Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Apr 24th, 2026

Feed Source

GitHub

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
Brand impersonation: Square	Sublime Security	6mo ago Oct 16th, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis
Brand impersonation: TikTok	Sublime Security	2mo ago Feb 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis
Brand impersonation: Toronto-Dominion Bank	Sublime Security	21d ago Apr 3rd, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis
Brand impersonation: UPS	Sublime Security	7mo ago Sep 22nd, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Sender analysis
Brand impersonation: USPS	Sublime Security	11d ago Apr 13th, 2026	Credential Phishing Image as content Impersonation: Brand Social engineering Computer Vision Content analysis Natural Language Understanding Sender analysis
Brand impersonation: Zoom	Sublime Security	7mo ago Sep 22nd, 2025	Credential Phishing Impersonation: Brand Social engineering Evasion Computer Vision Content analysis HTML analysis Natural Language Understanding URL analysis
Callback phishing via Adobe Sign comment	Sublime Security	3mo ago Jan 12th, 2026	Callback Phishing Evasion Impersonation: Brand Out of band pivot Social engineering Content analysis Computer Vision Header analysis Sender analysis URL analysis
Callback phishing via DocuSign comment	Sublime Security	3mo ago Jan 12th, 2026	Callback Phishing Evasion Impersonation: Brand Out of band pivot Social engineering Content analysis Computer Vision Header analysis Sender analysis URL analysis
Callback phishing via e-signature service	Sublime Security	3mo ago Jan 12th, 2026	Callback Phishing Free email provider Impersonation: Brand Social engineering Content analysis Computer Vision Header analysis Optical Character Recognition
Callback phishing via Intuit service abuse	Sublime Security	3mo ago Jan 12th, 2026	Callback Phishing Evasion Free email provider Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Optical Character Recognition
Callback Phishing via Signable E-Signature Request	Sublime Security	3mo ago Jan 12th, 2026	Callback Phishing Exploit Impersonation: Brand Out of band pivot Social engineering Computer Vision Content analysis Header analysis Sender analysis URL analysis
Callback phishing via SignFree e-signature request	Sublime Security	3mo ago Jan 12th, 2026	Callback Phishing Exploit Impersonation: Brand Out of band pivot Social engineering Computer Vision Content analysis Header analysis Sender analysis URL analysis
Callback phishing via Xodo Sign comment	Sublime Security	3mo ago Jan 12th, 2026	Callback Phishing Exploit Impersonation: Brand Out of band pivot Social engineering Computer Vision Content analysis Header analysis Sender analysis URL analysis
Callback phishing via Zoho service abuse	Sublime Security	3mo ago Jan 12th, 2026	Callback Phishing Evasion Free email provider Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Optical Character Recognition
Callback Phishing via Zoom comment	Sublime Security	2mo ago Feb 11th, 2026	Callback Phishing Out of band pivot Social engineering Impersonation: Brand Computer Vision Content analysis Header analysis Sender analysis
Cloud storage impersonation with credential theft indicators	Sublime Security	1d ago Apr 23rd, 2026	Credential Phishing Free file host Image as content Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis
Compensation review with QR code in attached EML	Sublime Security	4mo ago Nov 26th, 2025	Credential Phishing QR code Social engineering Computer Vision Content analysis Optical Character Recognition QR code analysis
Credential phishing content and link (untrusted sender)	Sublime Security	4mo ago Dec 17th, 2025	Credential Phishing Social engineering Computer Vision Sender analysis URL analysis URL screenshot
Credential phishing: DocuSign embedded image lure with no DocuSign domains in links	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis
Credential phishing: Image as content, short or no body contents	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Evasion Image as content Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition
Credential phishing link (unknown sender)	Sublime Security	9mo ago Jul 16th, 2025	Credential Phishing Social engineering Computer Vision Sender analysis URL analysis URL screenshot
Credential Phishing via Dropbox comment abuse	Sublime Security	7mo ago Sep 22nd, 2025	Credential Phishing Evasion Out of band pivot Social engineering Content analysis Computer Vision Sender analysis
Extortion / sextortion in attachment from untrusted sender	Sublime Security	8mo ago Aug 5th, 2025	Extortion Social engineering Spoofing Computer Vision Content analysis File analysis Natural Language Understanding Optical Character Recognition Sender analysis
Free subdomain link with login or captcha (untrusted sender)	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Free subdomain host Social engineering Computer Vision File analysis Sender analysis URL screenshot
Google Accelerated Mobile Pages (AMP) abuse	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Impersonation: Brand Open redirect Computer Vision Content analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis URL screenshot
