Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Jan 23rd, 2026

Feed Source

GitHub

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
Brand impersonation: Box file sharing service	Sublime Security	4mo ago Sep 23rd, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-box-file-sharing-service-03da310c
Brand impersonation: Capital One	Sublime Security	2mo ago Nov 17th, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Sender analysis Header analysis	/feeds/core/detection-rules/brand-impersonation-capital-one-d53848e4
Brand impersonation: Charles Schwab	Sublime Security	4mo ago Sep 3rd, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-charles-schwab-7abde595
Brand impersonation: Chase Bank	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-chase-bank-c680f1e7
Brand impersonation: Coinbase	Sublime Security	2mo ago Nov 4th, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-coinbase-3dca757a
Brand impersonation: Dashlane	Sublime Security	6mo ago Jul 16th, 2025	Credential Phishing Impersonation: Brand Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-dashlane-9e400937
Brand impersonation: DHL	Sublime Security	1mo ago Dec 1st, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-dhl-be4b4ae0
Brand impersonation: DigitalOcean	Sublime Security	4mo ago Sep 18th, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-digitalocean-7f2f0e97
Brand Impersonation: Disney	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision Natural Language Understanding Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-disney-bf90b8fb
Brand impersonation: DocSend	Sublime Security	5mo ago Aug 5th, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-docsend-cd9a3f7a
Brand impersonation: DocuSign	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Spoofing Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-docusign-4d29235c
Brand impersonation: DocuSign branded attachment lure with no DocuSign links	Sublime Security	3mo ago Oct 22nd, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL screenshot	/feeds/core/detection-rules/brand-impersonation-docusign-branded-attachment-lure-with-no-docusign-links-814a5694
Brand impersonation: DocuSign (QR code)	Sublime Security	3mo ago Oct 15th, 2025	Credential Phishing Impersonation: Brand PDF QR code Social engineering Computer Vision Header analysis QR code analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-docusign-qr-code-0b16c28a
Brand impersonation: DoorDash	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-doordash-b0aaaed5
Brand impersonation: Dotloop	Sublime Security	6mo ago Jul 16th, 2025	Credential Phishing Impersonation: Brand Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-dotloop-f997581a
Brand impersonation: Dropbox	Sublime Security	1d ago Jan 22nd, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis File analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-dropbox-61f11d12
Brand impersonation: Enbridge	Sublime Security	12mo ago Jan 24th, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-enbridge-203a6a28
Brand impersonation: Exodus	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/brand-impersonation-exodus-40c77ecc
Brand impersonation: Fake DocuSign HTML table not linking to DocuSign domains	Sublime Security	1mo ago Dec 10th, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis HTML analysis Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-fake-docusign-html-table-not-linking-to-docusign-domains-28923dde
Brand impersonation: FedEx	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-fedex-94a2b602
Brand impersonation: File sharing notification with template artifacts	Sublime Security	4h ago Jan 23rd, 2026	Credential Phishing Impersonation: Brand Social engineering Evasion HTML analysis Computer Vision Content analysis Header analysis	/feeds/core/detection-rules/brand-impersonation-file-sharing-notification-with-template-artifacts-37d89611
Brand impersonation: FINRA	Sublime Security	3mo ago Oct 3rd, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-finra-15c81db4
Brand Impersonation: Gemini Trust Company	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis URL analysis Sender analysis Header analysis	/feeds/core/detection-rules/brand-impersonation-gemini-trust-company-99574c94
Brand impersonation: Github	Sublime Security	2mo ago Nov 3rd, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-github-9402f92b
Brand impersonation: GoDaddy	Sublime Security	4mo ago Sep 17th, 2025	Credential Phishing Impersonation: Brand Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-godaddy-4130d555
Brand impersonation: Google Careers	Sublime Security	2mo ago Nov 12th, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-google-careers-cf2d97ad
