Sublime Core Feed | Sublime Security

Sublime Core Feed
Login to Sublime
Sublime Core FeedThis repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Feb 12th, 2026
Feed Source
GitHub
Tactic or Technique is
Rule Name & Severity
Last Updated
Attachment with VBA macros from employee impersonation (unsolicited)
Sublime Security
1mo ago
Jan 12th, 2026
Malware/Ransomware
Impersonation: Employee
Macros
Social engineering
Archive analysis
File analysis
Macro analysis
Sender analysis
Malware/Ransomware
Impersonation: Employee
Macros
Social engineering
Archive analysis
File analysis
Macro analysis
Sender analysis
/feeds/core/detection-rules/attachment-with-vba-macros-from-employee-impersonation-unsolicited-9b262123
BEC: Employee impersonation with subject manipulation
Sublime Security
28d ago
Jan 16th, 2026
BEC/Fraud
Impersonation: Employee
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Impersonation: Employee
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/bec-employee-impersonation-with-subject-manipulation-9adfc77b
Benefits enrollment impersonation
Sublime Security
1mo ago
Jan 12th, 2026
Credential Phishing
Evasion
Impersonation: Employee
Out of band pivot
Social engineering
Content analysis
Header analysis
Sender analysis
Credential Phishing
Evasion
Impersonation: Employee
Out of band pivot
Social engineering
Content analysis
Header analysis
Sender analysis
/feeds/core/detection-rules/benefits-enrollment-impersonation-5a6eb5a8
Canva infrastructure abuse
Sublime Security
7d ago
Feb 6th, 2026
BEC/Fraud
Callback Phishing
Social engineering
Impersonation: Brand
Impersonation: Employee
Free email provider
Natural Language Understanding
Sender analysis
Content analysis
BEC/Fraud
Callback Phishing
Social engineering
Impersonation: Brand
Impersonation: Employee
Free email provider
Natural Language Understanding
Sender analysis
Content analysis
/feeds/core/detection-rules/canva-infrastructure-abuse-b69fdb5c
Credential phishing: Generic document sharing
Sublime Security
8d ago
Feb 5th, 2026
Credential Phishing
BEC/Fraud
Social engineering
Evasion
Impersonation: Employee
Content analysis
Natural Language Understanding
URL analysis
Sender analysis
Credential Phishing
BEC/Fraud
Social engineering
Evasion
Impersonation: Employee
Content analysis
Natural Language Understanding
URL analysis
Sender analysis
/feeds/core/detection-rules/credential-phishing-generic-document-sharing-9f0e1d2c
Employee impersonation: Payroll fraud
Sublime Security
6mo ago
Aug 5th, 2025
BEC/Fraud
Impersonation: Employee
Free email provider
Social engineering
Content analysis
Sender analysis
BEC/Fraud
Impersonation: Employee
Free email provider
Social engineering
Content analysis
Sender analysis
/feeds/core/detection-rules/employee-impersonation-payroll-fraud-2beb7d85
Employee impersonation with urgent request (untrusted sender)
Sublime Security
1mo ago
Jan 12th, 2026
BEC/Fraud
Impersonation: Employee
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Impersonation: Employee
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/employee-impersonation-with-urgent-request-untrusted-sender-1ce9a146
Headers: System account impersonation with empty sender address
Sublime Security
1mo ago
Jan 12th, 2026
BEC/Fraud
Credential Phishing
Impersonation: Employee
Social engineering
Spoofing
Header analysis
Sender analysis
Natural Language Understanding
BEC/Fraud
Credential Phishing
Impersonation: Employee
Social engineering
Spoofing
Header analysis
Sender analysis
Natural Language Understanding
/feeds/core/detection-rules/headers-system-account-impersonation-with-empty-sender-address-887f7953
Impersonation: Human Resources with link or attachment and engaging language
Sublime Security
7mo ago
Jul 16th, 2025
BEC/Fraud
Credential Phishing
Impersonation: Employee
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Credential Phishing
Impersonation: Employee
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/impersonation-human-resources-with-link-or-attachment-and-engaging-language-8c95a6a8
Impersonation: Internal corporate services
Sublime Security
16d ago
Jan 28th, 2026
Credential Phishing
Impersonation: Employee
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Credential Phishing
Impersonation: Employee
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/impersonation-internal-corporate-services-3cd04f33
