Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Jan 23rd, 2026

Feed Source

GitHub

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
Attachment: Adobe image lure in body or attachment with suspicious link	Sublime Security	18d ago Jan 5th, 2026	Credential Phishing Image as content Impersonation: Brand Content analysis Computer Vision Optical Character Recognition Sender analysis URL analysis	/feeds/core/detection-rules/attachment-adobe-image-lure-in-body-or-attachment-with-suspicious-link-1d7add81
Attachment: Callback phishing solicitation via image file	@vector_sec	11d ago Jan 12th, 2026	Callback Phishing Evasion Free email provider Out of band pivot Social engineering Image as content Content analysis Optical Character Recognition Sender analysis URL analysis Computer Vision	/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36
Attachment: DocuSign impersonation via PDF linking to new domain	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand PDF Social engineering Header analysis Sender analysis URL analysis File analysis Computer Vision Whois	/feeds/core/detection-rules/attachment-docusign-impersonation-via-pdf-linking-to-new-domain-f0c96282
Attachment: EML with link to credential phishing page	Sublime Security	6mo ago Jul 16th, 2025	Credential Phishing Evasion Free file host Free subdomain host Social engineering Computer Vision Content analysis File analysis Header analysis HTML analysis Natural Language Understanding Optical Character Recognition URL analysis URL screenshot	/feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca
Attachment: Fake Slack installer	Sublime Security	3y ago Nov 29th, 2023	Malware/Ransomware Evasion HTML smuggling Impersonation: Brand Scripting Social engineering Archive analysis Computer Vision File analysis HTML analysis Natural Language Understanding URL analysis	/feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f
Attachment: Fake voicemail via PDF	Sublime Security	5mo ago Aug 5th, 2025	Credential Phishing PDF QR code Social engineering Computer Vision Content analysis File analysis Optical Character Recognition QR code analysis URL analysis	/feeds/core/detection-rules/attachment-fake-voicemail-via-pdf-d3587209
Attachment: Fake Zoom installer	Sublime Security	3y ago Nov 29th, 2023	Malware/Ransomware Evasion HTML smuggling Impersonation: Brand Scripting Social engineering Archive analysis Computer Vision File analysis HTML analysis Natural Language Understanding URL analysis	/feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6
Attachment: HTML smuggling - QR Code with suspicious links	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing QR code Computer Vision Header analysis Natural Language Understanding QR code analysis Sender analysis URL analysis URL screenshot	/feeds/core/detection-rules/attachment-html-smuggling-qr-code-with-suspicious-links-010e757d
Attachment: Microsoft impersonation via PDF with link and suspicious language	Sublime Security	6mo ago Jul 16th, 2025	Credential Phishing Malware/Ransomware Image as content Impersonation: Brand PDF Scripting Social engineering Computer Vision File analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/attachment-microsoft-impersonation-via-pdf-with-link-and-suspicious-language-70d41c7f
Attachment: QR code link with base64-encoded recipient address	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing QR code Image as content Social engineering Evasion PDF Macros Computer Vision File analysis Natural Language Understanding QR code analysis Sender analysis	/feeds/core/detection-rules/attachment-qr-code-link-with-base64-encoded-recipient-address-927a0c1a
Attachment: QR code with credential phishing indicators	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing QR code Social engineering Computer Vision Header analysis Natural Language Understanding QR code analysis Sender analysis URL analysis URL screenshot	/feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1
Attachment: QR code with recipient targeting and special characters	Sublime Security	2d ago Jan 21st, 2026	Credential Phishing QR code Social engineering Evasion File analysis QR code analysis URL analysis Computer Vision	/feeds/core/detection-rules/attachment-qr-code-with-recipient-targeting-and-special-characters-fc9e1c09
Brand impersonation: Adobe (QR code)	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand PDF QR code Computer Vision Header analysis QR code analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-adobe-qr-code-2fc36c6d
Brand impersonation: Adobe with suspicious language and link	Sublime Security	2mo ago Nov 24th, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-adobe-with-suspicious-language-and-link-32cc8bf1
Brand impersonation: Amazon with suspicious attachment	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-amazon-with-suspicious-attachment-5751dcb9
Brand impersonation: Box file sharing service	Sublime Security	4mo ago Sep 23rd, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-box-file-sharing-service-03da310c
Brand impersonation: Capital One	Sublime Security	2mo ago Nov 17th, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Sender analysis Header analysis	/feeds/core/detection-rules/brand-impersonation-capital-one-d53848e4
Brand impersonation: Chase bank with credential phishing indicators	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Natural Language Understanding Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-chase-bank-with-credential-phishing-indicators-d9577856
Brand impersonation: Coinbase with suspicious links	Sublime Security	4mo ago Sep 22nd, 2025	Credential Phishing Evasion Free subdomain host Image as content Impersonation: Brand Computer Vision Content analysis File analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-coinbase-with-suspicious-links-b61e2f8e
Brand impersonation: Discord notification	Sublime Security	3mo ago Oct 23rd, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis	/feeds/core/detection-rules/brand-impersonation-discord-notification-97007826
Brand Impersonation: Disney	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision Natural Language Understanding Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-disney-bf90b8fb
Brand impersonation: DocuSign branded attachment lure with no DocuSign links	Sublime Security	3mo ago Oct 22nd, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL screenshot	/feeds/core/detection-rules/brand-impersonation-docusign-branded-attachment-lure-with-no-docusign-links-814a5694
