Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Jul 15th, 2026
Feed Source
Tactic or Technique is
Rule Name & Severity
Author
Last Updated
Labels
Attachment with VBA macros from employee impersonation (unsolicited)
Sublime Security
6mo ago
Jan 12th, 2026
BEC: Employee impersonation with subject manipulation
Sublime Security
6mo ago
Jan 16th, 2026
Benefits enrollment impersonation
Sublime Security
1mo ago
Jun 5th, 2026
Canva infrastructure abuse
Sublime Security
2mo ago
May 4th, 2026
Credential phishing: Generic document sharing
Sublime Security
1mo ago
Jun 15th, 2026
Employee impersonation: Payroll fraud
Sublime Security
28d ago
Jun 18th, 2026
Employee impersonation with urgent request (untrusted sender)
Sublime Security
6mo ago
Jan 12th, 2026
Headers: System account impersonation with empty sender address
Sublime Security
6mo ago
Jan 12th, 2026
Impersonation: Employee name in subject with suspicious sender
Sublime Security
6d ago
Jul 10th, 2026
Impersonation: Employee using fabricated identity in initial contact
Sublime Security
1mo ago
May 28th, 2026
Impersonation: Human Resources with link or attachment and engaging language
Sublime Security
1mo ago
Jun 5th, 2026
Impersonation: Internal corporate services
Sublime Security
5mo ago
Jan 28th, 2026
Impersonation: IT Department mailbox storage alert
Sublime Security
9d ago
Jul 7th, 2026
Link: HR impersonation with suspicious domain indicators and credential theft
Sublime Security
7mo ago
Dec 3rd, 2025
Link: SharePoint filename matches org name
Sublime Security
5mo ago
Feb 6th, 2026
Service Abuse: Box file sharing with credential phishing intent
Sublime Security
6mo ago
Jan 12th, 2026
Sharepoint link likely unrelated to sender
Sublime Security
6mo ago
Jan 12th, 2026
Suspicious attachment with unscannable Cloudflare link
Sublime Security
6mo ago
Jan 12th, 2026
Suspicious request for financial information
Sublime Security
21d ago
Jun 25th, 2026
VIP Impersonation via Google Group relay with suspicious indicators
Sublime Security
1mo ago
Jun 5th, 2026
VIP impersonation with charitable donation fraud
Sublime Security
1mo ago
Jun 5th, 2026
Xero invoice abuse
Sublime Security
7mo ago
Dec 17th, 2025