Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Jan 23rd, 2026

Feed Source

GitHub

Tactic or Technique is

Rule Name & Severity	Author	Last Updated	Labels
Brand impersonation: Purdue ePlanroom with suspicious links	Sublime Security	1mo ago Dec 2nd, 2025	Credential Phishing BEC/Fraud Impersonation: Brand Social engineering Content analysis Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-purdue-eplanroom-with-suspicious-links-4db5b0b6
Brand impersonation: Quickbooks	Sublime Security	9d ago Jan 15th, 2026	Callback Phishing Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-quickbooks-4fd791d1
Brand impersonation: QuickBooks notification from Intuit themed company name	Sublime Security	12d ago Jan 12th, 2026	Callback Phishing Credential Phishing BEC/Fraud Evasion Social engineering Content analysis Sender analysis Header analysis	/feeds/core/detection-rules/brand-impersonation-quickbooks-notification-from-intuit-themed-company-name-42058fc4
Brand impersonation: Ripple	Sublime Security	6mo ago Jul 16th, 2025	Credential Phishing Impersonation: Brand Social engineering Sender analysis	/feeds/core/detection-rules/brand-impersonation-ripple-68b39736
Brand impersonation: Robert Half	Sublime Security	3mo ago Oct 1st, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-robert-half-74f8826c
Brand impersonation: SendGrid	Sublime Security	12d ago Jan 12th, 2026	BEC/Fraud Credential Phishing Spam Impersonation: Brand Social engineering Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-sendgrid-d800124f
Brand impersonation: Sharepoint	Sublime Security	14d ago Jan 10th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/brand-impersonation-sharepoint-284b1b70
Brand impersonation: Sharepoint fake file share	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Impersonation: Brand Social engineering Content analysis Header analysis URL analysis Computer Vision	/feeds/core/detection-rules/brand-impersonation-sharepoint-fake-file-share-ff8b296b
Brand impersonation: SharePoint PDF attachment with credential theft language	Sublime Security	2mo ago Nov 7th, 2025	Credential Phishing Impersonation: Brand Social engineering PDF Evasion Computer Vision File analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis Header analysis Whois	/feeds/core/detection-rules/brand-impersonation-sharepoint-pdf-attachment-with-credential-theft-language-ae3756fa
Brand Impersonation: Shein	Sublime Security	3mo ago Oct 15th, 2025	Credential Phishing Spam Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-shein-b5843f22
Brand impersonation: Silicon Valley Bank	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Sender analysis Whois	/feeds/core/detection-rules/brand-impersonation-silicon-valley-bank-a01f61d9
Brand impersonation: SiriusXM	Sublime Security	5mo ago Aug 5th, 2025	Callback Phishing Credential Phishing Spam Free email provider Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-siriusxm-70eb3792
Brand impersonation: Spotify	Sublime Security	6mo ago Jul 16th, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Sender analysis	/feeds/core/detection-rules/brand-impersonation-spotify-70e80f91
Brand impersonation: Square	Sublime Security	3mo ago Oct 16th, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-square-63f9b449
Brand impersonation: Squarespace	Sublime Security	4mo ago Sep 11th, 2025	Credential Phishing Impersonation: Brand Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-squarespace-f806de6f
Brand impersonation: State Farm	Sublime Security	1mo ago Dec 17th, 2025	Credential Phishing Impersonation: Brand Social engineering Spoofing Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-state-farm-bcf7eba0
Brand impersonation: Stellar Development Foundation (SDF)	Sublime Security	6mo ago Jul 16th, 2025	Credential Phishing Impersonation: Brand Social engineering Sender analysis	/feeds/core/detection-rules/brand-impersonation-stellar-development-foundation-sdf-2af9ab94
Brand Impersonation: Stripe	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-stripe-862d4654
Brand impersonation: Stripe notification	Sublime Security	3mo ago Sep 26th, 2025	Credential Phishing Evasion Impersonation: Brand Social engineering Content analysis Header analysis URL analysis Whois	/feeds/core/detection-rules/brand-impersonation-stripe-notification-3ffd2b03
Brand impersonation: Sublime Security	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Sender analysis	/feeds/core/detection-rules/brand-impersonation-sublime-security-949484ed
Brand impersonation: Survey request with credential theft indicators	Sublime Security	2mo ago Nov 8th, 2025	Credential Phishing Social engineering Impersonation: Brand Spoofing Content analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/brand-impersonation-survey-request-with-credential-theft-indicators-ea1c0e09
Brand impersonation: TikTok	Sublime Security	2mo ago Oct 30th, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-tiktok-aaacc8b7
Brand impersonation: Toronto-Dominion Bank	Sublime Security	3mo ago Oct 22nd, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-toronto-dominion-bank-2dc16a55
Brand impersonation: Trust Wallet	Sublime Security	5mo ago Aug 5th, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Natural Language Understanding Sender analysis Header analysis	/feeds/core/detection-rules/brand-impersonation-trust-wallet-e456974c
Brand impersonation: TurboTax	Sublime Security	7mo ago Jun 12th, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Sender analysis	/feeds/core/detection-rules/brand-impersonation-turbotax-90084031
Brand impersonation: Twitter	Sublime Security	2mo ago Nov 13th, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Sender analysis	/feeds/core/detection-rules/brand-impersonation-twitter-013c32c2
