Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Apr 24th, 2026

Feed Source

GitHub

Tactic or Technique is

Rule Name & Severity	Author	Last Updated	Labels
Brand impersonation: Bank of America	Sublime Security	24d ago Mar 31st, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis
Brand impersonation: Barracuda Networks	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis
Brand impersonation: Binance	Sublime Security	7mo ago Sep 3rd, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis HTML analysis Natural Language Understanding Sender analysis
Brand impersonation: Blockchain[.]com	Sublime Security	3mo ago Jan 21st, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis
Brand impersonation: Booking.com	Sublime Security	1mo ago Mar 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Natural Language Understanding Header analysis Sender analysis
Brand impersonation: Box file sharing service	Sublime Security	7mo ago Sep 23rd, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Sender analysis
Brand impersonation: Capital One	Sublime Security	5mo ago Nov 17th, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Sender analysis Header analysis
Brand impersonation: Charles Schwab	Sublime Security	7mo ago Sep 3rd, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis
Brand impersonation: Chase Bank	Sublime Security	1mo ago Mar 2nd, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis
Brand impersonation: Chase bank with credential phishing indicators	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Natural Language Understanding Sender analysis URL analysis
Brand impersonation: Coinbase	Sublime Security	5mo ago Nov 4th, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis
Brand impersonation: Dashlane	Sublime Security	9mo ago Jul 16th, 2025	Credential Phishing Impersonation: Brand Social engineering Header analysis Sender analysis
Brand impersonation: DHL	Sublime Security	4mo ago Dec 1st, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis
Brand impersonation: DigitalOcean	Sublime Security	7mo ago Sep 18th, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis
Brand impersonation: Discord notification	Sublime Security	6mo ago Oct 23rd, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis
Brand Impersonation: Disney	Sublime Security	1mo ago Mar 4th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision Natural Language Understanding Content analysis Header analysis Sender analysis
Brand impersonation: DocSend	Sublime Security	1mo ago Mar 18th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis
Brand impersonation: DocuSign	Sublime Security	7d ago Apr 17th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Spoofing Header analysis Sender analysis URL analysis
Brand impersonation: DocuSign branded attachment lure with no DocuSign links	Sublime Security	6mo ago Oct 22nd, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL screenshot
Brand impersonation: DocuSign PDF attachment with suspicious link	Sublime Security	6mo ago Oct 22nd, 2025	Credential Phishing Impersonation: Brand PDF Social engineering File analysis Natural Language Understanding Optical Character Recognition URL analysis
Brand impersonation: DocuSign (QR code)	Sublime Security	6mo ago Oct 15th, 2025	Credential Phishing Impersonation: Brand PDF QR code Social engineering Computer Vision Header analysis QR code analysis Sender analysis
Brand impersonation: DoorDash	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Header analysis Sender analysis
Brand impersonation: Dotloop	Sublime Security	9mo ago Jul 16th, 2025	Credential Phishing Impersonation: Brand Social engineering Header analysis Sender analysis
Brand impersonation: Dropbox	Sublime Security	2mo ago Feb 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis File analysis Header analysis Sender analysis
Brand impersonation: Enbridge	Sublime Security	1y ago Jan 24th, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis
Brand impersonation: Evite	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Sender analysis
Brand impersonation: Exodus	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Header analysis Natural Language Understanding Sender analysis
Brand impersonation: Fake DocuSign HTML table not linking to DocuSign domains	Sublime Security	4mo ago Dec 10th, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis HTML analysis Header analysis Sender analysis URL analysis
Brand impersonation: Fake Fax	Sublime Security	2mo ago Feb 5th, 2026	Credential Phishing Impersonation: Brand Image as content Free file host Free subdomain host Social engineering Computer Vision Content analysis Optical Character Recognition Sender analysis URL analysis
Brand impersonation: Fastway	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Sender analysis
Brand impersonation: FedEx	Sublime Security	1mo ago Mar 16th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis
Brand impersonation: File sharing notification with template artifacts	Sublime Security	3mo ago Jan 23rd, 2026	Credential Phishing Impersonation: Brand Social engineering Evasion HTML analysis Computer Vision Content analysis Header analysis
Brand impersonation: FINRA	Sublime Security	6mo ago Oct 3rd, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis
Brand Impersonation: Gemini Trust Company	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis URL analysis Sender analysis Header analysis
Brand impersonation: Github	Sublime Security	5mo ago Nov 3rd, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis
Brand impersonation: GitHub with callback scam indicators	Sublime Security	1mo ago Mar 11th, 2026	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Content analysis Natural Language Understanding Sender analysis
Brand impersonation: GoDaddy	Sublime Security	7mo ago Sep 17th, 2025	Credential Phishing Impersonation: Brand Social engineering Header analysis Sender analysis
Brand impersonation: Google Careers	Sublime Security	5mo ago Nov 12th, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis URL analysis
Brand impersonation: Google Drive fake file share	Sublime Security	4mo ago Dec 19th, 2025	Credential Phishing Malware/Ransomware Impersonation: Brand Social engineering Content analysis Header analysis URL analysis Computer Vision
Brand impersonation: Google fake sign-in warning	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Optical Character Recognition Sender analysis URL analysis
Brand impersonation: Google Meet with malicious link	Sublime Security	2mo ago Feb 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis URL analysis
Brand impersonation: Google using Microsoft Forms	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis Sender analysis
Brand impersonation: Google Workspace alert notification	Sublime Security	4mo ago Dec 2nd, 2025	Credential Phishing Impersonation: Brand Social engineering Lookalike domain Header analysis Content analysis Sender analysis URL analysis
Brand impersonation: Greenvelope	Sublime Security	4mo ago Dec 1st, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis Sender analysis
Brand impersonation: Gusto	Sublime Security	2mo ago Feb 18th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Content analysis Header analysis Sender analysis
Brand impersonation: Hulu	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Spam Free email provider Impersonation: Brand Lookalike domain Social engineering Computer Vision Header analysis Sender analysis
Brand impersonation: Interac	Sublime Security	2y ago Sep 16th, 2024	BEC/Fraud Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Brand impersonation: Internal Revenue Service	Sublime Security	3mo ago Jan 12th, 2026	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Natural Language Understanding Optical Character Recognition Sender analysis
Brand impersonation: KnowBe4	Sublime Security	2y ago Nov 25th, 2024	Credential Phishing Spam Free email provider Impersonation: Brand Lookalike domain Social engineering Computer Vision Header analysis Sender analysis
Brand impersonation: LastPass	Sublime Security	1mo ago Mar 5th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Natural Language Understanding Sender analysis URL analysis Header analysis

564 Rules

Page 3 of 12