Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Mar 27th, 2026

Feed Source

GitHub

Tactic or Technique is

Rule Name & Severity	Author	Last Updated	Labels
Attachment: Callback phishing solicitation via image file	@vector_sec	2mo ago Jan 12th, 2026	Callback Phishing Evasion Free email provider Out of band pivot Social engineering Image as content Content analysis Optical Character Recognition Sender analysis URL analysis Computer Vision
Attachment: Callback phishing solicitation via pdf file	Sublime Security	7mo ago Aug 5th, 2025	Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis
Attachment: Callback phishing solicitation via text-based file	Sublime Security	6mo ago Sep 22nd, 2025	Callback Phishing Evasion Out of band pivot Social engineering Content analysis File analysis Header analysis Sender analysis
Attachment: Credit card application with WhatsApp contact	Sublime Security	4mo ago Nov 20th, 2025	BEC/Fraud Social engineering Out of band pivot Content analysis File analysis Natural Language Understanding QR code analysis
BEC/Fraud: Job scam fake thread or plaintext pivot to freemail	Sublime Security	2mo ago Jan 12th, 2026	BEC/Fraud Free email provider Out of band pivot Content analysis File analysis Natural Language Understanding
BEC/Fraud: Scam lure with freemail pivot	Sublime Security	7mo ago Aug 5th, 2025	BEC/Fraud Free email provider Out of band pivot Content analysis Header analysis Sender analysis
BEC/Fraud: Student loan callback phishing	Sublime Security	6mo ago Sep 5th, 2025	BEC/Fraud Free email provider Out of band pivot Social engineering Content analysis Natural Language Understanding Sender analysis
Benefits enrollment impersonation	Sublime Security	2mo ago Jan 12th, 2026	Credential Phishing Evasion Impersonation: Employee Out of band pivot Social engineering Content analysis Header analysis Sender analysis
Brand impersonation: GitHub with callback scam indicators	Sublime Security	19d ago Mar 11th, 2026	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Content analysis Natural Language Understanding Sender analysis
Callback phishing: Branded invoice from sender/reply-to domain less than 30 days old	Sublime Security	5mo ago Oct 17th, 2025	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Header analysis Natural Language Understanding Optical Character Recognition Whois
Callback phishing in body or attachment (untrusted sender)	Sublime Security	3d ago Mar 27th, 2026	Callback Phishing Out of band pivot Social engineering Content analysis File analysis Optical Character Recognition Natural Language Understanding Sender analysis
Callback phishing: Social Security Administration fraud	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis
Callback phishing solicitation in message body	Sublime Security	5mo ago Oct 17th, 2025	Callback Phishing Free email provider Impersonation: Brand Out of band pivot Social engineering File analysis Sender analysis
Callback phishing via Adobe Sign comment	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Evasion Impersonation: Brand Out of band pivot Social engineering Content analysis Computer Vision Header analysis Sender analysis URL analysis
Callback phishing via DocuSign comment	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Evasion Impersonation: Brand Out of band pivot Social engineering Content analysis Computer Vision Header analysis Sender analysis URL analysis
Callback phishing via Google Meet	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Out of band pivot Content analysis
Callback phishing via Microsoft comment	Sublime Security	4d ago Mar 26th, 2026	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Callback Phishing via Signable E-Signature Request	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Exploit Impersonation: Brand Out of band pivot Social engineering Computer Vision Content analysis Header analysis Sender analysis URL analysis
Callback phishing via SignFree e-signature request	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Exploit Impersonation: Brand Out of band pivot Social engineering Computer Vision Content analysis Header analysis Sender analysis URL analysis
Callback phishing via Xodo Sign comment	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Exploit Impersonation: Brand Out of band pivot Social engineering Computer Vision Content analysis Header analysis Sender analysis URL analysis
Callback phishing via Yammer comment	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Content analysis Natural Language Understanding Header analysis
Callback Phishing via Zoom comment	Sublime Security	1mo ago Feb 11th, 2026	Callback Phishing Out of band pivot Social engineering Impersonation: Brand Computer Vision Content analysis Header analysis Sender analysis
Callback scam: Impersonation via TimeTrade infrastructure	Sublime Security	7mo ago Aug 20th, 2025	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Content analysis Sender analysis Header analysis
Credential Phishing via Dropbox comment abuse	Sublime Security	6mo ago Sep 22nd, 2025	Credential Phishing Evasion Out of band pivot Social engineering Content analysis Computer Vision Sender analysis
HR impersonation via e-sign agreement comment	Sublime Security	2mo ago Jan 12th, 2026	BEC/Fraud Credential Phishing Evasion Impersonation: Brand Out of band pivot Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis
Link: chatbot.page platform abuse	Sublime Security	7mo ago Aug 5th, 2025	Credential Phishing Social engineering Out of band pivot URL analysis Natural Language Understanding Content analysis HTML analysis Javascript analysis URL screenshot
Link: ScreenConnect installer with suspicious relay domain	Sublime Security	2mo ago Jan 12th, 2026	Malware/Ransomware Evasion Out of band pivot Social engineering URL analysis File analysis Content analysis
Service abuse: AWS SNS callback scam impersonation	Sublime Security	4d ago Mar 26th, 2026	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Content analysis Natural Language Understanding Sender analysis
Service abuse: Callback phishing via Microsoft Teams invite	Sublime Security	3mo ago Dec 12th, 2025	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Content analysis URL analysis Sender analysis
Service abuse: GetAccept callback scam content	Sublime Security	2mo ago Jan 16th, 2026	Callback Phishing Out of band pivot Social engineering Content analysis Natural Language Understanding Sender analysis
Service abuse: Google Calendar notification with callback scam language	Sublime Security	14d ago Mar 16th, 2026	Callback Phishing Out of band pivot Social engineering Natural Language Understanding Content analysis Sender analysis
Service abuse: Google classroom solicitation	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing BEC/Fraud Impersonation: Brand Out of band pivot Social engineering Content analysis Header analysis Sender analysis
Service abuse: Microsoft Power Automate callback scam impersonation	Sublime Security	25d ago Mar 5th, 2026	Callback Phishing Out of band pivot Social engineering Content analysis Natural Language Understanding Sender analysis
Service abuse: Microsoft Power BI callback scam	Sublime Security	2mo ago Jan 22nd, 2026	Callback Phishing Out of band pivot Social engineering Content analysis Natural Language Understanding Sender analysis
Service abuse: Monday.com callback scam	Sublime Security	2mo ago Jan 26th, 2026	Callback Phishing Social engineering Out of band pivot Content analysis Natural Language Understanding Sender analysis
Service abuse: WeTransfer callback scam	Sublime Security	1mo ago Jan 30th, 2026	Callback Phishing Social engineering Out of band pivot Content analysis Natural Language Understanding Sender analysis

36 Rules