Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Mar 30th, 2026

Feed Source

GitHub

Tactic or Technique is

Rule Name & Severity	Author	Last Updated	Labels
Link: HR impersonation with suspicious domain indicators and credential theft	Sublime Security	3mo ago Dec 3rd, 2025	Credential Phishing Impersonation: Employee Social engineering Lookalike domain Content analysis Natural Language Understanding Computer Vision URL analysis URL screenshot
Link: Recipient domain in URL path	Sublime Security	2mo ago Jan 12th, 2026	Credential Phishing Lookalike domain Header analysis Sender analysis URL analysis
Link to a domain with punycode characters	@ajpc500	4mo ago Nov 12th, 2025	Credential Phishing Evasion Lookalike domain Punycode Sender analysis URL analysis
Lookalike sender domain (untrusted sender)	Sublime Security	5d ago Mar 25th, 2026	BEC/Fraud Credential Phishing Malware/Ransomware Lookalike domain Social engineering Sender analysis
Punycode sender domain	Sublime Security	3y ago Aug 21st, 2023	Credential Phishing Malware/Ransomware Evasion Lookalike domain Punycode Social engineering Sender analysis
Sharepoint link likely unrelated to sender	Sublime Security	2mo ago Jan 12th, 2026	BEC/Fraud Credential Phishing Impersonation: Employee Lookalike domain OneNote PDF Social engineering URL analysis Sender analysis Header analysis HTML analysis
Spam/fraud: Predatory journal/research paper request	Sublime Security	4mo ago Nov 3rd, 2025	BEC/Fraud Spam Social engineering Impersonation: Brand Lookalike domain Evasion Natural Language Understanding Content analysis Sender analysis URL analysis Whois
Suspected lookalike domain with suspicious language	Sublime Security	2mo ago Jan 12th, 2026	BEC/Fraud Evasion Lookalike domain Social engineering Content analysis Natural Language Understanding Sender analysis Whois
Vendor impersonation: Thread hijacking with typosquat domain	Sublime Security	2mo ago Jan 12th, 2026	BEC/Fraud Lookalike domain Social engineering Spoofing Content analysis Natural Language Understanding Sender analysis Whois

59 Rules

Page 2 of 2