Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Jun 24th, 2026

Feed Source

GitHub

Rule Name & Severity	Author	Last Updated	Labels
Abuse: Robinhood injected content	Sublime Security	1mo ago Apr 30th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis HTML analysis Sender analysis
Advance Fee Fraud (AFF) from freemail provider or suspicious TLD	Sublime Security	9d ago Jun 15th, 2026	BEC/Fraud Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Anthropic Magic String in HTML	Sublime Security	4mo ago Feb 9th, 2026	Malware/Ransomware Exploit Content analysis
Attachment: Adobe image lure in body or attachment with suspicious link	Sublime Security	19d ago Jun 5th, 2026	Credential Phishing Image as content Impersonation: Brand Content analysis Computer Vision Optical Character Recognition Sender analysis URL analysis
Attachment: Callback phishing solicitation via pdf file	Sublime Security	19d ago Jun 5th, 2026	Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis
Attachment: EML containing a base64 encoded script	Sublime Security	5mo ago Jan 12th, 2026	Credential Phishing Evasion HTML smuggling Scripting Social engineering File analysis HTML analysis Sender analysis
Attachment: EML file contains HTML attachment with login portal indicators	Sublime Security	19d ago Jun 5th, 2026	Credential Phishing Evasion HTML smuggling Content analysis File analysis Header analysis HTML analysis Javascript analysis Sender analysis
Attachment: EML file with HTML attachment (unsolicited)	Sublime Security	10mo ago Aug 20th, 2025	Credential Phishing Malware/Ransomware Evasion HTML smuggling Content analysis File analysis Header analysis HTML analysis Sender analysis
Attachment: EML with link to credential phishing page	Sublime Security	11mo ago Jul 16th, 2025	Credential Phishing Evasion Free file host Free subdomain host Social engineering Computer Vision Content analysis File analysis Header analysis HTML analysis Natural Language Understanding Optical Character Recognition URL analysis URL screenshot
Attachment: EML with Sharepoint link likely unrelated to sender	Sublime Security	9mo ago Sep 23rd, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Evasion File analysis URL analysis Header analysis Sender analysis
Attachment: EML with suspicious indicators	Sublime Security	5mo ago Jan 12th, 2026	Credential Phishing Evasion HTML smuggling Social engineering Content analysis File analysis
Attachment: Fake attachment image lure	Sublime Security	19d ago Jun 5th, 2026	Credential Phishing Malware/Ransomware Evasion Image as content Social engineering File analysis Natural Language Understanding Optical Character Recognition
BEC/Fraud: Job scam fake thread or plaintext pivot to freemail	Sublime Security	19d ago Jun 5th, 2026	BEC/Fraud Free email provider Out of band pivot Content analysis File analysis Natural Language Understanding
BEC/Fraud: Student loan callback phishing	Sublime Security	1mo ago May 4th, 2026	BEC/Fraud Free email provider Out of band pivot Social engineering Content analysis Natural Language Understanding Sender analysis
Body: Embedded email headers indicative of thread hijacking/abuse	Sublime Security	6mo ago Dec 1st, 2025	Credential Phishing BEC/Fraud Spam Evasion Social engineering Spoofing Content analysis Header analysis Sender analysis
Body: Fake secure email portal with HTML obfuscation	Sublime Security	6d ago Jun 18th, 2026	Credential Phishing Evasion Social engineering Spoofing Content analysis HTML analysis URL analysis Sender analysis Threat intelligence
Body HTML: Comment with 24-character hex token	Sublime Security	3mo ago Mar 17th, 2026	Spam Evasion Content analysis HTML analysis
Body HTML: Recipient SLD in HTML class	Sublime Security	9mo ago Sep 23rd, 2025	Credential Phishing Evasion Social engineering HTML analysis Header analysis Sender analysis
Body: HTML whitespace stuffing with short initial message	Sublime Security	26d ago May 29th, 2026	Credential Phishing Evasion Social engineering Content analysis HTML analysis Header analysis
Body: Yellow highlighted text markers	Sublime Security	8d ago Jun 16th, 2026	Credential Phishing BEC/Fraud Evasion HTML analysis Content analysis
Brand impersonation: Adobe Sign with suspicious indicators	Sublime Security	14d ago Jun 10th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis HTML analysis Sender analysis
Brand impersonation: Booking.com	Sublime Security	1mo ago May 6th, 2026	Credential Phishing Impersonation: Brand Social engineering Natural Language Understanding Header analysis Sender analysis
Brand impersonation: Capital One	Sublime Security	19d ago Jun 5th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Sender analysis Header analysis
Brand impersonation: Cloud services with credential theft intent	Sublime Security	6d ago Jun 18th, 2026	Credential Phishing Social engineering Content analysis Natural Language Understanding Sender analysis URL analysis
Brand impersonation: DocuSign	Sublime Security	23d ago Jun 1st, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Spoofing Header analysis Sender analysis URL analysis