Brand impersonation: UK government Home Office	Sublime Security	12d ago Jan 12th, 2026	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Lookalike domain Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-uk-government-home-office-f35d846a
Brand impersonation: ukr[.]net	Sublime Security	3y ago Aug 21st, 2023	Credential Phishing Impersonation: Brand Social engineering Sender analysis Threat intelligence	/feeds/core/detection-rules/brand-impersonation-ukrnet-3cb4015f
Brand impersonation: United Healthcare	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-united-healthcare-f8dfff1a
Brand impersonation: UPS	Sublime Security	4mo ago Sep 22nd, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Sender analysis	/feeds/core/detection-rules/brand-impersonation-ups-73b68869
Brand impersonation: USPS	Sublime Security	4d ago Jan 20th, 2026	Credential Phishing Image as content Impersonation: Brand Social engineering Computer Vision Content analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/brand-impersonation-usps-28b9130a
Brand impersonation: Vanta	@itsRobPicard	2y ago Apr 23rd, 2024	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Sender analysis	/feeds/core/detection-rules/brand-impersonation-vanta-883d4382
Brand impersonation: Venmo	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Sender analysis	/feeds/core/detection-rules/brand-impersonation-venmo-0ab15d4f
Brand impersonation: Wells Fargo	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Content analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-wells-fargo-02d7301f
Brand impersonation: Wise	Sublime Security	1mo ago Dec 12th, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/brand-impersonation-wise-01480f95
Brand impersonation: Wix	Sublime Security	4mo ago Sep 23rd, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-wix-45e7b99f
Brand impersonation: Xodo Sign	Sublime Security	8d ago Jan 16th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-xodo-sign-e6139052
Brand impersonation: Zoom	Sublime Security	4mo ago Sep 22nd, 2025	Credential Phishing Impersonation: Brand Social engineering Evasion Computer Vision Content analysis HTML analysis Natural Language Understanding URL analysis	/feeds/core/detection-rules/brand-impersonation-zoom-5abad540
Brand impersonation: Zoom (strict)	Sublime Security	2y ago Aug 4th, 2024	Credential Phishing Impersonation: Brand Social engineering Sender analysis	/feeds/core/detection-rules/brand-impersonation-zoom-strict-00f3d94f
Business Email Compromise (BEC) attempt from unsolicited sender	Sublime Security	6mo ago Jul 16th, 2025	BEC/Fraud Social engineering Spoofing Content analysis File analysis Header analysis Sender analysis	/feeds/core/detection-rules/business-email-compromise-bec-attempt-from-unsolicited-sender-57eccc45
Business Email Compromise (BEC) attempt from untrusted sender	Sublime Security	12d ago Jan 12th, 2026	BEC/Fraud Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/business-email-compromise-bec-attempt-from-untrusted-sender-96d4c35a
Business Email Compromise (BEC) attempt from untrusted sender (French/Français)	Sublime Security	6mo ago Jul 16th, 2025	BEC/Fraud Social engineering Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/business-email-compromise-bec-attempt-from-untrusted-sender-frenchfrancais-b7d1e096
Business Email Compromise (BEC) with request for mobile number	Sublime Security	12d ago Jan 12th, 2026	BEC/Fraud Social engineering Content analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/business-email-compromise-bec-with-request-for-mobile-number-514ffd68
Business Email Compromise: Request for mobile number via reply thread hijacking	Sublime Security	12d ago Jan 12th, 2026	BEC/Fraud Social engineering Content analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/business-email-compromise-request-for-mobile-number-via-reply-thread-hijacking-0282f346
Callback phishing: AOL senders with suspicious HTML template or PDF attachment	Sublime Security	12d ago Jan 12th, 2026	Callback Phishing Free email provider Social engineering Content analysis Header analysis File analysis HTML analysis Exif analysis Sender analysis	/feeds/core/detection-rules/callback-phishing-aol-senders-with-suspicious-html-template-or-pdf-attachment-f6044eed
Callback phishing: Branded invoice from sender/reply-to domain less than 30 days old	Sublime Security	3mo ago Oct 17th, 2025	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Header analysis Natural Language Understanding Optical Character Recognition Whois	/feeds/core/detection-rules/callback-phishing-branded-invoice-from-senderreply-to-domain-less-than-30-days-old-e6f4af53
Callback phishing in body or attachment (untrusted sender)	Sublime Security	2d ago Jan 22nd, 2026	Callback Phishing Out of band pivot Social engineering Content analysis File analysis Optical Character Recognition Natural Language Understanding Sender analysis	/feeds/core/detection-rules/callback-phishing-in-body-or-attachment-untrusted-sender-b93c6f94
Callback phishing: Social Security Administration fraud	Sublime Security	12d ago Jan 12th, 2026	Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis	/feeds/core/detection-rules/callback-phishing-social-security-administration-fraud-a9049d52
Callback phishing solicitation in message body	Sublime Security	3mo ago Oct 17th, 2025	Callback Phishing Free email provider Impersonation: Brand Out of band pivot Social engineering File analysis Sender analysis	/feeds/core/detection-rules/callback-phishing-solicitation-in-message-body-10a3a446
Callback phishing: SumUp infrastructure abuse	Sublime Security	4mo ago Sep 5th, 2025	BEC/Fraud Callback Phishing Evasion Social engineering Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/callback-phishing-sumup-infrastructure-abuse-1c41649e

468 Rules

Page 4 of 10