Link: HR impersonation with suspicious domain indicators and credential theft
Sublime Security
2mo ago
Dec 3rd, 2025
Credential Phishing
Impersonation: Employee
Social engineering
Lookalike domain
Content analysis
Natural Language Understanding
Computer Vision
URL analysis
URL screenshot
Credential Phishing
Impersonation: Employee
Social engineering
Lookalike domain
Content analysis
Natural Language Understanding
Computer Vision
URL analysis
URL screenshot
/feeds/core/detection-rules/link-hr-impersonation-with-suspicious-domain-indicators-and-credential-theft-f31f8831
Link: SharePoint filename matches org name
Sublime Security
7d ago
Feb 6th, 2026
Credential Phishing
Impersonation: Employee
Social engineering
Content analysis
URL analysis
Credential Phishing
Impersonation: Employee
Social engineering
Content analysis
URL analysis
/feeds/core/detection-rules/link-sharepoint-filename-matches-org-name-cb954726
Service Abuse: Box file sharing with credential phishing intent
Sublime Security
1mo ago
Jan 12th, 2026
Credential Phishing
BEC/Fraud
Callback Phishing
Evasion
Social engineering
Impersonation: Employee
Impersonation: VIP
Content analysis
Natural Language Understanding
Sender analysis
Header analysis
Credential Phishing
BEC/Fraud
Callback Phishing
Evasion
Social engineering
Impersonation: Employee
Impersonation: VIP
Content analysis
Natural Language Understanding
Sender analysis
Header analysis
/feeds/core/detection-rules/service-abuse-box-file-sharing-with-credential-phishing-intent-5bd0cb25
Sharepoint link likely unrelated to sender
Sublime Security
1mo ago
Jan 12th, 2026
BEC/Fraud
Credential Phishing
Impersonation: Employee
Lookalike domain
OneNote
PDF
Social engineering
URL analysis
Sender analysis
Header analysis
HTML analysis
BEC/Fraud
Credential Phishing
Impersonation: Employee
Lookalike domain
OneNote
PDF
Social engineering
URL analysis
Sender analysis
Header analysis
HTML analysis
/feeds/core/detection-rules/sharepoint-link-likely-unrelated-to-sender-6870f489
Suspicious attachment with unscannable Cloudflare link
Sublime Security
1mo ago
Jan 12th, 2026
Credential Phishing
Evasion
PDF
Social engineering
Impersonation: Employee
Impersonation: VIP
File analysis
URL analysis
Sender analysis
Content analysis
Header analysis
Natural Language Understanding
Credential Phishing
Evasion
PDF
Social engineering
Impersonation: Employee
Impersonation: VIP
File analysis
URL analysis
Sender analysis
Content analysis
Header analysis
Natural Language Understanding
/feeds/core/detection-rules/suspicious-attachment-with-unscannable-cloudflare-link-00f92b6f
Suspicious request for financial information
Sublime Security
2mo ago
Dec 6th, 2025
BEC/Fraud
Free email provider
Impersonation: Employee
Impersonation: VIP
Social engineering
Content analysis
Header analysis
Sender analysis
BEC/Fraud
Free email provider
Impersonation: Employee
Impersonation: VIP
Social engineering
Content analysis
Header analysis
Sender analysis
/feeds/core/detection-rules/suspicious-request-for-financial-information-4ebdaa4d
VIP Impersonation via Google Group relay with suspicious indicators
Sublime Security
3mo ago
Nov 12th, 2025
BEC/Fraud
Credential Phishing
Malware/Ransomware
Evasion
Free email provider
Impersonation: Employee
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Credential Phishing
Malware/Ransomware
Evasion
Free email provider
Impersonation: Employee
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/vip-impersonation-via-google-group-relay-with-suspicious-indicators-57f9cd3b
VIP impersonation with charitable donation fraud
Sublime Security
3mo ago
Nov 12th, 2025
BEC/Fraud
Impersonation: Employee
Impersonation: VIP
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Impersonation: Employee
Impersonation: VIP
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/vip-impersonation-with-charitable-donation-fraud-35a56b8e
Xero invoice abuse
Sublime Security
1mo ago
Dec 17th, 2025
BEC/Fraud
Credential Phishing
Impersonation: Brand
Impersonation: Employee
Social engineering
Natural Language Understanding
Content analysis
Sender analysis
BEC/Fraud
Credential Phishing
Impersonation: Brand
Impersonation: Employee
Social engineering
Natural Language Understanding
Content analysis
Sender analysis
/feeds/core/detection-rules/xero-invoice-abuse-6538c600
19 Rules