Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Jul 17th, 2025
Feed Source
Attack Type is
Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Advance Fee Fraud (AFF) from freemail provider or suspicious TLD | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/advance-fee-fraud-aff-from-freemail-provider-or-suspicious-tld-6a5af373 | |
AnonymousFox Indicators | Sublime Security | 1y ago Jul 19th, 2024 | /feeds/core/detection-rules/anonymousfox-indicators-2506206e | |
Attachment: Link to Doubleclick.net Open Redirect | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/attachment-link-to-doubleclicknet-open-redirect-506c16cc | |
Attachment: PDF file with Link to Fake Bitcoin Exchange | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-pdf-file-with-link-to-fake-bitcoin-exchange-47601cb7 | |
Attachment: RFP/RFQ impersonating government entities | Sublime Security | 1y ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-rfprfq-impersonating-government-entities-3b73e3b3 | |
Attachment: USDA Bid Invitation Impersonation | Sublime Security | 1mo ago May 23rd, 2025 | /feeds/core/detection-rules/attachment-usda-bid-invitation-impersonation-34eb9493 | |
BEC: Employee impersonation with subject manipulation | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/bec-employee-impersonation-with-subject-manipulation-9adfc77b | |
BEC/Fraud: Generic Scam attempt to Undisclosed Receipients | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/becfraud-generic-scam-attempt-to-undisclosed-receipients-5dac401f | |
BEC/Fraud - Job Scam Fake thread or plaintext pivot to freemail | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/becfraud-job-scam-fake-thread-or-plaintext-pivot-to-freemail-ce21c151 | |
BEC/Fraud: Romance Scam | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/becfraud-romance-scam-0243cdaa | |
BEC/Fraud: Scam Lure with freemail pivot | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/becfraud-scam-lure-with-freemail-pivot-898c769f | |
BEC/Fraud - Student loan callback phishing | Sublime Security | 9mo ago Oct 4th, 2024 | /feeds/core/detection-rules/becfraud-student-loan-callback-phishing-a71f82c3 | |
BEC/Fraud: Urgent Language and Suspicious Sending/Infrastructure Patterns | Sublime Security | 4mo ago Mar 10th, 2025 | /feeds/core/detection-rules/becfraud-urgent-language-and-suspicious-sendinginfrastructure-patterns-ba8a79e0 | |
BEC with unusual Reply-to or Return-path mismatch | Sublime Security | 10mo ago Aug 27th, 2024 | /feeds/core/detection-rules/bec-with-unusual-reply-to-or-return-path-mismatch-83e5e2df | |
Brand impersonation: Aramco | Sublime Security | 9mo ago Oct 10th, 2024 | /feeds/core/detection-rules/brand-impersonation-aramco-96e87699 | |
Brand impersonation: Enbridge | Sublime Security | 5mo ago Jan 24th, 2025 | /feeds/core/detection-rules/brand-impersonation-enbridge-203a6a28 | |
Brand impersonation: Interac | Sublime Security | 10mo ago Sep 16th, 2024 | /feeds/core/detection-rules/brand-impersonation-interac-50a883dc | |
Brand Impersonation: Internal Revenue Service | Sublime Security | 3mo ago Apr 7th, 2025 | /feeds/core/detection-rules/brand-impersonation-internal-revenue-service-3c63f8e9 | |
Brand Impersonation: Mailgun | Sublime Security | 1mo ago Jun 6th, 2025 | /feeds/core/detection-rules/brand-impersonation-mailgun-59cc84e6 | |
Brand Impersonation: MetaMask | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/brand-impersonation-metamask-ddb4c618 | |
Brand impersonation: Microsoft logo or suspicious language with open redirect | Sublime Security | 1y ago Mar 7th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-logo-or-suspicious-language-with-open-redirect-27b8d8d8 | |
Brand Impersonation: QuickBooks Notification From Intuit Themed Company Name | Sublime Security | 4mo ago Mar 3rd, 2025 | /feeds/core/detection-rules/brand-impersonation-quickbooks-notification-from-intuit-themed-company-name-42058fc4 | |
Brand Impersonation: SendGrid | Sublime Security | 1mo ago Jun 9th, 2025 | /feeds/core/detection-rules/brand-impersonation-sendgrid-d800124f | |
Brand Impersonation: Trust Wallet | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/brand-impersonation-trust-wallet-e456974c | |
Brand Impersonation: Vanguard | Sublime Security | 3mo ago Apr 11th, 2025 | /feeds/core/detection-rules/brand-impersonation-vanguard-3bd048fe | |
Brand Impersonation: WeTransfer | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/brand-impersonation-wetransfer-e37885ad | |