Brand impersonation: Google Drive fake file share	Sublime Security	1mo ago Dec 19th, 2025	Credential Phishing Malware/Ransomware Impersonation: Brand Social engineering Content analysis Header analysis URL analysis Computer Vision	/feeds/core/detection-rules/brand-impersonation-google-drive-fake-file-share-b424a941
Brand Impersonation: Google (QR Code)	Sublime Security	3mo ago Oct 17th, 2025	Credential Phishing Impersonation: Brand PDF QR code Computer Vision Header analysis QR code analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-google-qr-code-7ffd184c
Brand impersonation: Google using Microsoft Forms	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-google-using-microsoft-forms-1daac608
Brand impersonation: Google Workspace alert notification	Sublime Security	1mo ago Dec 2nd, 2025	Credential Phishing Impersonation: Brand Social engineering Lookalike domain Header analysis Content analysis Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-google-workspace-alert-notification-143ffbc4
Brand impersonation: Gusto	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-gusto-54025c1c
Brand impersonation: Hulu	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Spam Free email provider Impersonation: Brand Lookalike domain Social engineering Computer Vision Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-hulu-6833de58
Brand impersonation: Interac	Sublime Security	2y ago Sep 16th, 2024	BEC/Fraud Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/brand-impersonation-interac-50a883dc
Brand impersonation: KnowBe4	Sublime Security	2y ago Nov 25th, 2024	Credential Phishing Spam Free email provider Impersonation: Brand Lookalike domain Social engineering Computer Vision Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-knowbe4-7c798386
Brand impersonation: Ledger	Sublime Security	1y ago Jan 3rd, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-ledger-5f934755
Brand impersonation: LinkedIn	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-linkedin-1a0cde6d
Brand impersonation: Mailchimp	Sublime Security	4mo ago Sep 22nd, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Natural Language Understanding Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-mailchimp-48b454c7
Brand impersonation: Meta and subsidiaries	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-meta-and-subsidiaries-e38f1e3b
Brand impersonation: MetaMask	Sublime Security	4mo ago Sep 22nd, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Computer Vision Natural Language Understanding Sender analysis Header analysis	/feeds/core/detection-rules/brand-impersonation-metamask-ddb4c618
Brand impersonation: Microsoft fake sign-in alert	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Header analysis Sender analysis Whois	/feeds/core/detection-rules/brand-impersonation-microsoft-fake-sign-in-alert-3f4c9e7a
Brand impersonation: Microsoft logo or suspicious language with open redirect	Sublime Security	2y ago Mar 7th, 2024	BEC/Fraud Impersonation: Brand Open redirect Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-logo-or-suspicious-language-with-open-redirect-27b8d8d8
Brand impersonation: Microsoft Planner with suspicious link	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Evasion Image as content Impersonation: Brand Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-planner-with-suspicious-link-ea363c08
Brand impersonation: Microsoft (QR code)	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand PDF QR code Social engineering Computer Vision Header analysis QR code analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-qr-code-ed0f772a
Brand impersonation: Microsoft quarantine release notification in image attachment	Sublime Security	6mo ago Jul 16th, 2025	Credential Phishing Free file host Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-quarantine-release-notification-in-image-attachment-185db6b3
Brand impersonation: Microsoft Teams invitation	Sublime Security	1mo ago Dec 15th, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis HTML analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-teams-invitation-46410ad8
Brand impersonation: Microsoft with low reputation links	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Free file host Image as content Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-with-low-reputation-links-b59201b6
Brand impersonation: Netflix	min0k	11d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-netflix-9f39eea5
Brand impersonation: Norton	Sublime Security	11d ago Jan 12th, 2026	Credential Phishing Free email provider Impersonation: Brand Social engineering Content analysis File analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-norton-32bd9efd
Brand impersonation: Okta	Sublime Security	4mo ago Sep 23rd, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-okta-b7a2989a
Brand impersonation: Outlook	Sublime Security	2y ago May 29th, 2024	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-outlook-1fe5bf7b

336 Rules

Page 2 of 7