Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Dec 19th, 2025

Feed Source

GitHub

Tactic or Technique is

Rule Name & Severity	Author	Last Updated	Labels
Attachment: Callback phishing solicitation via image file	@vector_sec	2mo ago Sep 25th, 2025	Callback Phishing Evasion Free email provider Out of band pivot Social engineering Image as content Content analysis Optical Character Recognition Sender analysis URL analysis Computer Vision	/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36
Attachment: Callback phishing solicitation via pdf file	Sublime Security	4mo ago Aug 5th, 2025	Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis	/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097
Attachment: Callback phishing solicitation via text-based file	Sublime Security	2mo ago Sep 22nd, 2025	Callback Phishing Evasion Out of band pivot Social engineering Content analysis File analysis Header analysis Sender analysis	/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-text-based-file-ca39c83a
Attachment: Credit card application with WhatsApp contact	Sublime Security	1mo ago Nov 20th, 2025	BEC/Fraud Social engineering Out of band pivot Content analysis File analysis Natural Language Understanding QR code analysis	/feeds/core/detection-rules/attachment-credit-card-application-with-whatsapp-contact-95b08315
BEC/Fraud: Job scam fake thread or plaintext pivot to freemail	Sublime Security	1mo ago Nov 20th, 2025	BEC/Fraud Free email provider Out of band pivot Content analysis File analysis Natural Language Understanding	/feeds/core/detection-rules/becfraud-job-scam-fake-thread-or-plaintext-pivot-to-freemail-ce21c151
BEC/Fraud: Scam lure with freemail pivot	Sublime Security	4mo ago Aug 5th, 2025	BEC/Fraud Free email provider Out of band pivot Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/becfraud-scam-lure-with-freemail-pivot-898c769f
BEC/Fraud: Student loan callback phishing	Sublime Security	3mo ago Sep 5th, 2025	BEC/Fraud Free email provider Out of band pivot Social engineering Content analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/becfraud-student-loan-callback-phishing-a71f82c3
Benefits enrollment impersonation	Sublime Security	4mo ago Aug 5th, 2025	Credential Phishing Evasion Impersonation: Employee Out of band pivot Social engineering Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/benefits-enrollment-impersonation-5a6eb5a8
Callback phishing: Branded invoice from sender/reply-to domain less than 30 days old	Sublime Security	2mo ago Oct 17th, 2025	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Header analysis Natural Language Understanding Optical Character Recognition Whois	/feeds/core/detection-rules/callback-phishing-branded-invoice-from-senderreply-to-domain-less-than-30-days-old-e6f4af53
Callback phishing in body or attachment (untrusted sender)	Sublime Security	1mo ago Nov 19th, 2025	Callback Phishing Out of band pivot Social engineering Content analysis File analysis Optical Character Recognition Natural Language Understanding Sender analysis	/feeds/core/detection-rules/callback-phishing-in-body-or-attachment-untrusted-sender-b93c6f94
Callback phishing: Social Security Administration fraud	Sublime Security	4mo ago Aug 5th, 2025	Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis	/feeds/core/detection-rules/callback-phishing-social-security-administration-fraud-a9049d52
Callback phishing solicitation in message body	Sublime Security	2mo ago Oct 17th, 2025	Callback Phishing Free email provider Impersonation: Brand Out of band pivot Social engineering File analysis Sender analysis	/feeds/core/detection-rules/callback-phishing-solicitation-in-message-body-10a3a446
Callback phishing via Adobe Sign comment	Sublime Security	2mo ago Oct 17th, 2025	Callback Phishing Evasion Impersonation: Brand Out of band pivot Social engineering Content analysis Computer Vision Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/callback-phishing-via-adobe-sign-comment-7eb4516d
