Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Apr 24th, 2026

Feed Source

GitHub

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
BEC/Fraud: Urgent language and suspicious sending/infrastructure patterns	Sublime Security	7d ago Apr 17th, 2026	BEC/Fraud Callback Phishing Spam Impersonation: Brand Social engineering Free email provider Content analysis Header analysis Sender analysis Whois
BEC with unusual reply-to or return-path mismatch	Sublime Security	1mo ago Mar 3rd, 2026	BEC/Fraud Evasion Free email provider Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Benefits enrollment impersonation	Sublime Security	21d ago Apr 3rd, 2026	Credential Phishing Evasion Impersonation: Employee Out of band pivot Social engineering Content analysis Header analysis Sender analysis
Body: Embedded email headers indicative of thread hijacking/abuse	Sublime Security	4mo ago Dec 1st, 2025	Credential Phishing BEC/Fraud Spam Evasion Social engineering Spoofing Content analysis Header analysis Sender analysis
Body HTML: Comment with 24-character hex token	Sublime Security	1mo ago Mar 17th, 2026	Spam Evasion Content analysis HTML analysis
Body: PayApp transaction reference pattern	Sublime Security	17d ago Apr 7th, 2026	Callback Phishing BEC/Fraud Impersonation: Brand Social engineering Content analysis
Body: Suspicious date format	Sublime Security	2d ago Apr 22nd, 2026	Credential Phishing Evasion Spoofing Social engineering Content analysis
Brand impersonation: AARP	Sublime Security	4mo ago Dec 1st, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis
Brand impersonation: Adobe Sign with suspicious indicators	Sublime Security	3mo ago Jan 8th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis HTML analysis Sender analysis
Brand impersonation: Adobe with suspicious language and link	Sublime Security	5mo ago Nov 24th, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Sender analysis
Brand impersonation: AliExpress	Sublime Security	8mo ago Aug 5th, 2025	Callback Phishing Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis URL analysis
Brand impersonation: Amazon Web Services (AWS)	Sublime Security	6mo ago Oct 10th, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis Optical Character Recognition Sender analysis Natural Language Understanding
Brand impersonation: Aquent	Sublime Security	6mo ago Oct 9th, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis
Brand impersonation: Aramco	Sublime Security	2mo ago Jan 28th, 2026	BEC/Fraud Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis HTML analysis Natural Language Understanding Sender analysis
Brand impersonation: AuthentiSign	Sublime Security	3mo ago Jan 21st, 2026	Credential Phishing BEC/Fraud Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis Sender analysis
Brand impersonation: Automobile assistance associations	Sublime Security	39m ago Apr 24th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Natural Language Understanding Header analysis Sender analysis
Brand impersonation: Binance	Sublime Security	7mo ago Sep 3rd, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis HTML analysis Natural Language Understanding Sender analysis
Brand impersonation: Box file sharing service	Sublime Security	7mo ago Sep 23rd, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Sender analysis
Brand impersonation: Coinbase with suspicious links	Sublime Security	7mo ago Sep 22nd, 2025	Credential Phishing Evasion Free subdomain host Image as content Impersonation: Brand Computer Vision Content analysis File analysis URL analysis
Brand impersonation: Discord notification	Sublime Security	6mo ago Oct 23rd, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis
Brand Impersonation: Disney	Sublime Security	1mo ago Mar 4th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision Natural Language Understanding Content analysis Header analysis Sender analysis
Brand impersonation: DocuSign branded attachment lure with no DocuSign links	Sublime Security	6mo ago Oct 22nd, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL screenshot
Brand impersonation: DocuSign with embedded QR code	Sublime Security	6mo ago Oct 17th, 2025	Credential Phishing Evasion Image as content Impersonation: Brand QR code Computer Vision Content analysis QR code analysis Sender analysis
Brand impersonation: Dropbox	Sublime Security	2mo ago Feb 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis File analysis Header analysis Sender analysis
Brand impersonation: Enbridge	Sublime Security	1y ago Jan 24th, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis
