Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Jan 23rd, 2026

Feed Source

GitHub

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
Brand impersonation: DocuSign with embedded QR code	Sublime Security	3mo ago Oct 17th, 2025	Credential Phishing Evasion Image as content Impersonation: Brand QR code Computer Vision Content analysis QR code analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-docusign-with-embedded-qr-code-f5cde463
Brand impersonation: Dropbox	Sublime Security	1d ago Jan 22nd, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis File analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-dropbox-61f11d12
Brand impersonation: Enbridge	Sublime Security	12mo ago Jan 24th, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-enbridge-203a6a28
Brand impersonation: Evite	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-evite-9e867a2b
Brand impersonation: Fake DocuSign HTML table not linking to DocuSign domains	Sublime Security	1mo ago Dec 10th, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis HTML analysis Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-fake-docusign-html-table-not-linking-to-docusign-domains-28923dde
Brand impersonation: Fake Fax	Sublime Security	2d ago Jan 21st, 2026	Credential Phishing Impersonation: Brand Image as content Free file host Free subdomain host Social engineering Computer Vision Content analysis Optical Character Recognition Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-fake-fax-2a96b90a
Brand impersonation: File sharing notification with template artifacts	Sublime Security	3h ago Jan 23rd, 2026	Credential Phishing Impersonation: Brand Social engineering Evasion HTML analysis Computer Vision Content analysis Header analysis	/feeds/core/detection-rules/brand-impersonation-file-sharing-notification-with-template-artifacts-37d89611
Brand Impersonation: Gemini Trust Company	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis URL analysis Sender analysis Header analysis	/feeds/core/detection-rules/brand-impersonation-gemini-trust-company-99574c94
Brand impersonation: Google Careers	Sublime Security	2mo ago Nov 12th, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-google-careers-cf2d97ad
Brand impersonation: Google Drive fake file share	Sublime Security	1mo ago Dec 19th, 2025	Credential Phishing Malware/Ransomware Impersonation: Brand Social engineering Content analysis Header analysis URL analysis Computer Vision	/feeds/core/detection-rules/brand-impersonation-google-drive-fake-file-share-b424a941
Brand impersonation: Google using Microsoft Forms	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-google-using-microsoft-forms-1daac608
Brand impersonation: Google Workspace alert notification	Sublime Security	1mo ago Dec 2nd, 2025	Credential Phishing Impersonation: Brand Social engineering Lookalike domain Header analysis Content analysis Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-google-workspace-alert-notification-143ffbc4
Brand impersonation: Greenvelope	Sublime Security	1mo ago Dec 1st, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-greenvelope-9cbbf9b8
Brand impersonation: Gusto	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-gusto-54025c1c
Brand impersonation: Interac	Sublime Security	2y ago Sep 16th, 2024	BEC/Fraud Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/brand-impersonation-interac-50a883dc
Brand impersonation: Internal Revenue Service	Sublime Security	11d ago Jan 12th, 2026	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-internal-revenue-service-3c63f8e9
Brand impersonation: Mailchimp	Sublime Security	4mo ago Sep 22nd, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Natural Language Understanding Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-mailchimp-48b454c7
Brand impersonation: Microsoft	@amitchell516	3mo ago Oct 9th, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-6e2f04e6
Brand impersonation: Microsoft fake sign-in alert	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Header analysis Sender analysis Whois	/feeds/core/detection-rules/brand-impersonation-microsoft-fake-sign-in-alert-3f4c9e7a
Brand impersonation: Microsoft logo in HTML with fake quarantine release notification	Sublime Security	1mo ago Dec 10th, 2025	Credential Phishing Evasion Impersonation: Brand Social engineering Content analysis HTML analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-logo-in-html-with-fake-quarantine-release-notification-f12c615c
Brand impersonation: Microsoft logo or suspicious language with open redirect	Sublime Security	2y ago Mar 7th, 2024	BEC/Fraud Impersonation: Brand Open redirect Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-logo-or-suspicious-language-with-open-redirect-27b8d8d8
Brand impersonation: Microsoft Planner with suspicious link	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Evasion Image as content Impersonation: Brand Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-planner-with-suspicious-link-ea363c08
Brand impersonation: Microsoft quarantine release notification in body	Sublime Security	6mo ago Jul 16th, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-quarantine-release-notification-in-body-6d19527c
Brand impersonation: Microsoft quarantine release notification in image attachment	Sublime Security	6mo ago Jul 16th, 2025	Credential Phishing Free file host Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-quarantine-release-notification-in-image-attachment-185db6b3
