Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Apr 24th, 2026

Feed Source

GitHub

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
Hardbacon infrastructure abuse	Sublime Security	2y ago Dec 20th, 2024	Credential Phishing Evasion Impersonation: Brand Social engineering Header analysis Sender analysis
Headers: Fake in-reply-to with wildcard sender and missing thread context	Sublime Security	3mo ago Jan 23rd, 2026	BEC/Fraud Credential Phishing Evasion Social engineering Spoofing Header analysis Sender analysis Content analysis
Headers: Invalid recipient domain with mismatched reply-to from new sender	Sublime Security	5mo ago Nov 21st, 2025	BEC/Fraud Credential Phishing Spam Evasion Social engineering Header analysis Sender analysis
Headers: Self-sender using Microsoft CompAuth bypass with credential theft content	Sublime Security	4d ago Apr 21st, 2026	Credential Phishing Spoofing Evasion Natural Language Understanding Header analysis Sender analysis
Headers: System account impersonation with empty sender address	Sublime Security	3mo ago Jan 12th, 2026	BEC/Fraud Credential Phishing Impersonation: Employee Social engineering Spoofing Header analysis Sender analysis Natural Language Understanding
Honorific greeting BEC attempt with sender and reply-to mismatch	Sublime Security	3mo ago Jan 12th, 2026	BEC/Fraud Free email provider Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
HR impersonation via e-sign agreement comment	Sublime Security	3mo ago Jan 12th, 2026	BEC/Fraud Credential Phishing Evasion Impersonation: Brand Out of band pivot Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
HTML smuggling containing recipient email address	Sublime Security	5mo ago Nov 4th, 2025	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis File analysis Sender analysis
Impersonation: Chrome Web Store policy	Sublime Security	8mo ago Aug 5th, 2025	Credential Phishing Impersonation: Brand Free email provider Lookalike domain Content analysis Header analysis HTML analysis Sender analysis URL analysis
Impersonation: Executive using numbered local part	Sublime Security	2mo ago Jan 30th, 2026	BEC/Fraud Free email provider Impersonation: VIP Social engineering Header analysis Sender analysis
Impersonation: Fake Gmail attachment	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Content analysis File analysis Sender analysis
Impersonation: Human Resources with link or attachment and engaging language	Sublime Security	9mo ago Jul 16th, 2025	BEC/Fraud Credential Phishing Impersonation: Employee Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Impersonation: Internal corporate services	Sublime Security	2mo ago Jan 28th, 2026	Credential Phishing Impersonation: Employee Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Impersonation: Legal firm with copyright infringement notice	Sublime Security	1mo ago Mar 10th, 2026	BEC/Fraud Extortion Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis
Impersonation: Recipient organization in sender display name with credential theft image	Sublime Security	2mo ago Feb 17th, 2026	Credential Phishing Image as content Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Natural Language Understanding Optical Character Recognition Sender analysis
Impersonation: Salesforce fake campaign failure notification	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Natural Language Understanding Sender analysis URL analysis
Impersonation: SharePoint reply header anomaly	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Social engineering Impersonation: Brand Evasion Spoofing Header analysis Content analysis Sender analysis
Impersonation: Social Security Administration (SSA)	Sublime Security	24d ago Apr 1st, 2026	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Sender analysis URL analysis
Impersonation: Suspected supplier impersonation with suspicious content	Sublime Security	1y ago Feb 3rd, 2025	BEC/Fraud Evasion Free email provider Lookalike domain Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis Whois
Impersonation using recipient domain (untrusted sender)	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Social engineering Header analysis Sender analysis
Inbound message from popular service via newly observed distribution list	Sublime Security	8mo ago Aug 5th, 2025	Callback Phishing Evasion Social engineering Header analysis Sender analysis
Invoicera infrastructure abuse	Sublime Security	2y ago Mar 7th, 2024	Credential Phishing Spam Free file host Free subdomain host Image as content Social engineering Content analysis Header analysis Sender analysis
Job scam (unsolicited sender)	Sublime Security	5mo ago Nov 3rd, 2025	BEC/Fraud Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Job scam with specific salary pattern	Sublime Security	3mo ago Jan 21st, 2026	BEC/Fraud Social engineering Content analysis Natural Language Understanding Header analysis Sender analysis
Link: Abused Adobe Express	Sublime Security	9mo ago Jul 23rd, 2025	Credential Phishing Evasion Free subdomain host Free file host Content analysis Sender analysis URL analysis Whois HTML analysis