Brand impersonation: Evite	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Sender analysis
Brand impersonation: Fake DocuSign HTML table not linking to DocuSign domains	Sublime Security	4mo ago Dec 10th, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis HTML analysis Header analysis Sender analysis URL analysis
Brand impersonation: Fake Fax	Sublime Security	2mo ago Feb 5th, 2026	Credential Phishing Impersonation: Brand Image as content Free file host Free subdomain host Social engineering Computer Vision Content analysis Optical Character Recognition Sender analysis URL analysis
Brand impersonation: File sharing notification with template artifacts	Sublime Security	3mo ago Jan 23rd, 2026	Credential Phishing Impersonation: Brand Social engineering Evasion HTML analysis Computer Vision Content analysis Header analysis
Brand Impersonation: Gemini Trust Company	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis URL analysis Sender analysis Header analysis
Brand impersonation: GitHub with callback scam indicators	Sublime Security	1mo ago Mar 11th, 2026	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Content analysis Natural Language Understanding Sender analysis
Brand impersonation: Google Careers	Sublime Security	5mo ago Nov 12th, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis URL analysis
Brand impersonation: Google Drive fake file share	Sublime Security	4mo ago Dec 19th, 2025	Credential Phishing Malware/Ransomware Impersonation: Brand Social engineering Content analysis Header analysis URL analysis Computer Vision
Brand impersonation: Google Meet with malicious link	Sublime Security	2mo ago Feb 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis URL analysis
Brand impersonation: Google using Microsoft Forms	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis Sender analysis
Brand impersonation: Google Workspace alert notification	Sublime Security	4mo ago Dec 2nd, 2025	Credential Phishing Impersonation: Brand Social engineering Lookalike domain Header analysis Content analysis Sender analysis URL analysis
Brand impersonation: Greenvelope	Sublime Security	4mo ago Dec 1st, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis Sender analysis
Brand impersonation: Gusto	Sublime Security	2mo ago Feb 18th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Content analysis Header analysis Sender analysis
Brand impersonation: Interac	Sublime Security	2y ago Sep 16th, 2024	BEC/Fraud Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Brand impersonation: Internal Revenue Service	Sublime Security	3mo ago Jan 12th, 2026	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Natural Language Understanding Optical Character Recognition Sender analysis
Brand impersonation: LastPass	Sublime Security	1mo ago Mar 5th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Natural Language Understanding Sender analysis URL analysis Header analysis
Brand impersonation: Mailchimp	Sublime Security	25d ago Mar 30th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision Natural Language Understanding Content analysis Header analysis Sender analysis
Brand impersonation: Marriott with gift language	Sublime Security	2mo ago Feb 2nd, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis
Brand impersonation: McAfee	Sublime Security	15d ago Apr 9th, 2026	Credential Phishing BEC/Fraud Callback Phishing Impersonation: Brand Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Brand impersonation: Microsoft	@amitchell516	2mo ago Feb 3rd, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Sender analysis
Brand impersonation: Microsoft fake sign-in alert	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Header analysis Sender analysis Whois
Brand impersonation: Microsoft logo in HTML with fake quarantine release notification	Sublime Security	4mo ago Dec 10th, 2025	Credential Phishing Evasion Impersonation: Brand Social engineering Content analysis HTML analysis Sender analysis
Brand impersonation: Microsoft logo or suspicious language with open redirect	Sublime Security	2y ago Mar 7th, 2024	BEC/Fraud Impersonation: Brand Open redirect Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis
Brand impersonation: Microsoft Planner with suspicious link	Sublime Security	2mo ago Feb 6th, 2026	Credential Phishing Evasion Image as content Impersonation: Brand Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis
Brand impersonation: Microsoft quarantine release notification in body	Sublime Security	9mo ago Jul 16th, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Sender analysis

522 Rules

Page 3 of 11