Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Feb 6th, 2026

Feed Source

GitHub

Tactic or Technique is

Rule Name & Severity	Author	Last Updated	Labels
Link: HR impersonation with suspicious domain indicators and credential theft	Sublime Security	2mo ago Dec 3rd, 2025	Credential Phishing Impersonation: Employee Social engineering Lookalike domain Content analysis Natural Language Understanding Computer Vision URL analysis URL screenshot	/feeds/core/detection-rules/link-hr-impersonation-with-suspicious-domain-indicators-and-credential-theft-f31f8831
Link: Recipient domain in URL path	Sublime Security	26d ago Jan 12th, 2026	Credential Phishing Lookalike domain Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/link-recipient-domain-in-url-path-de08731f
Link to a domain with punycode characters	@ajpc500	2mo ago Nov 12th, 2025	Credential Phishing Evasion Lookalike domain Punycode Sender analysis URL analysis	/feeds/core/detection-rules/link-to-a-domain-with-punycode-characters-74b3698c
Lookalike sender domain (untrusted sender)	Sublime Security	6mo ago Jul 16th, 2025	BEC/Fraud Credential Phishing Malware/Ransomware Lookalike domain Social engineering Sender analysis	/feeds/core/detection-rules/lookalike-sender-domain-untrusted-sender-67721993
Punycode sender domain	Sublime Security	3y ago Aug 21st, 2023	Credential Phishing Malware/Ransomware Evasion Lookalike domain Punycode Social engineering Sender analysis	/feeds/core/detection-rules/punycode-sender-domain-bc3d8db5
Sharepoint link likely unrelated to sender	Sublime Security	26d ago Jan 12th, 2026	BEC/Fraud Credential Phishing Impersonation: Employee Lookalike domain OneNote PDF Social engineering URL analysis Sender analysis Header analysis HTML analysis	/feeds/core/detection-rules/sharepoint-link-likely-unrelated-to-sender-6870f489
Spam/fraud: Predatory journal/research paper request	Sublime Security	3mo ago Nov 3rd, 2025	BEC/Fraud Spam Social engineering Impersonation: Brand Lookalike domain Evasion Natural Language Understanding Content analysis Sender analysis URL analysis Whois	/feeds/core/detection-rules/spamfraud-predatory-journalresearch-paper-request-263ca56b
Suspected lookalike domain with suspicious language	Sublime Security	26d ago Jan 12th, 2026	BEC/Fraud Evasion Lookalike domain Social engineering Content analysis Natural Language Understanding Sender analysis Whois	/feeds/core/detection-rules/suspected-lookalike-domain-with-suspicious-language-3674ced0
Vendor impersonation: Thread hijacking with typosquat domain	Sublime Security	26d ago Jan 12th, 2026	BEC/Fraud Lookalike domain Social engineering Spoofing Content analysis Natural Language Understanding Sender analysis Whois	/feeds/core/detection-rules/vendor-impersonation-thread-hijacking-with-typosquat-domain-9c2f38ed

59 Rules

Page 2 of 2