Sublime Core Feed | Sublime Security

Sublime Core Feed
Login to Sublime
Sublime Core FeedThis repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Jan 8th, 2026
Feed Source
GitHub
Rule Name & Severity
Last Updated
Spam: Image as content with hidden HTML element
Sublime Security
5mo ago
Aug 5th, 2025
Spam
Evasion
Image as content
Content analysis
HTML analysis
Sender analysis
Spam
Evasion
Image as content
Content analysis
HTML analysis
Sender analysis
/feeds/core/detection-rules/spam-image-as-content-with-hidden-html-element-5de8861f
Spam: Item giveaway spam template
Sublime Security
5mo ago
Aug 5th, 2025
Spam
Image as content
Content analysis
HTML analysis
Sender analysis
Exif analysis
Spam
Image as content
Content analysis
HTML analysis
Sender analysis
Exif analysis
/feeds/core/detection-rules/spam-item-giveaway-spam-template-06a5f93b
Spam: Unsolicited WordPress account creation or password reset request
Sublime Security
1mo ago
Nov 24th, 2025
Spam
Social engineering
Header analysis
Sender analysis
URL analysis
Spam
Social engineering
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/spam-unsolicited-wordpress-account-creation-or-password-reset-request-e182b6b2
Spam: Website errors solicitation
Sublime Security
28d ago
Dec 11th, 2025
Spam
Content analysis
Sender analysis
Natural Language Understanding
Spam
Content analysis
Sender analysis
Natural Language Understanding
/feeds/core/detection-rules/spam-website-errors-solicitation-122ea794
Suspicious invoice reference with missing or image-only attachments
Sublime Security
1mo ago
Dec 2nd, 2025
Credential Phishing
Social engineering
Content analysis
Computer Vision
File analysis
Natural Language Understanding
Sender analysis
Credential Phishing
Social engineering
Content analysis
Computer Vision
File analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/suspicious-invoice-reference-with-missing-or-image-only-attachments-466c1680
Unicode QR code
Sublime Security
4mo ago
Aug 25th, 2025
Credential Phishing
Evasion
Content analysis
Sender analysis
QR code analysis
Credential Phishing
Evasion
Content analysis
Sender analysis
QR code analysis
/feeds/core/detection-rules/unicode-qr-code-1a0bdd25
Venmo payment request abuse
Sublime Security
4mo ago
Sep 5th, 2025
Callback Phishing
BEC/Fraud
Social engineering
Impersonation: Brand
Evasion
Natural Language Understanding
Content analysis
Sender analysis
HTML analysis
Callback Phishing
BEC/Fraud
Social engineering
Impersonation: Brand
Evasion
Natural Language Understanding
Content analysis
Sender analysis
HTML analysis
/feeds/core/detection-rules/venmo-payment-request-abuse-4450639a
VIP impersonation: Fake thread with display name match, email mismatch
Sublime Security
2y ago
Jul 29th, 2024
BEC/Fraud
Evasion
Impersonation: VIP
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
Whois
BEC/Fraud
Evasion
Impersonation: VIP
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
Whois
/feeds/core/detection-rules/vip-impersonation-fake-thread-with-display-name-match-email-mismatch-11cc3e28
VIP impersonation with charitable donation fraud
Sublime Security
1mo ago
Nov 12th, 2025
BEC/Fraud
Impersonation: Employee
Impersonation: VIP
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Impersonation: Employee
Impersonation: VIP
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/vip-impersonation-with-charitable-donation-fraud-35a56b8e
Zoom Events newsletter abuse
Sublime Security
3mo ago
Sep 22nd, 2025
Credential Phishing
Free file host
Free subdomain host
Social engineering
Impersonation: Brand
Header analysis
HTML analysis
Natural Language Understanding
URL analysis
Credential Phishing
Free file host
Free subdomain host
Social engineering
Impersonation: Brand
Header analysis
HTML analysis
Natural Language Understanding
URL analysis
/feeds/core/detection-rules/zoom-events-newsletter-abuse-c8fce846
110 Rules
Page 3 of 3