Brand impersonation: Microsoft Teams	Sublime Security	2y ago Dec 3rd, 2024	Credential Phishing Impersonation: Brand Social engineering Content analysis File analysis Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-teams-9cd53055
Brand impersonation: Microsoft Teams invitation	Sublime Security	1mo ago Dec 15th, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis HTML analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-teams-invitation-46410ad8
Brand impersonation: Microsoft with low reputation links	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Free file host Image as content Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-with-low-reputation-links-b59201b6
Brand impersonation: Navan	Sublime Security	4mo ago Sep 22nd, 2025	Credential Phishing Impersonation: Brand Social engineering Spoofing Sender analysis Natural Language Understanding URL analysis Content analysis	/feeds/core/detection-rules/brand-impersonation-navan-3573e9a8
Brand impersonation: Norton	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Free email provider Impersonation: Brand Social engineering Content analysis File analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-norton-32bd9efd
Brand impersonation: Okta	Sublime Security	4mo ago Sep 23rd, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-okta-b7a2989a
Brand impersonation: Paperless Post	Sublime Security	2mo ago Nov 6th, 2025	Credential Phishing Malware/Ransomware Impersonation: Brand Content analysis Header analysis HTML analysis Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-paperless-post-e9ec5e09
Brand Impersonation: PayPal	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Content analysis File analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-paypal-a6b2ceee
Brand impersonation: PNC	Sublime Security	3mo ago Oct 9th, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-pnc-1b5ae4fb
Brand Impersonation: Procore	Sublime Security	4mo ago Sep 3rd, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-procore-74baa1e5
Brand impersonation: Proofpoint secure messaging without legitimate indicators	Sublime Security	2mo ago Nov 17th, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis File analysis Header analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-proofpoint-secure-messaging-without-legitimate-indicators-84b72d02
Brand impersonation: Punchbowl	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-punchbowl-58937ba0
Brand impersonation: Purdue ePlanroom with suspicious links	Sublime Security	1mo ago Dec 2nd, 2025	Credential Phishing BEC/Fraud Impersonation: Brand Social engineering Content analysis Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-purdue-eplanroom-with-suspicious-links-4db5b0b6
Brand impersonation: Quickbooks	Sublime Security	8d ago Jan 15th, 2026	Callback Phishing Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-quickbooks-4fd791d1
Brand impersonation: QuickBooks notification from Intuit themed company name	Sublime Security	11d ago Jan 12th, 2026	Callback Phishing Credential Phishing BEC/Fraud Evasion Social engineering Content analysis Sender analysis Header analysis	/feeds/core/detection-rules/brand-impersonation-quickbooks-notification-from-intuit-themed-company-name-42058fc4
Brand impersonation: Robert Half	Sublime Security	3mo ago Oct 1st, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-robert-half-74f8826c
Brand impersonation: SendGrid	Sublime Security	11d ago Jan 12th, 2026	BEC/Fraud Credential Phishing Spam Impersonation: Brand Social engineering Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-sendgrid-d800124f
Brand Impersonation: ShareFile	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Evasion Lookalike domain Header analysis Content analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-sharefile-f8330307
Brand impersonation: Sharepoint	Sublime Security	13d ago Jan 10th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/brand-impersonation-sharepoint-284b1b70
Brand impersonation: Sharepoint fake file share	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Impersonation: Brand Social engineering Content analysis Header analysis URL analysis Computer Vision	/feeds/core/detection-rules/brand-impersonation-sharepoint-fake-file-share-ff8b296b
Brand Impersonation: Shein	Sublime Security	3mo ago Oct 15th, 2025	Credential Phishing Spam Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-shein-b5843f22
Brand impersonation: SiriusXM	Sublime Security	5mo ago Aug 5th, 2025	Callback Phishing Credential Phishing Spam Free email provider Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-siriusxm-70eb3792
Brand impersonation: Square	Sublime Security	3mo ago Oct 16th, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-square-63f9b449
Brand impersonation: Stripe notification	Sublime Security	3mo ago Sep 26th, 2025	Credential Phishing Evasion Impersonation: Brand Social engineering Content analysis Header analysis URL analysis Whois	/feeds/core/detection-rules/brand-impersonation-stripe-notification-3ffd2b03
Brand impersonation: Survey request with credential theft indicators	Sublime Security	2mo ago Nov 8th, 2025	Credential Phishing Social engineering Impersonation: Brand Spoofing Content analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/brand-impersonation-survey-request-with-credential-theft-indicators-ea1c0e09
Brand impersonation: TikTok	Sublime Security	2mo ago Oct 30th, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-tiktok-aaacc8b7

437 Rules

Page 3 of 9