Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Apr 24th, 2026

Feed Source

GitHub

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
Credential phishing: Onedrive impersonation	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Free subdomain host Impersonation: Brand Social engineering Content analysis Header analysis Natural Language Understanding URL analysis
Credential phishing: Re-Authentication lure	Sublime Security	6mo ago Oct 17th, 2025	Credential Phishing Social engineering Impersonation: Brand Natural Language Understanding Content analysis URL analysis Header analysis Sender analysis
Credential phishing: 'Secure message' and engaging language	Sublime Security	4d ago Apr 20th, 2026	Credential Phishing Social engineering Natural Language Understanding Sender analysis
Credential Phishing: Suspicious language, link, recipients and other indicators	Sublime Security	9mo ago Jul 16th, 2025	Credential Phishing Evasion Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis
Credential phishing: Suspicious subject with urgent financial request and link	Sublime Security	4d ago Apr 20th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Credential theft with 'safe content' deception and social engineering topics	Sublime Security	1mo ago Feb 25th, 2026	Credential Phishing Social engineering Evasion Content analysis Natural Language Understanding
Deceptive Dropbox mention	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Free file host Free subdomain host Social engineering Header analysis Content analysis Natural Language Understanding Sender analysis URL analysis
Domain impersonation: Freemail reply-to local lookalike with financial request	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Free email provider Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
EML attachment with credential theft language (unknown sender)	Sublime Security	1mo ago Mar 17th, 2026	Credential Phishing Evasion Social engineering Natural Language Understanding Sender analysis Content analysis Header analysis
Employee impersonation with urgent request (untrusted sender)	Sublime Security	3mo ago Jan 12th, 2026	BEC/Fraud Impersonation: Employee Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Extortion / sextortion in attachment from untrusted sender	Sublime Security	8mo ago Aug 5th, 2025	Extortion Social engineering Spoofing Computer Vision Content analysis File analysis Natural Language Understanding Optical Character Recognition Sender analysis
Extortion / sextortion (untrusted sender)	Sublime Security	3mo ago Jan 22nd, 2026	Extortion Social engineering Spoofing Content analysis Header analysis Natural Language Understanding Sender analysis
Fake email quarantine notification	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Social engineering Content analysis Natural Language Understanding Sender analysis
Fake message thread with a suspicious link and engaging language from an unknown sender	Sublime Security	5mo ago Nov 12th, 2025	Credential Phishing Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis
Fake request for tax preparation	Sublime Security	3mo ago Jan 12th, 2026	BEC/Fraud Malware/Ransomware Social engineering Content analysis Natural Language Understanding Sender analysis
Fake shipping notification with suspicious language	Sublime Security	2y ago May 3rd, 2024	Credential Phishing Spam Evasion Content analysis Natural Language Understanding
Fake thread with suspicious indicators	Sublime Security	3mo ago Jan 12th, 2026	BEC/Fraud Credential Phishing Spam Evasion Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Fake voicemail notification (untrusted sender)	Sublime Security	3mo ago Jan 22nd, 2026	Credential Phishing Social engineering Content analysis Natural Language Understanding Sender analysis URL analysis
Fake Zoom meeting invite with suspicious link	Sublime Security	4mo ago Dec 1st, 2025	Credential Phishing Impersonation: Brand Evasion Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis
Fraudulent order confirmation/shipping notification from Chinese sender domain	Sublime Security	3mo ago Jan 12th, 2026	BEC/Fraud Social engineering Content analysis Natural Language Understanding Sender analysis Whois
Free subdomain link with credential theft indicators	Sublime Security	2y ago Dec 12th, 2024	Credential Phishing Free subdomain host Content analysis Header analysis Natural Language Understanding Optical Character Recognition URL analysis URL screenshot
Google Accelerated Mobile Pages (AMP) abuse	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Impersonation: Brand Open redirect Computer Vision Content analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis URL screenshot
Google Drive abuse: Credential phishing link	Sublime Security	2y ago Jul 31st, 2024	Credential Phishing Free file host Impersonation: Brand Computer Vision Natural Language Understanding Optical Character Recognition Sender analysis URL analysis URL screenshot
Headers: Self-sender using Microsoft CompAuth bypass with credential theft content	Sublime Security	3d ago Apr 21st, 2026	Credential Phishing Spoofing Evasion Natural Language Understanding Header analysis Sender analysis
Headers: System account impersonation with empty sender address	Sublime Security	3mo ago Jan 12th, 2026	BEC/Fraud Credential Phishing Impersonation: Employee Social engineering Spoofing Header analysis Sender analysis Natural Language Understanding
Honorific greeting BEC attempt with sender and reply-to mismatch	Sublime Security	3mo ago Jan 12th, 2026	BEC/Fraud Free email provider Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
