Sublime Core Feed | Sublime Security

Sublime Core Feed
Login to Sublime
Sublime Core FeedThis repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Mar 27th, 2026
Feed Source
GitHub
Tactic or Technique is
Rule Name & Severity
Last Updated
Attachment with VBA macros from employee impersonation (unsolicited)
Sublime Security
2mo ago
Jan 12th, 2026
Malware/Ransomware
Impersonation: Employee
Macros
Social engineering
Archive analysis
File analysis
Macro analysis
Sender analysis
Malware/Ransomware
Impersonation: Employee
Macros
Social engineering
Archive analysis
File analysis
Macro analysis
Sender analysis
BEC: Employee impersonation with subject manipulation
Sublime Security
2mo ago
Jan 16th, 2026
BEC/Fraud
Impersonation: Employee
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Impersonation: Employee
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
Benefits enrollment impersonation
Sublime Security
2mo ago
Jan 12th, 2026
Credential Phishing
Evasion
Impersonation: Employee
Out of band pivot
Social engineering
Content analysis
Header analysis
Sender analysis
Credential Phishing
Evasion
Impersonation: Employee
Out of band pivot
Social engineering
Content analysis
Header analysis
Sender analysis
Canva infrastructure abuse
Sublime Security
1mo ago
Feb 6th, 2026
BEC/Fraud
Callback Phishing
Social engineering
Impersonation: Brand
Impersonation: Employee
Free email provider
Natural Language Understanding
Sender analysis
Content analysis
BEC/Fraud
Callback Phishing
Social engineering
Impersonation: Brand
Impersonation: Employee
Free email provider
Natural Language Understanding
Sender analysis
Content analysis
Credential phishing: Generic document sharing
Sublime Security
1mo ago
Feb 14th, 2026
Credential Phishing
BEC/Fraud
Social engineering
Evasion
Impersonation: Employee
Content analysis
Natural Language Understanding
URL analysis
Sender analysis
Credential Phishing
BEC/Fraud
Social engineering
Evasion
Impersonation: Employee
Content analysis
Natural Language Understanding
URL analysis
Sender analysis
Employee impersonation: Payroll fraud
Sublime Security
7mo ago
Aug 5th, 2025
BEC/Fraud
Impersonation: Employee
Free email provider
Social engineering
Content analysis
Sender analysis
BEC/Fraud
Impersonation: Employee
Free email provider
Social engineering
Content analysis
Sender analysis
Employee impersonation with urgent request (untrusted sender)
Sublime Security
2mo ago
Jan 12th, 2026
BEC/Fraud
Impersonation: Employee
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Impersonation: Employee
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Headers: System account impersonation with empty sender address
Sublime Security
2mo ago
Jan 12th, 2026
BEC/Fraud
Credential Phishing
Impersonation: Employee
Social engineering
Spoofing
Header analysis
Sender analysis
Natural Language Understanding
BEC/Fraud
Credential Phishing
Impersonation: Employee
Social engineering
Spoofing
Header analysis
Sender analysis
Natural Language Understanding
Impersonation: Human Resources with link or attachment and engaging language
Sublime Security
8mo ago
Jul 16th, 2025
BEC/Fraud
Credential Phishing
Impersonation: Employee
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Credential Phishing
Impersonation: Employee
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Impersonation: Internal corporate services
Sublime Security
2mo ago
Jan 28th, 2026
Credential Phishing
Impersonation: Employee
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Credential Phishing
Impersonation: Employee
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Link: HR impersonation with suspicious domain indicators and credential theft
Sublime Security
3mo ago
Dec 3rd, 2025
Credential Phishing
Impersonation: Employee
Social engineering
Lookalike domain
Content analysis
Natural Language Understanding
Computer Vision
URL analysis
URL screenshot
Credential Phishing
Impersonation: Employee
Social engineering
Lookalike domain
Content analysis
Natural Language Understanding
Computer Vision
URL analysis
URL screenshot
Link: SharePoint filename matches org name
Sublime Security
1mo ago
Feb 6th, 2026
Credential Phishing
Impersonation: Employee
Social engineering
Content analysis
URL analysis
Credential Phishing
Impersonation: Employee
Social engineering
Content analysis
URL analysis
Service Abuse: Box file sharing with credential phishing intent
Sublime Security
2mo ago
Jan 12th, 2026
Credential Phishing
BEC/Fraud
Callback Phishing
Evasion
Social engineering
Impersonation: Employee
Impersonation: VIP
Content analysis
Natural Language Understanding
Sender analysis
Header analysis
Credential Phishing
BEC/Fraud
Callback Phishing
Evasion
Social engineering
Impersonation: Employee
Impersonation: VIP
Content analysis
Natural Language Understanding
Sender analysis
Header analysis
Sharepoint link likely unrelated to sender
Sublime Security
2mo ago
Jan 12th, 2026
BEC/Fraud
Credential Phishing
Impersonation: Employee
Lookalike domain
OneNote
PDF
Social engineering
URL analysis
Sender analysis
Header analysis
HTML analysis
BEC/Fraud
Credential Phishing
Impersonation: Employee
Lookalike domain
OneNote
PDF
Social engineering
URL analysis
Sender analysis
Header analysis
HTML analysis
Suspicious attachment with unscannable Cloudflare link
Sublime Security
2mo ago
Jan 12th, 2026
Credential Phishing
Evasion
PDF
Social engineering
Impersonation: Employee
Impersonation: VIP
File analysis
URL analysis
Sender analysis
Content analysis
Header analysis
Natural Language Understanding
Credential Phishing
Evasion
PDF
Social engineering
Impersonation: Employee
Impersonation: VIP
File analysis
URL analysis
Sender analysis
Content analysis
Header analysis
Natural Language Understanding
Suspicious request for financial information
Sublime Security
3mo ago
Dec 6th, 2025
BEC/Fraud
Free email provider
Impersonation: Employee
Impersonation: VIP
Social engineering
Content analysis
Header analysis
Sender analysis
BEC/Fraud
Free email provider
Impersonation: Employee
Impersonation: VIP
Social engineering
Content analysis
Header analysis
Sender analysis
VIP Impersonation via Google Group relay with suspicious indicators
Sublime Security
4mo ago
Nov 12th, 2025
BEC/Fraud
Credential Phishing
Malware/Ransomware
Evasion
Free email provider
Impersonation: Employee
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Credential Phishing
Malware/Ransomware
Evasion
Free email provider
Impersonation: Employee
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
VIP impersonation with charitable donation fraud
Sublime Security
4mo ago
Nov 12th, 2025
BEC/Fraud
Impersonation: Employee
Impersonation: VIP
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Impersonation: Employee
Impersonation: VIP
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
Xero invoice abuse
Sublime Security
3mo ago
Dec 17th, 2025
BEC/Fraud
Credential Phishing
Impersonation: Brand
Impersonation: Employee
Social engineering
Natural Language Understanding
Content analysis
Sender analysis
BEC/Fraud
Credential Phishing
Impersonation: Brand
Impersonation: Employee
Social engineering
Natural Language Understanding
Content analysis
Sender analysis
19 Rules