Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Apr 24th, 2026

Feed Source

GitHub

Rule Name & Severity	Author	Last Updated	Labels
Advance Fee Fraud (AFF) from freemail provider or suspicious TLD	Sublime Security	11d ago Apr 14th, 2026	BEC/Fraud Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Anthropic Magic String in HTML	Sublime Security	2mo ago Feb 9th, 2026	Malware/Ransomware Exploit Content analysis
Attachment: Adobe image lure in body or attachment with suspicious link	Sublime Security	3mo ago Jan 5th, 2026	Credential Phishing Image as content Impersonation: Brand Content analysis Computer Vision Optical Character Recognition Sender analysis URL analysis
Attachment: Callback phishing solicitation via pdf file	Sublime Security	8mo ago Aug 5th, 2025	Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis
Attachment: EML containing a base64 encoded script	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Evasion HTML smuggling Scripting Social engineering File analysis HTML analysis Sender analysis
Attachment: EML file contains HTML attachment with login portal indicators	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Evasion HTML smuggling Content analysis File analysis Header analysis HTML analysis Javascript analysis Sender analysis
Attachment: EML file with HTML attachment (unsolicited)	Sublime Security	8mo ago Aug 20th, 2025	Credential Phishing Malware/Ransomware Evasion HTML smuggling Content analysis File analysis Header analysis HTML analysis Sender analysis
Attachment: EML with link to credential phishing page	Sublime Security	9mo ago Jul 16th, 2025	Credential Phishing Evasion Free file host Free subdomain host Social engineering Computer Vision Content analysis File analysis Header analysis HTML analysis Natural Language Understanding Optical Character Recognition URL analysis URL screenshot
Attachment: EML with Sharepoint link likely unrelated to sender	Sublime Security	7mo ago Sep 23rd, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Evasion File analysis URL analysis Header analysis Sender analysis
Attachment: EML with suspicious indicators	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Evasion HTML smuggling Social engineering Content analysis File analysis
Attachment: Fake attachment image lure	Sublime Security	7mo ago Sep 22nd, 2025	Credential Phishing Malware/Ransomware Evasion Image as content Social engineering File analysis Natural Language Understanding Optical Character Recognition
BEC/Fraud: Job scam fake thread or plaintext pivot to freemail	Sublime Security	3mo ago Jan 12th, 2026	BEC/Fraud Free email provider Out of band pivot Content analysis File analysis Natural Language Understanding
BEC/Fraud: Student loan callback phishing	Sublime Security	7mo ago Sep 5th, 2025	BEC/Fraud Free email provider Out of band pivot Social engineering Content analysis Natural Language Understanding Sender analysis
Body: Embedded email headers indicative of thread hijacking/abuse	Sublime Security	4mo ago Dec 1st, 2025	Credential Phishing BEC/Fraud Spam Evasion Social engineering Spoofing Content analysis Header analysis Sender analysis
Body HTML: Comment with 24-character hex token	Sublime Security	1mo ago Mar 17th, 2026	Spam Evasion Content analysis HTML analysis
Body HTML: Recipient SLD in HTML class	Sublime Security	7mo ago Sep 23rd, 2025	Credential Phishing Evasion Social engineering HTML analysis Header analysis Sender analysis
Brand impersonation: Adobe Sign with suspicious indicators	Sublime Security	3mo ago Jan 8th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis HTML analysis Sender analysis
Brand impersonation: Booking.com	Sublime Security	1mo ago Mar 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Natural Language Understanding Header analysis Sender analysis
Brand impersonation: Capital One	Sublime Security	5mo ago Nov 17th, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Sender analysis Header analysis
Brand impersonation: DocuSign	Sublime Security	8d ago Apr 17th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Spoofing Header analysis Sender analysis URL analysis
Brand impersonation: Dropbox	Sublime Security	2mo ago Feb 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis File analysis Header analysis Sender analysis
Brand impersonation: Evite	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Sender analysis
Brand impersonation: Fake DocuSign HTML table not linking to DocuSign domains	Sublime Security	4mo ago Dec 10th, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis HTML analysis Header analysis Sender analysis URL analysis
Brand impersonation: Fake Fax	Sublime Security	2mo ago Feb 5th, 2026	Credential Phishing Impersonation: Brand Image as content Free file host Free subdomain host Social engineering Computer Vision Content analysis Optical Character Recognition Sender analysis URL analysis
Brand impersonation: File sharing notification with template artifacts	Sublime Security	3mo ago Jan 23rd, 2026	Credential Phishing Impersonation: Brand Social engineering Evasion HTML analysis Computer Vision Content analysis Header analysis
