Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Apr 3rd, 2026

Feed Source

GitHub

Attack Type is

Rule Name & Severity	Author	Last Updated	Labels
Attachment: Calendar invite from recently registered domain	Sublime Security	6mo ago Sep 25th, 2025	Callback Phishing Evasion Social engineering File analysis Whois
Attachment: Callback phishing solicitation via image file	@vector_sec	2mo ago Jan 12th, 2026	Callback Phishing Evasion Free email provider Out of band pivot Social engineering Image as content Content analysis Optical Character Recognition Sender analysis URL analysis Computer Vision
Attachment: Callback phishing solicitation via pdf file	Sublime Security	8mo ago Aug 5th, 2025	Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis
Attachment: Callback phishing solicitation via text-based file	Sublime Security	6mo ago Sep 22nd, 2025	Callback Phishing Evasion Out of band pivot Social engineering Content analysis File analysis Header analysis Sender analysis
Attachment: PDF generated with wkhtmltopdf tool and default title	Sublime Security	3mo ago Dec 19th, 2025	BEC/Fraud Callback Phishing Credential Phishing Malware/Ransomware PDF Evasion File analysis Exif analysis
BEC/Fraud: Urgent language and suspicious sending/infrastructure patterns	Sublime Security	2mo ago Jan 12th, 2026	BEC/Fraud Callback Phishing Spam Impersonation: Brand Social engineering Free email provider Content analysis Header analysis Sender analysis Whois
Body: PayApp transaction reference pattern	Sublime Security	8d ago Mar 27th, 2026	Callback Phishing BEC/Fraud Impersonation: Brand Social engineering Content analysis
Brand impersonation: AliExpress	Sublime Security	8mo ago Aug 5th, 2025	Callback Phishing Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis URL analysis
Brand impersonation: GitHub with callback scam indicators	Sublime Security	24d ago Mar 11th, 2026	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Content analysis Natural Language Understanding Sender analysis
Brand impersonation: McAfee	Sublime Security	24d ago Mar 11th, 2026	Credential Phishing BEC/Fraud Callback Phishing Impersonation: Brand Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Brand impersonation: Quickbooks	Sublime Security	2mo ago Jan 15th, 2026	Callback Phishing Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Sender analysis
Brand impersonation: QuickBooks notification from Intuit themed company name	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Credential Phishing BEC/Fraud Evasion Social engineering Content analysis Sender analysis Header analysis
Brand impersonation: SiriusXM	Sublime Security	8mo ago Aug 5th, 2025	Callback Phishing Credential Phishing Spam Free email provider Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis
Brand impersonation: Vanguard	Sublime Security	6mo ago Sep 22nd, 2025	BEC/Fraud Callback Phishing Credential Phishing Extortion Malware/Ransomware Spam Impersonation: Brand Natural Language Understanding Header analysis Sender analysis
Brand impersonation: WeTransfer	Sublime Security	8mo ago Aug 5th, 2025	BEC/Fraud Callback Phishing Credential Phishing Extortion Malware/Ransomware Spam Impersonation: Brand Content analysis Header analysis Sender analysis
Callback phishing: AOL senders with suspicious HTML template or PDF attachment	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Free email provider Social engineering Content analysis Header analysis File analysis HTML analysis Exif analysis Sender analysis
Callback phishing: Branded invoice from sender/reply-to domain less than 30 days old	Sublime Security	5mo ago Oct 17th, 2025	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Header analysis Natural Language Understanding Optical Character Recognition Whois
Callback phishing in body or attachment (untrusted sender)	Sublime Security	8d ago Mar 27th, 2026	Callback Phishing Out of band pivot Social engineering Content analysis File analysis Optical Character Recognition Natural Language Understanding Sender analysis
Callback phishing: Social Security Administration fraud	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis
Callback phishing solicitation in message body	Sublime Security	5mo ago Oct 17th, 2025	Callback Phishing Free email provider Impersonation: Brand Out of band pivot Social engineering File analysis Sender analysis
Callback phishing: SumUp infrastructure abuse	Sublime Security	7mo ago Sep 5th, 2025	BEC/Fraud Callback Phishing Evasion Social engineering Content analysis Header analysis Sender analysis
Callback phishing via Adobe Sign comment	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Evasion Impersonation: Brand Out of band pivot Social engineering Content analysis Computer Vision Header analysis Sender analysis URL analysis
Callback phishing via calendar invite	Sublime Security	2mo ago Jan 22nd, 2026	Callback Phishing Social engineering Evasion File analysis Header analysis Natural Language Understanding Sender analysis
Callback phishing via DocuSign comment	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Evasion Impersonation: Brand Out of band pivot Social engineering Content analysis Computer Vision Header analysis Sender analysis URL analysis
