Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Apr 24th, 2026

Feed Source

GitHub

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
Commonly abused sender TLD with engaging language	Sublime Security	8mo ago Aug 7th, 2025	Credential Phishing Social engineering File analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis
Compensation review with QR code in attached EML	Sublime Security	4mo ago Nov 26th, 2025	Credential Phishing QR code Social engineering Computer Vision Content analysis Optical Character Recognition QR code analysis
Credential phishing: DocuSign embedded image lure with no DocuSign domains in links	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis
Credential phishing: Image as content, short or no body contents	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Evasion Image as content Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition
Extortion / sextortion in attachment from untrusted sender	Sublime Security	8mo ago Aug 5th, 2025	Extortion Social engineering Spoofing Computer Vision Content analysis File analysis Natural Language Understanding Optical Character Recognition Sender analysis
Fake scan-to-email message	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Free file host Social engineering Content analysis Optical Character Recognition Sender analysis URL analysis
Free subdomain link with credential theft indicators	Sublime Security	2y ago Dec 12th, 2024	Credential Phishing Free subdomain host Content analysis Header analysis Natural Language Understanding Optical Character Recognition URL analysis URL screenshot
Google Accelerated Mobile Pages (AMP) abuse	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Impersonation: Brand Open redirect Computer Vision Content analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis URL screenshot
Google Drive abuse: Credential phishing link	Sublime Security	2y ago Jul 31st, 2024	Credential Phishing Free file host Impersonation: Brand Computer Vision Natural Language Understanding Optical Character Recognition Sender analysis URL analysis URL screenshot
Impersonation: Recipient organization in sender display name with credential theft image	Sublime Security	2mo ago Feb 17th, 2026	Credential Phishing Image as content Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Natural Language Understanding Optical Character Recognition Sender analysis
Issuu document with suspicious embedded link	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Social engineering Free file host Evasion URL analysis URL screenshot Natural Language Understanding Optical Character Recognition
Link: Figma design deck with credential theft language	Sublime Security	1mo ago Mar 4th, 2026	Credential Phishing Evasion Free file host Social engineering Natural Language Understanding Computer Vision Optical Character Recognition URL analysis URL screenshot Sender analysis
Link: Microsoft Dynamics 365 form phishing	Sublime Security	2mo ago Jan 27th, 2026	Credential Phishing Evasion Content analysis File analysis Optical Character Recognition Natural Language Understanding URL analysis URL screenshot
Link: Multistage landing - Abused Adobe Acrobat hosted PDF	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision Optical Character Recognition URL analysis Header analysis Sender analysis
Link: Multistage landing - Ludus presentation	Sublime Security	8mo ago Aug 5th, 2025	Credential Phishing Evasion Social engineering Impersonation: Brand Header analysis URL analysis Computer Vision URL screenshot Natural Language Understanding Optical Character Recognition Sender analysis
Link: Multistage landing - Scribd document	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Evasion Social engineering Impersonation: Brand Free file host URL analysis HTML analysis Natural Language Understanding Computer Vision Optical Character Recognition URL screenshot
Link: QuickBooks image lure with suspicious link	Sublime Security	9mo ago Jul 23rd, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Optical Character Recognition URL analysis
Link to auto-downloaded file with Adobe branding	Sublime Security	9mo ago Jul 16th, 2025	Malware/Ransomware Impersonation: Brand Social engineering File analysis Optical Character Recognition Sender analysis URL analysis URL screenshot
Link to auto-downloaded file with Google Drive branding	Sublime Security	3mo ago Jan 12th, 2026	Malware/Ransomware Impersonation: Brand Social engineering Content analysis File analysis Optical Character Recognition URL analysis URL screenshot
Open Redirect: Google domain with /url path and suspicious indicators	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Evasion Open redirect Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis
Spam: Mastercard promotional content with image-based body	Sublime Security	5mo ago Nov 5th, 2025	Credential Phishing Spam Image as content Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis
Suspicious attachment: Duplicate decoy PDF files	Sublime Security	8mo ago Aug 5th, 2025	Credential Phishing Evasion PDF File analysis Optical Character Recognition
Suspicious recipient pattern and language with low reputation link to login	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis URL screenshot
X (Twitter) impersonation with credential phishing motives	Sublime Security	8mo ago Aug 5th, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Header analysis Optical Character Recognition Natural Language Understanding Sender analysis

74 Rules

Page 2 of 2