HR impersonation via e-sign agreement comment	Sublime Security	3mo ago Jan 12th, 2026	BEC/Fraud Credential Phishing Evasion Impersonation: Brand Out of band pivot Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Impersonation: Human Resources with link or attachment and engaging language	Sublime Security	9mo ago Jul 16th, 2025	BEC/Fraud Credential Phishing Impersonation: Employee Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Impersonation: Internal corporate services	Sublime Security	2mo ago Jan 28th, 2026	Credential Phishing Impersonation: Employee Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Impersonation: Recipient organization in sender display name with credential theft image	Sublime Security	2mo ago Feb 17th, 2026	Credential Phishing Image as content Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Natural Language Understanding Optical Character Recognition Sender analysis
Impersonation: Salesforce fake campaign failure notification	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Natural Language Understanding Sender analysis URL analysis
Impersonation: Suspected supplier impersonation with suspicious content	Sublime Security	1y ago Feb 3rd, 2025	BEC/Fraud Evasion Free email provider Lookalike domain Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis Whois
Issuu document with suspicious embedded link	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Social engineering Free file host Evasion URL analysis URL screenshot Natural Language Understanding Optical Character Recognition
Job scam (unsolicited sender)	Sublime Security	5mo ago Nov 3rd, 2025	BEC/Fraud Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Job scam with specific salary pattern	Sublime Security	3mo ago Jan 21st, 2026	BEC/Fraud Social engineering Content analysis Natural Language Understanding Header analysis Sender analysis
Link: Adobe share with suspicious indicators	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Evasion Free file host Content analysis URL screenshot Sender analysis Natural Language Understanding URL analysis
Link: Blogspot hosting explicit romance content	Sublime Security	1mo ago Mar 9th, 2026	Spam Free subdomain host Social engineering Natural Language Understanding URL analysis
Link: chatbot.page platform abuse	Sublime Security	8mo ago Aug 5th, 2025	Credential Phishing Social engineering Out of band pivot URL analysis Natural Language Understanding Content analysis HTML analysis Javascript analysis URL screenshot
Link: Cloud service with credential theft language	Sublime Security	1d ago Apr 23rd, 2026	Credential Phishing Social engineering Content analysis Natural Language Understanding Sender analysis URL analysis
Link: Credential phishing traversing Russian infrastructure	Sublime Security	8mo ago Aug 5th, 2025	Credential Phishing Social engineering Content analysis Header analysis Natural Language Understanding URL analysis
Link: Credential theft with invisible Unicode character in page title from unsolicited sender	Sublime Security	2mo ago Feb 13th, 2026	Credential Phishing Evasion Social engineering Natural Language Understanding Content analysis HTML analysis URL analysis URL screenshot
Link: Cryptocurrency fraud with suspicious links	Sublime Security	4mo ago Dec 1st, 2025	BEC/Fraud Social engineering Evasion Free subdomain host Scripting Content analysis Header analysis Javascript analysis Natural Language Understanding Sender analysis URL analysis URL screenshot Whois
Link: Display text matches subject line	Sublime Security	5mo ago Nov 14th, 2025	BEC/Fraud Credential Phishing Social engineering Evasion Header analysis Content analysis Natural Language Understanding URL analysis
Link: Executable file download with suspicious message content	Sublime Security	6mo ago Oct 16th, 2025	Credential Phishing Malware/Ransomware Evasion Social engineering Content analysis Natural Language Understanding Sender analysis URL analysis Header analysis
Link: Figma design deck with credential theft language	Sublime Security	1mo ago Mar 4th, 2026	Credential Phishing Evasion Free file host Social engineering Natural Language Understanding Computer Vision Optical Character Recognition URL analysis URL screenshot Sender analysis
Link: File sharing impersonation with suspicious language and sending patterns	Sublime Security	5mo ago Oct 31st, 2025	BEC/Fraud Credential Phishing Social engineering Free subdomain host Impersonation: Brand Natural Language Understanding URL analysis Sender analysis Header analysis Content analysis
Link: File sharing pretext with suspicious body and link	Sublime Security	6mo ago Oct 10th, 2025	Credential Phishing Social engineering Evasion Natural Language Understanding Content analysis URL analysis HTML analysis
Link: Financial account issue with suspicious indicators	Sublime Security	1mo ago Mar 24th, 2026	Credential Phishing Free file host Free subdomain host Social engineering Content analysis Natural Language Understanding URL analysis Whois
Link: Free file hosting with undisclosed recipients	Sublime Security	1mo ago Mar 19th, 2026	Credential Phishing Malware/Ransomware Free file host Free subdomain host Evasion Header analysis URL analysis Sender analysis Natural Language Understanding
Link: Google Forms link with credential theft language	Sublime Security	1mo ago Mar 2nd, 2026	Credential Phishing Social engineering Natural Language Understanding Sender analysis URL analysis

226 Rules

Page 3 of 5