Brand impersonation: DocuSign (QR code)	Sublime Security	3mo ago Oct 15th, 2025	Credential Phishing Impersonation: Brand PDF QR code Social engineering Computer Vision Header analysis QR code analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-docusign-qr-code-0b16c28a
Brand impersonation: DocuSign with embedded QR code	Sublime Security	3mo ago Oct 17th, 2025	Credential Phishing Evasion Image as content Impersonation: Brand QR code Computer Vision Content analysis QR code analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-docusign-with-embedded-qr-code-f5cde463
Brand impersonation: Fake Fax	Sublime Security	2d ago Jan 21st, 2026	Credential Phishing Impersonation: Brand Image as content Free file host Free subdomain host Social engineering Computer Vision Content analysis Optical Character Recognition Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-fake-fax-2a96b90a
Brand impersonation: File sharing notification with template artifacts	Sublime Security	3h ago Jan 23rd, 2026	Credential Phishing Impersonation: Brand Social engineering Evasion HTML analysis Computer Vision Content analysis Header analysis	/feeds/core/detection-rules/brand-impersonation-file-sharing-notification-with-template-artifacts-37d89611
Brand impersonation: Google Drive fake file share	Sublime Security	1mo ago Dec 19th, 2025	Credential Phishing Malware/Ransomware Impersonation: Brand Social engineering Content analysis Header analysis URL analysis Computer Vision	/feeds/core/detection-rules/brand-impersonation-google-drive-fake-file-share-b424a941
Brand impersonation: Google fake sign-in warning	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Optical Character Recognition Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-google-fake-sign-in-warning-2d998eee
Brand Impersonation: Google (QR Code)	Sublime Security	3mo ago Oct 17th, 2025	Credential Phishing Impersonation: Brand PDF QR code Computer Vision Header analysis QR code analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-google-qr-code-7ffd184c
Brand impersonation: Gusto	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-gusto-54025c1c
Brand impersonation: Hulu	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Spam Free email provider Impersonation: Brand Lookalike domain Social engineering Computer Vision Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-hulu-6833de58
Brand impersonation: KnowBe4	Sublime Security	2y ago Nov 25th, 2024	Credential Phishing Spam Free email provider Impersonation: Brand Lookalike domain Social engineering Computer Vision Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-knowbe4-7c798386
Brand impersonation: Mailchimp	Sublime Security	4mo ago Sep 22nd, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Natural Language Understanding Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-mailchimp-48b454c7
Brand impersonation: MetaMask	Sublime Security	4mo ago Sep 22nd, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Computer Vision Natural Language Understanding Sender analysis Header analysis	/feeds/core/detection-rules/brand-impersonation-metamask-ddb4c618
Brand impersonation: Microsoft fake sign-in alert	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Header analysis Sender analysis Whois	/feeds/core/detection-rules/brand-impersonation-microsoft-fake-sign-in-alert-3f4c9e7a
Brand impersonation: Microsoft logo or suspicious language with open redirect	Sublime Security	2y ago Mar 7th, 2024	BEC/Fraud Impersonation: Brand Open redirect Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-logo-or-suspicious-language-with-open-redirect-27b8d8d8
Brand impersonation: Microsoft (QR code)	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand PDF QR code Social engineering Computer Vision Header analysis QR code analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-qr-code-ed0f772a
Brand impersonation: Microsoft quarantine release notification in body	Sublime Security	6mo ago Jul 16th, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-quarantine-release-notification-in-body-6d19527c
Brand impersonation: Microsoft quarantine release notification in image attachment	Sublime Security	6mo ago Jul 16th, 2025	Credential Phishing Free file host Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-quarantine-release-notification-in-image-attachment-185db6b3
Brand impersonation: Microsoft with embedded logo and credential theft language	Sublime Security	3mo ago Oct 17th, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Natural Language Understanding Sender analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-with-embedded-logo-and-credential-theft-language-3ee9ef3d
Brand impersonation: Microsoft with low reputation links	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Free file host Image as content Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-with-low-reputation-links-b59201b6
Brand impersonation: Okta	Sublime Security	4mo ago Sep 23rd, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-okta-b7a2989a
Brand Impersonation: PayPal	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Content analysis File analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-paypal-a6b2ceee
Brand impersonation: PNC	Sublime Security	3mo ago Oct 9th, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-pnc-1b5ae4fb
Brand impersonation: Quickbooks	Sublime Security	8d ago Jan 15th, 2026	Callback Phishing Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-quickbooks-4fd791d1
Brand impersonation: Robert Half	Sublime Security	3mo ago Oct 1st, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-robert-half-74f8826c
Brand impersonation: Sharepoint	Sublime Security	13d ago Jan 10th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/brand-impersonation-sharepoint-284b1b70
Brand impersonation: Sharepoint fake file share	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Impersonation: Brand Social engineering Content analysis Header analysis URL analysis Computer Vision	/feeds/core/detection-rules/brand-impersonation-sharepoint-fake-file-share-ff8b296b
Brand impersonation: SharePoint PDF attachment with credential theft language	Sublime Security	2mo ago Nov 7th, 2025	Credential Phishing Impersonation: Brand Social engineering PDF Evasion Computer Vision File analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis Header analysis Whois	/feeds/core/detection-rules/brand-impersonation-sharepoint-pdf-attachment-with-credential-theft-language-ae3756fa
Brand Impersonation: Shein	Sublime Security	3mo ago Oct 15th, 2025	Credential Phishing Spam Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-shein-b5843f22

96 Rules

Page 1 of 2