Callback phishing via e-signature service	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Free email provider Impersonation: Brand Social engineering Content analysis Computer Vision Header analysis Optical Character Recognition
Callback phishing via extensionless rfc822 attachment	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Impersonation: Brand Social engineering File analysis Natural Language Understanding Optical Character Recognition Sender analysis
Callback phishing via Google Group abuse	Sublime Security	8mo ago Jul 16th, 2025	Callback Phishing Free email provider Impersonation: Brand Social engineering File analysis Natural Language Understanding Optical Character Recognition Sender analysis
Callback phishing via Google Meet	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Out of band pivot Content analysis
Callback phishing via Intuit service abuse	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Evasion Free email provider Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Optical Character Recognition
Callback phishing via Microsoft comment	Sublime Security	9d ago Mar 26th, 2026	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Callback Phishing via Signable E-Signature Request	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Exploit Impersonation: Brand Out of band pivot Social engineering Computer Vision Content analysis Header analysis Sender analysis URL analysis
Callback phishing via SignFree e-signature request	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Exploit Impersonation: Brand Out of band pivot Social engineering Computer Vision Content analysis Header analysis Sender analysis URL analysis
Callback phishing via Xodo Sign comment	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Exploit Impersonation: Brand Out of band pivot Social engineering Computer Vision Content analysis Header analysis Sender analysis URL analysis
Callback phishing via Yammer comment	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Content analysis Natural Language Understanding Header analysis
Callback phishing via Zelle Service Abuse	Sublime Security	2mo ago Jan 12th, 2026	BEC/Fraud Callback Phishing Evasion Social engineering Content analysis Header analysis Sender analysis
Callback phishing via Zoho service abuse	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Evasion Free email provider Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Optical Character Recognition
Callback Phishing via Zoom comment	Sublime Security	1mo ago Feb 11th, 2026	Callback Phishing Out of band pivot Social engineering Impersonation: Brand Computer Vision Content analysis Header analysis Sender analysis
Callback scam: Impersonation via TimeTrade infrastructure	Sublime Security	7mo ago Aug 20th, 2025	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Content analysis Sender analysis Header analysis
Canva infrastructure abuse	Sublime Security	1mo ago Feb 6th, 2026	BEC/Fraud Callback Phishing Social engineering Impersonation: Brand Impersonation: Employee Free email provider Natural Language Understanding Sender analysis Content analysis
Display Name Emoji with Financial Symbols	Sublime Security	2mo ago Jan 12th, 2026	BEC/Fraud Callback Phishing Social engineering Evasion Content analysis Header analysis Sender analysis
Encrypted Microsoft Office files from untrusted sender	Sublime Security	8mo ago Aug 5th, 2025	BEC/Fraud Callback Phishing Credential Phishing Extortion Malware/Ransomware Spam Encryption Evasion File analysis YARA Sender analysis
Generic service abuse from newly registered domain	Sublime Security	8mo ago Aug 5th, 2025	BEC/Fraud Callback Phishing Credential Phishing Evasion Social engineering Header analysis Sender analysis Whois
Inbound message from popular service via newly observed distribution list	Sublime Security	8mo ago Aug 5th, 2025	Callback Phishing Evasion Social engineering Header analysis Sender analysis
Link: Direct POWR.io Form Builder with suspicious patterns	Sublime Security	8mo ago Aug 5th, 2025	Credential Phishing Callback Phishing Social engineering File analysis URL analysis Content analysis
Link: /index.php enclosed in three asterisks	Sublime Security	2mo ago Jan 12th, 2026	Malware/Ransomware Callback Phishing Social engineering Content analysis URL analysis
Link: Invoice or receipt from freemail sender with customer service number	@vector_sec	2mo ago Jan 12th, 2026	BEC/Fraud Callback Phishing Free email provider Impersonation: Brand Social engineering Content analysis Sender analysis URL analysis
Link: Jensi file preview link from unsolicited sender	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Free file host Free subdomain host Content analysis URL analysis Sender analysis
Link: Webflow link from unsolicited sender	Sublime Security	8mo ago Aug 5th, 2025	Callback Phishing Free file host Free subdomain host Content analysis URL analysis Sender analysis
Link: Zoho form link from unsolicited sender	Sublime Security	8mo ago Aug 5th, 2025	Callback Phishing Free file host Content analysis URL analysis Sender analysis
Message traversed multiple onmicrosoft.com tenants	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Evasion Free email provider Free subdomain host Sender analysis Header analysis

83 Rules

Page 1 of 2