Google Drive abuse: Credential phishing link	Sublime Security	2y ago Jul 31st, 2024	Credential Phishing Free file host Impersonation: Brand Computer Vision Natural Language Understanding Optical Character Recognition Sender analysis URL analysis URL screenshot
Impersonation: Recipient organization in sender display name with credential theft image	Sublime Security	2mo ago Feb 17th, 2026	Credential Phishing Image as content Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Natural Language Understanding Optical Character Recognition Sender analysis
Link: Credential phishing link with undisclosed recipients	Sublime Security	8mo ago Aug 5th, 2025	Credential Phishing Evasion Computer Vision Header analysis URL screenshot
Link: Credential phishing via WordPress	Sublime Security	8mo ago Aug 5th, 2025	Credential Phishing Social engineering Free subdomain host URL analysis Header analysis Computer Vision
Link: Figma design deck with credential theft language	Sublime Security	1mo ago Mar 4th, 2026	Credential Phishing Evasion Free file host Social engineering Natural Language Understanding Computer Vision Optical Character Recognition URL analysis URL screenshot Sender analysis
Link: HR impersonation with suspicious domain indicators and credential theft	Sublime Security	4mo ago Dec 3rd, 2025	Credential Phishing Impersonation: Employee Social engineering Lookalike domain Content analysis Natural Language Understanding Computer Vision URL analysis URL screenshot
Link: Multistage landing - Abused Adobe Acrobat hosted PDF	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision Optical Character Recognition URL analysis Header analysis Sender analysis
Link: Multistage landing - Abused Adobe frame.io	Sublime Security	8mo ago Aug 5th, 2025	Credential Phishing Evasion Free file host Content analysis Whois Computer Vision URL analysis HTML analysis
Link: Multistage landing - Ludus presentation	Sublime Security	8mo ago Aug 5th, 2025	Credential Phishing Evasion Social engineering Impersonation: Brand Header analysis URL analysis Computer Vision URL screenshot Natural Language Understanding Optical Character Recognition Sender analysis
Link: Multistage landing - Scribd document	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Evasion Social engineering Impersonation: Brand Free file host URL analysis HTML analysis Natural Language Understanding Computer Vision Optical Character Recognition URL screenshot
Link: QR code in EML attachment with credential phishing indicators	Sublime Security	4mo ago Dec 2nd, 2025	Credential Phishing Evasion Open redirect QR code Computer Vision Content analysis File analysis QR code analysis
Link: QR code with phishing disposition in img or pdf	Sublime Security	8mo ago Jul 30th, 2025	Credential Phishing QR code Social engineering Content analysis Computer Vision QR code analysis Sender analysis URL analysis
Link: QR Code with suspicious language (untrusted sender)	Sublime Security	8mo ago Jul 30th, 2025	Credential Phishing Impersonation: Brand QR code Social engineering Content analysis Computer Vision Natural Language Understanding QR code analysis Sender analysis URL analysis
Link: QuickBooks image lure with suspicious link	Sublime Security	9mo ago Jul 23rd, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Optical Character Recognition URL analysis
Open Redirect: Google domain with /url path and suspicious indicators	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Evasion Open redirect Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis
QR Code with suspicious indicators	Sublime Security	2d ago Apr 22nd, 2026	Credential Phishing QR code Social engineering Content analysis Header analysis Computer Vision Natural Language Understanding QR code analysis Sender analysis URL analysis
Service abuse: Formester with suspicious link behavior	Sublime Security	4mo ago Dec 19th, 2025	Credential Phishing BEC/Fraud Open redirect Social engineering Free file host Computer Vision Content analysis URL analysis URL screenshot
Spam: Mastercard promotional content with image-based body	Sublime Security	5mo ago Nov 5th, 2025	Credential Phishing Spam Image as content Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis
Suspicious invoice reference with missing or image-only attachments	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Social engineering Content analysis Computer Vision File analysis Natural Language Understanding Sender analysis
Suspicious recipient pattern and language with low reputation link to login	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis URL screenshot
Suspicious recipients pattern with no Compauth pass and suspicious content	Sublime Security	3mo ago Jan 12th, 2026	Content analysis Computer Vision Header analysis Natural Language Understanding URL analysis URL screenshot
X (Twitter) impersonation with credential phishing motives	Sublime Security	8mo ago Aug 5th, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Header analysis Optical Character Recognition Natural Language Understanding Sender analysis

97 Rules

Page 2 of 2