Brand impersonation: Google Drive fake file share	Sublime Security	4mo ago Dec 19th, 2025	Credential Phishing Malware/Ransomware Impersonation: Brand Social engineering Content analysis Header analysis URL analysis Computer Vision
Brand impersonation: Google Meet with malicious link	Sublime Security	2mo ago Feb 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis URL analysis
Brand impersonation: Google using Microsoft Forms	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis Sender analysis
Brand impersonation: Google Workspace alert notification	Sublime Security	4mo ago Dec 2nd, 2025	Credential Phishing Impersonation: Brand Social engineering Lookalike domain Header analysis Content analysis Sender analysis URL analysis
Brand impersonation: Greenvelope	Sublime Security	4mo ago Dec 1st, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis Sender analysis
Brand impersonation: Mailgun	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing BEC/Fraud Impersonation: Brand Sender analysis
Brand impersonation: Microsoft logo in HTML with fake quarantine release notification	Sublime Security	4mo ago Dec 10th, 2025	Credential Phishing Evasion Impersonation: Brand Social engineering Content analysis HTML analysis Sender analysis
Brand impersonation: Microsoft (QR code)	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand PDF QR code Social engineering Computer Vision Header analysis QR code analysis Sender analysis
Brand impersonation: Microsoft Teams invitation	Sublime Security	2mo ago Feb 6th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis HTML analysis URL analysis
Brand impersonation: Microsoft with low reputation links	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Free file host Image as content Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis
Brand impersonation: Paperless Post	Sublime Security	5mo ago Nov 6th, 2025	Credential Phishing Malware/Ransomware Impersonation: Brand Content analysis Header analysis HTML analysis Sender analysis URL analysis
Brand impersonation: Punchbowl	Sublime Security	2mo ago Feb 13th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Sender analysis
Brand impersonation: QuickBooks notification from Intuit themed company name	Sublime Security	3mo ago Jan 12th, 2026	Callback Phishing Credential Phishing BEC/Fraud Evasion Social engineering Content analysis Sender analysis Header analysis
Brand impersonation: Sharepoint	Sublime Security	3mo ago Jan 10th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Natural Language Understanding Sender analysis
Brand impersonation: Sharepoint fake file share	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Impersonation: Brand Social engineering Content analysis Header analysis URL analysis Computer Vision
Brand impersonation: SharePoint PDF attachment with credential theft language	Sublime Security	5mo ago Nov 7th, 2025	Credential Phishing Impersonation: Brand Social engineering PDF Evasion Computer Vision File analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis Header analysis Whois
Brand impersonation: UK government Home Office	Sublime Security	3mo ago Jan 12th, 2026	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Lookalike domain Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis
Brand impersonation: USPS	Sublime Security	12d ago Apr 13th, 2026	Credential Phishing Image as content Impersonation: Brand Social engineering Computer Vision Content analysis Natural Language Understanding Sender analysis
Brand impersonation: Wells Fargo	Sublime Security	10d ago Apr 15th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Content analysis Sender analysis
Brand impersonation: Zoom	Sublime Security	7mo ago Sep 22nd, 2025	Credential Phishing Impersonation: Brand Social engineering Evasion Computer Vision Content analysis HTML analysis Natural Language Understanding URL analysis
Brand impersonation: Zoom via HTML styling	Sublime Security	1mo ago Feb 27th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis HTML analysis
Callback phishing: AOL senders with suspicious HTML template or PDF attachment	Sublime Security	3mo ago Jan 12th, 2026	Callback Phishing Free email provider Social engineering Content analysis Header analysis File analysis HTML analysis Exif analysis Sender analysis
Callback phishing in body or attachment (untrusted sender)	Sublime Security	29d ago Mar 27th, 2026	Callback Phishing Out of band pivot Social engineering Content analysis File analysis Optical Character Recognition Natural Language Understanding Sender analysis
Callback phishing: SumUp infrastructure abuse	Sublime Security	7mo ago Sep 5th, 2025	BEC/Fraud Callback Phishing Evasion Social engineering Content analysis Header analysis Sender analysis
Callback phishing via Apple ID display name abuse	Sublime Security	17d ago Apr 8th, 2026	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Content analysis Natural Language Understanding Sender analysis

131 Rules

Page 1 of 3