28th, 2026	BEC/Fraud Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis HTML analysis Natural Language Understanding Sender analysis
Brand impersonation: AuthentiSign	Sublime Security	2mo ago Jan 21st, 2026	Credential Phishing BEC/Fraud Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis Sender analysis
Brand impersonation: Enbridge	Sublime Security	1y ago Jan 24th, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis
Brand impersonation: Interac	Sublime Security	2y ago Sep 16th, 2024	BEC/Fraud Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Brand impersonation: Internal Revenue Service	Sublime Security	2mo ago Jan 12th, 2026	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Natural Language Understanding Optical Character Recognition Sender analysis
Brand impersonation: Mailgun	Sublime Security	2mo ago Jan 12th, 2026	Credential Phishing BEC/Fraud Impersonation: Brand Sender analysis
Brand impersonation: McAfee	Sublime Security	23d ago Mar 11th, 2026	Credential Phishing BEC/Fraud Callback Phishing Impersonation: Brand Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Brand impersonation: MetaMask	Sublime Security	6mo ago Sep 22nd, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Computer Vision Natural Language Understanding Sender analysis Header analysis
Brand impersonation: Microsoft logo or suspicious language with open redirect	Sublime Security	2y ago Mar 7th, 2024	BEC/Fraud Impersonation: Brand Open redirect Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis
Brand Impersonation: Procore	Sublime Security	14d ago Mar 20th, 2026	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Sender analysis
Brand impersonation: Purdue ePlanroom with suspicious links	Sublime Security	4mo ago Dec 2nd, 2025	Credential Phishing BEC/Fraud Impersonation: Brand Social engineering Content analysis Sender analysis URL analysis
Brand impersonation: QuickBooks notification from Intuit themed company name	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Credential Phishing BEC/Fraud Evasion Social engineering Content analysis Sender analysis Header analysis
Brand impersonation: Robert Half	Sublime Security	6mo ago Oct 1st, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Sender analysis
Brand impersonation: SendGrid	Sublime Security	22d ago Mar 12th, 2026	BEC/Fraud Credential Phishing Spam Impersonation: Brand Social engineering Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis
Brand impersonation: Trust Wallet	Sublime Security	8mo ago Aug 5th, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Natural Language Understanding Sender analysis Header analysis
Brand impersonation: UK government Home Office	Sublime Security	2mo ago Jan 12th, 2026	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Lookalike domain Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis
Brand impersonation: Vanguard	Sublime Security	6mo ago Sep 22nd, 2025	BEC/Fraud Callback Phishing Credential Phishing Extortion Malware/Ransomware Spam Impersonation: Brand Natural Language Understanding Header analysis Sender analysis

168 Rules

Page 1 of 4