Business Email Compromise (BEC) attempt from unsolicited sender | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/business-email-compromise-bec-attempt-from-unsolicited-sender-57eccc45 | |
Business Email Compromise (BEC) attempt from untrusted sender | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/business-email-compromise-bec-attempt-from-untrusted-sender-96d4c35a | |
Business Email Compromise (BEC) attempt from untrusted sender (French/Français) | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/business-email-compromise-bec-attempt-from-untrusted-sender-frenchfrancais-b7d1e096 | |
Business Email Compromise (BEC) attempt with masked recipients and reply-to mismatch (unsolicited) | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/business-email-compromise-bec-attempt-with-masked-recipients-and-reply-to-mismatch-unsolicited-682191bf | |
Business Email Compromise (BEC) with request for mobile number | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/business-email-compromise-bec-with-request-for-mobile-number-514ffd68 | |
Callback Phishing: SumUp Infrastructure Abuse | Sublime Security | 3mo ago Apr 18th, 2025 | /feeds/core/detection-rules/callback-phishing-sumup-infrastructure-abuse-1c41649e | |
Callback phishing via Zelle Service Abuse | Sublime Security | 4mo ago Feb 24th, 2025 | /feeds/core/detection-rules/callback-phishing-via-zelle-service-abuse-08727484 | |
Canva Infrastructure Abuse | Sublime Security | 3mo ago Apr 1st, 2025 | /feeds/core/detection-rules/canva-infrastructure-abuse-b69fdb5c | |
COVID-19 themed fraud with sender and reply-to mismatch or compensation award | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/covid-19-themed-fraud-with-sender-and-reply-to-mismatch-or-compensation-award-a16480ef | |
DocuSign Impersonation via CloudHQ Links | Sublime Security | 3mo ago Apr 4th, 2025 | /feeds/core/detection-rules/docusign-impersonation-via-cloudhq-links-44ba2fee | |
Employee Impersonation: Payroll Fraud | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/employee-impersonation-payroll-fraud-2beb7d85 | |
Employee impersonation with urgent request (untrusted sender) | Sublime Security | 12d ago Jul 8th, 2025 | /feeds/core/detection-rules/employee-impersonation-with-urgent-request-untrusted-sender-1ce9a146 | |
Encrypted Microsoft Office Files From Untrusted Senders | Sublime Security | 17d ago Jul 3rd, 2025 | /feeds/core/detection-rules/encrypted-microsoft-office-files-from-untrusted-senders-eb7b26e7 | |
Extortion / Sextortion - PDF attachment leveraging breach data from freemail sender | Sublime Security | 5mo ago Feb 3rd, 2025 | /feeds/core/detection-rules/extortion-sextortion-pdf-attachment-leveraging-breach-data-from-freemail-sender-efb5a213 | |
Fake Message Thread - Untrusted Sender with a Mismatched Freemail Reply-To Address | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/fake-message-thread-untrusted-sender-with-a-mismatched-freemail-reply-to-address-ca64e819 | |
Fake request for tax preparation | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/fake-request-for-tax-preparation-e36b85b3 | |
Fake thread with suspicious indicators | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/fake-thread-with-suspicious-indicators-c2e18a57 | |
File sharing link with a suspicious subject | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/file-sharing-link-with-a-suspicious-subject-a306e2a6 | |
Fraudulent E-commerce Operators | Sublime Security | 8mo ago Nov 20th, 2024 | /feeds/core/detection-rules/fraudulent-e-commerce-operators-3776a6fc | |
Free Email Provider Sender with Mismatched Provider Reply-To | Sublime Security | 1mo ago May 23rd, 2025 | /feeds/core/detection-rules/free-email-provider-sender-with-mismatched-provider-reply-to-fcd831d0 | |
Generic Service Abuse From Newly Registered Domain | Sublime Security | 3mo ago Apr 15th, 2025 | /feeds/core/detection-rules/generic-service-abuse-from-newly-registered-domain-0937b4c5 | |
Headers: iOS/iPadOS mailer with invalid build number | Sublime Security | 2y ago Aug 17th, 2023 | /feeds/core/detection-rules/headers-iosipados-mailer-with-invalid-build-number-e0b74072 | |
Honorific greeting BEC attempt with sender and reply-to mismatch | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/honorific-greeting-bec-attempt-with-sender-and-reply-to-mismatch-aa41b1b7 | |
HR Impersonation via E-sign Agreement Comment | Sublime Security | 2mo ago May 5th, 2025 | /feeds/core/detection-rules/hr-impersonation-via-e-sign-agreement-comment-796c6f0f |