Link abuse: Self-service creation platform link with suspicious recipient behavior	Sublime Security	4mo ago Dec 2nd, 2025	BEC/Fraud Credential Phishing Spam Free email provider Social engineering Header analysis Sender analysis URL analysis
Link: Adobe share from unsolicited sender	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Free file host Evasion Content analysis Sender analysis
Link: Adobe share with suspicious indicators	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Evasion Free file host Content analysis URL screenshot Sender analysis Natural Language Understanding URL analysis
Link: Apple App Store malicious ad manager themed apps from free email provider	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing BEC/Fraud Malware/Ransomware Free email provider Social engineering Evasion Content analysis Sender analysis URL analysis
Link: Apple TestFlight from suspicious sender	Sublime Security	24d ago Apr 1st, 2026	Credential Phishing Free email provider Evasion Sender analysis URL analysis
Link: Cloud service with credential theft language	Sublime Security	2d ago Apr 23rd, 2026	Credential Phishing Social engineering Content analysis Natural Language Understanding Sender analysis URL analysis
Link: Cryptocurrency fraud with suspicious links	Sublime Security	4mo ago Dec 1st, 2025	BEC/Fraud Social engineering Evasion Free subdomain host Scripting Content analysis Header analysis Javascript analysis Natural Language Understanding Sender analysis URL analysis URL screenshot Whois
Link: Direct download of executable file	Sublime Security	1mo ago Mar 2nd, 2026	Malware/Ransomware Evasion Sender analysis URL analysis
Link: Direct link to riddle.com hosted showcase	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Free file host Sender analysis URL analysis Header analysis
Link: Direct link to Zoom Docs from non-Zoom sender	Sublime Security	8mo ago Aug 5th, 2025	Credential Phishing Social engineering Impersonation: Brand Header analysis URL analysis Sender analysis
Link: Direct MSI download from low reputation domain	Sublime Security	2mo ago Feb 19th, 2026	Malware/Ransomware Evasion Sender analysis URL analysis
Link: Executable file download with suspicious message content	Sublime Security	6mo ago Oct 16th, 2025	Credential Phishing Malware/Ransomware Evasion Social engineering Content analysis Natural Language Understanding Sender analysis URL analysis Header analysis
Link: Figma design deck with credential theft language	Sublime Security	1mo ago Mar 4th, 2026	Credential Phishing Evasion Free file host Social engineering Natural Language Understanding Computer Vision Optical Character Recognition URL analysis URL screenshot Sender analysis
Link: File sharing impersonation with suspicious language and sending patterns	Sublime Security	5mo ago Oct 31st, 2025	BEC/Fraud Credential Phishing Social engineering Free subdomain host Impersonation: Brand Natural Language Understanding URL analysis Sender analysis Header analysis Content analysis
Link: Free file hosting with undisclosed recipients	Sublime Security	1mo ago Mar 19th, 2026	Credential Phishing Malware/Ransomware Free file host Free subdomain host Evasion Header analysis URL analysis Sender analysis Natural Language Understanding
Link: Google Calendar invite linking to an open redirect from an untrusted freemail sender	Sublime Security	9mo ago Jul 16th, 2025	Spam Free email provider Free file host Open redirect Social engineering Content analysis Sender analysis URL analysis
Link: Google Drawings link from new sender	Sublime Security	1mo ago Mar 9th, 2026	Credential Phishing BEC/Fraud Social engineering URL analysis Sender analysis
Link: Google Forms link with credential theft language	Sublime Security	1mo ago Mar 2nd, 2026	Credential Phishing Social engineering Natural Language Understanding Sender analysis URL analysis
Link: Google Translate (unsolicited)	@ajpc500	3mo ago Jan 12th, 2026	Credential Phishing Open redirect Sender analysis URL analysis
Link: Hotel booking spoofed display URL	Sublime Security	2mo ago Feb 17th, 2026	BEC/Fraud Credential Phishing Evasion Social engineering URL analysis Sender analysis
Link: Invoice or receipt from freemail sender with customer service number	@vector_sec	3mo ago Jan 12th, 2026	BEC/Fraud Callback Phishing Free email provider Impersonation: Brand Social engineering Content analysis Sender analysis URL analysis
Link: IPFS	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Free file host Free subdomain host IPFS Sender analysis URL analysis
Link: Jensi file preview link from unsolicited sender	Sublime Security	3mo ago Jan 12th, 2026	Callback Phishing Free file host Free subdomain host Content analysis URL analysis Sender analysis
Link: Job recruitment lure from unsolicited sender with suspicious hosting	Sublime Security	18d ago Apr 7th, 2026	Credential Phishing Social engineering Content analysis Sender analysis URL analysis
Link: Microsoft impersonation using hosted png with suspicious link	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Natural Language Understanding Sender analysis URL analysis

646 Rules

Page 7 of 13