Brand impersonation: Dropbox	Sublime Security	4mo ago Feb 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis File analysis Header analysis Sender analysis
Brand impersonation: Evite	Sublime Security	5mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Sender analysis
Brand impersonation: Fake DocuSign HTML table not linking to DocuSign domains	Sublime Security	19d ago Jun 5th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis HTML analysis Header analysis Sender analysis URL analysis
Brand impersonation: Fake Fax	Sublime Security	7d ago Jun 17th, 2026	Credential Phishing Impersonation: Brand Image as content Free file host Free subdomain host Social engineering Computer Vision Content analysis Optical Character Recognition Sender analysis URL analysis
Brand impersonation: Figma with malicious document access overlay	Sublime Security	28d ago May 27th, 2026	Credential Phishing Impersonation: Brand Social engineering Image as content Sender analysis HTML analysis URL screenshot Optical Character Recognition URL analysis
Brand impersonation: File sharing notification with template artifacts	Sublime Security	5mo ago Jan 23rd, 2026	Credential Phishing Impersonation: Brand Social engineering Evasion HTML analysis Computer Vision Content analysis Header analysis
Brand impersonation: Google Drive fake file share	Sublime Security	3h ago Jun 24th, 2026	Credential Phishing Malware/Ransomware Impersonation: Brand Social engineering Content analysis Header analysis URL analysis Computer Vision
Brand impersonation: Google Meet with malicious link	Sublime Security	4mo ago Feb 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis URL analysis
Brand impersonation: Google using Microsoft Forms	Sublime Security	5mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis Sender analysis
Brand impersonation: Google Workspace alert notification	Sublime Security	6mo ago Dec 2nd, 2025	Credential Phishing Impersonation: Brand Social engineering Lookalike domain Header analysis Content analysis Sender analysis URL analysis
Brand impersonation: Greenvelope	Sublime Security	6mo ago Dec 1st, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis Sender analysis
Brand impersonation: Mailgun	Sublime Security	5mo ago Jan 12th, 2026	Credential Phishing BEC/Fraud Impersonation: Brand Sender analysis
Brand impersonation: Microsoft logo in HTML with fake quarantine release notification	Sublime Security	6mo ago Dec 10th, 2025	Credential Phishing Evasion Impersonation: Brand Social engineering Content analysis HTML analysis Sender analysis
Brand impersonation: Microsoft (QR code)	Sublime Security	5mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand PDF QR code Social engineering Computer Vision Header analysis QR code analysis Sender analysis
Brand impersonation: Microsoft Teams invitation	Sublime Security	4mo ago Feb 6th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis HTML analysis URL analysis
Brand impersonation: Microsoft with low reputation links	Sublime Security	19d ago Jun 5th, 2026	Credential Phishing Free file host Image as content Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis
Brand impersonation: Paperless Post	Sublime Security	1mo ago May 18th, 2026	Credential Phishing Malware/Ransomware Impersonation: Brand Content analysis Header analysis HTML analysis Sender analysis URL analysis
Brand impersonation: Punchbowl	Sublime Security	1mo ago Apr 27th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Sender analysis
Brand impersonation: QuickBooks notification from Intuit themed company name	Sublime Security	5mo ago Jan 12th, 2026	Callback Phishing Credential Phishing BEC/Fraud Evasion Social engineering Content analysis Sender analysis Header analysis
Brand impersonation: Robinhood	Sublime Security	19d ago Jun 5th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis URL analysis
Brand impersonation: Sharepoint	Sublime Security	23d ago Jun 1st, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Natural Language Understanding Sender analysis
Brand impersonation: Sharepoint fake file share	Sublime Security	5mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Impersonation: Brand Social engineering Content analysis Header analysis URL analysis Computer Vision
Brand impersonation: SharePoint PDF attachment with credential theft language	Sublime Security	1mo ago May 4th, 2026	Credential Phishing Impersonation: Brand Social engineering PDF Evasion Computer Vision File analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis Header analysis Whois
Brand impersonation: Social Security Administration	Sublime Security	13d ago Jun 11th, 2026	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Sender analysis URL analysis
Brand impersonation: UK government Home Office	Sublime Security	5mo ago Jan 12th, 2026	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Lookalike domain Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis

146 Rules

Page 1 of 3