Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Mar 27th, 2026

Feed Source

GitHub

Tactic or Technique is

Rule Name & Severity	Author	Last Updated	Labels
Reconnaissance: Hotel booking reply-to redirect	Sublime Security	2mo ago Jan 27th, 2026	BEC/Fraud Free email provider Social engineering Content analysis Header analysis Sender analysis
Reconnaissance: Short generic greeting message	Sublime Security	2mo ago Jan 27th, 2026	BEC/Fraud Callback Phishing Social engineering Free email provider Content analysis Header analysis Natural Language Understanding Sender analysis
Request for Quote or Purchase (RFQ\|RFP) with suspicious sender or recipient pattern	Sublime Security	21d ago Mar 9th, 2026	BEC/Fraud Evasion Free email provider Content analysis Natural Language Understanding URL analysis
Scam: Piano giveaway	Sublime Security	3mo ago Dec 11th, 2025	BEC/Fraud Free email provider Content analysis Natural Language Understanding Sender analysis
Service abuse: Free provider with SendGrid routing	Sublime Security	2mo ago Jan 8th, 2026	Credential Phishing Free email provider Evasion Header analysis Sender analysis
Service abuse: Google Drive share from an unsolicited reply-to address	Sublime Security	7mo ago Aug 5th, 2025	BEC/Fraud Callback Phishing Credential Phishing Free email provider Social engineering Free file host Header analysis Sender analysis
Service abuse: Google Drive share from new reply-to domain	Sublime Security	4mo ago Nov 13th, 2025	BEC/Fraud Callback Phishing Credential Phishing Free email provider Social engineering Free file host Header analysis Sender analysis Whois
Spam: Default Microsoft Exchange Online sender domain (onmicrosoft.com)	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Credential Phishing Spam Free email provider Impersonation: Brand Social engineering Content analysis Sender analysis
Spam: Fake dating profile notification	Sublime Security	10d ago Mar 20th, 2026	Spam Free email provider Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis
Spam: New link domain (<=10d) and emojis	Sublime Security	8mo ago Jul 16th, 2025	Spam Free email provider Content analysis Sender analysis URL analysis Whois
Spam: Sexually explicit content with emoji in subject from freemail provider	Sublime Security	20d ago Mar 10th, 2026	Spam Free email provider Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Spam: Sexually explicit Google Drive share	Sublime Security	7mo ago Aug 5th, 2025	Spam Social engineering Free email provider Content analysis Sender analysis
Spam: Sexually explicit Google group invitation	Sublime Security	4mo ago Nov 12th, 2025	Spam Free email provider Social engineering Content analysis Sender analysis
Spam: Sexually explicit Looker Studio report	Sublime Security	5mo ago Oct 2nd, 2025	Spam Social engineering Free email provider Content analysis Sender analysis
Spam: SMTP & Proxy Communications in Email Body	Sublime Security	3mo ago Dec 2nd, 2025	Spam Free email provider Content analysis
Spam: Unsolicited malformed PDF	Sublime Security	8mo ago Jul 16th, 2025	Spam Evasion Free email provider PDF Content analysis File analysis Sender analysis
Spam: URL shortener with short body content and emojis	Sublime Security	2mo ago Jan 12th, 2026	Spam Free email provider Content analysis Sender analysis URL analysis
Suspicious mailer received from Gmail servers	Sublime Security	8mo ago Jul 16th, 2025	Callback Phishing Spam Free email provider Social engineering Header analysis
Suspicious request for financial information	Sublime Security	3mo ago Dec 6th, 2025	BEC/Fraud Free email provider Impersonation: Employee Impersonation: VIP Social engineering Content analysis Header analysis Sender analysis
Suspicious SharePoint file sharing	Sublime Security	7mo ago Aug 5th, 2025	Credential Phishing Free email provider Free file host OneNote PDF Content analysis Header analysis Sender analysis URL analysis
VIP Impersonation via Google Group relay with suspicious indicators	Sublime Security	4mo ago Nov 12th, 2025	BEC/Fraud Credential Phishing Malware/Ransomware Evasion Free email provider Impersonation: Employee Social engineering Spoofing Content analysis Header analysis Natural Language Understanding Sender analysis

71 Rules

Page 2 of 2