Callback phishing via DocuSign comment	Sublime Security	2mo ago Sep 22nd, 2025	Callback Phishing Evasion Impersonation: Brand Out of band pivot Social engineering Content analysis Computer Vision Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/callback-phishing-via-docusign-comment-48aec918
Callback phishing via Google Meet	Sublime Security	18d ago Dec 3rd, 2025	Callback Phishing Out of band pivot Content analysis	/feeds/core/detection-rules/callback-phishing-via-google-meet-70e01845
Callback phishing via Microsoft comment	Sublime Security	5d ago Dec 16th, 2025	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/callback-phishing-via-microsoft-comment-8346c7b9
Callback Phishing via Signable E-Signature Request	Sublime Security	2mo ago Oct 17th, 2025	Callback Phishing Exploit Impersonation: Brand Out of band pivot Social engineering Computer Vision Content analysis Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/callback-phishing-via-signable-e-signature-request-4599575d
Callback phishing via SignFree e-signature request	Sublime Security	2mo ago Oct 17th, 2025	Callback Phishing Exploit Impersonation: Brand Out of band pivot Social engineering Computer Vision Content analysis Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/callback-phishing-via-signfree-e-signature-request-21381c37
Callback phishing via Xodo Sign comment	Sublime Security	2mo ago Oct 17th, 2025	Callback Phishing Exploit Impersonation: Brand Out of band pivot Social engineering Computer Vision Content analysis Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/callback-phishing-via-xodo-sign-comment-6f722c5d
Callback phishing via Yammer comment	Sublime Security	3mo ago Sep 2nd, 2025	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Content analysis Natural Language Understanding Header analysis	/feeds/core/detection-rules/callback-phishing-via-yammer-comment-66650e2b
Callback Phishing via Zoom comment	Sublime Security	2mo ago Sep 22nd, 2025	Callback Phishing Out of band pivot Social engineering Impersonation: Brand Computer Vision Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/callback-phishing-via-zoom-comment-8ec30881
Callback scam: Impersonation via TimeTrade infrastructure	Sublime Security	4mo ago Aug 20th, 2025	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Content analysis Sender analysis Header analysis	/feeds/core/detection-rules/callback-scam-impersonation-via-timetrade-infrastructure-0c0b3664
Credential Phishing via Dropbox comment abuse	Sublime Security	2mo ago Sep 22nd, 2025	Credential Phishing Evasion Out of band pivot Social engineering Content analysis Computer Vision Sender analysis	/feeds/core/detection-rules/credential-phishing-via-dropbox-comment-abuse-744d494d
HR impersonation via e-sign agreement comment	Sublime Security	4mo ago Aug 5th, 2025	BEC/Fraud Credential Phishing Evasion Impersonation: Brand Out of band pivot Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/hr-impersonation-via-e-sign-agreement-comment-796c6f0f
Link: chatbot.page platform abuse	Sublime Security	4mo ago Aug 5th, 2025	Credential Phishing Social engineering Out of band pivot URL analysis Natural Language Understanding Content analysis HTML analysis Javascript analysis URL screenshot	/feeds/core/detection-rules/link-chatbotpage-platform-abuse-bfd6a076
Link: ScreenConnect installer with suspicious relay domain	Sublime Security	4mo ago Aug 5th, 2025	Malware/Ransomware Evasion Out of band pivot Social engineering URL analysis File analysis Content analysis	/feeds/core/detection-rules/link-screenconnect-installer-with-suspicious-relay-domain-37d21eef
Service abuse: Callback phishing via Microsoft Teams invite	Sublime Security	9d ago Dec 12th, 2025	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Content analysis URL analysis Sender analysis	/feeds/core/detection-rules/service-abuse-callback-phishing-via-microsoft-teams-invite-13e35e5f
Service abuse: Google classroom solicitation	Sublime Security	2mo ago Oct 17th, 2025	Callback Phishing BEC/Fraud Impersonation: Brand Out of band pivot Social engineering Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/service-abuse-google-classroom-solicitation-e9c39e92

28 Rules