Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Mar 21st, 2025

Feed Source

GitHub

Attack Type is

Rule Name & Severity	Author	Last Updated	Labels
Attachment: Callback Phishing solicitation via image file	@vector_sec	11d ago Mar 12th, 2025	Callback Phishing Evasion Free email provider Out of band pivot Social engineering Image as content Content analysis Optical Character Recognition Sender analysis URL analysis Computer Vision	/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36
Attachment: Callback Phishing solicitation via pdf file	Sublime Security	25d ago Feb 26th, 2025	Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis	/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097
Attachment: Callback Phishing solicitation via text-based file with a large unknown recipient list	Sublime Security	7mo ago Jul 26th, 2024	Callback Phishing Evasion Out of band pivot Social engineering Content analysis File analysis Header analysis Sender analysis	/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-text-based-file-with-a-large-unknown-recipient-list-ca39c83a
BEC/Fraud: Urgent Language and Suspicious Sending/Infrastructure Patterns	Sublime Security	13d ago Mar 10th, 2025	BEC/Fraud Callback Phishing Spam Impersonation: Brand Social engineering Free email provider Content analysis Header analysis Sender analysis Whois	/feeds/core/detection-rules/becfraud-urgent-language-and-suspicious-sendinginfrastructure-patterns-ba8a79e0
Brand impersonation: Quickbooks	Sublime Security	27d ago Feb 24th, 2025	Callback Phishing Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-quickbooks-4fd791d1
Brand Impersonation: QuickBooks Notification From Intuit Themed Company Name	Sublime Security	20d ago Mar 3rd, 2025	Callback Phishing Credential Phishing BEC/Fraud Evasion Social engineering Content analysis Sender analysis Header analysis	/feeds/core/detection-rules/brand-impersonation-quickbooks-notification-from-intuit-themed-company-name-42058fc4
Brand Impersonation: SiriusXM	Sublime Security	2mo ago Jan 9th, 2025	Callback Phishing Credential Phishing Spam Free email provider Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-siriusxm-70eb3792
Brand Impersonation: WeTransfer	Sublime Security	11d ago Mar 12th, 2025	BEC/Fraud Callback Phishing Credential Phishing Extortion Malware/Ransomware Spam Impersonation: Brand Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-wetransfer-e37885ad
Callback Phishing: Branded invoice from sender/reply-to domain less than 30 days old	Sublime Security	11mo ago Apr 25th, 2024	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Header analysis Natural Language Understanding Optical Character Recognition Whois	/feeds/core/detection-rules/callback-phishing-branded-invoice-from-senderreply-to-domain-less-than-30-days-old-e6f4af53
Callback Phishing in body or attachment (untrusted sender)	Sublime Security	4mo ago Nov 5th, 2024	Callback Phishing Out of band pivot Social engineering Content analysis File analysis Optical Character Recognition Natural Language Understanding Sender analysis	/feeds/core/detection-rules/callback-phishing-in-body-or-attachment-untrusted-sender-b93c6f94
Callback Phishing: Social Security Administration Fraud	Sublime Security	27d ago Feb 24th, 2025	Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis	/feeds/core/detection-rules/callback-phishing-social-security-administration-fraud-a9049d52
Callback Phishing solicitation in message body	Sublime Security	25d ago Feb 26th, 2025	Callback Phishing Free email provider Impersonation: Brand Out of band pivot Social engineering File analysis Sender analysis	/feeds/core/detection-rules/callback-phishing-solicitation-in-message-body-10a3a446
Callback Phishing via Adobe Sign comment	Sublime Security	11d ago Mar 12th, 2025	Callback Phishing Evasion Impersonation: Brand Out of band pivot Social engineering Content analysis Computer Vision Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/callback-phishing-via-adobe-sign-comment-7eb4516d
Callback Phishing via DocuSign comment	Sublime Security	2mo ago Jan 2nd, 2025	Callback Phishing Evasion Impersonation: Brand Out of band pivot Social engineering Content analysis Computer Vision Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/callback-phishing-via-docusign-comment-48aec918
Callback Phishing via extensionless rfc822 attachment	Sublime Security	11mo ago Apr 23rd, 2024	Callback Phishing Impersonation: Brand Social engineering File analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/callback-phishing-via-extensionless-rfc822-attachment-197722c4
Callback phishing via Google Group abuse	Sublime Security	11mo ago Apr 23rd, 2024	Callback Phishing Free email provider Impersonation: Brand Social engineering File analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/callback-phishing-via-google-group-abuse-199d873b
Callback phishing via Intuit service abuse	Sublime Security	6d ago Mar 17th, 2025	Callback Phishing Evasion Free email provider Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Optical Character Recognition	/feeds/core/detection-rules/callback-phishing-via-intuit-service-abuse-f2fe1294
Callback phishing via Zelle Service Abuse	Sublime Security	27d ago Feb 24th, 2025	BEC/Fraud Callback Phishing Evasion Social engineering Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/callback-phishing-via-zelle-service-abuse-08727484
Callback phishing via Zoho service abuse	Sublime Security	2mo ago Jan 10th, 2025	Callback Phishing Evasion Free email provider Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Optical Character Recognition	/feeds/core/detection-rules/callback-phishing-via-zoho-service-abuse-61e351ec
Inbound Message from Popular Service Via Newly Observed Distribution List	Sublime Security	3d ago Mar 20th, 2025	Callback Phishing Evasion Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/inbound-message-from-popular-service-via-newly-observed-distribution-list-8f4bc148
Link: Invoice or receipt from freemail sender with customer service number	@vector_sec	2y ago Oct 4th, 2023	BEC/Fraud Callback Phishing Free email provider Impersonation: Brand Social engineering Content analysis Sender analysis URL analysis	/feeds/core/detection-rules/link-invoice-or-receipt-from-freemail-sender-with-customer-service-number-3825232d
Link: Jensi File Preview Link from Unsolicited Sender	Sublime Security	5mo ago Oct 2nd, 2024	Callback Phishing Free file host Free subdomain host Content analysis URL analysis Sender analysis	/feeds/core/detection-rules/link-jensi-file-preview-link-from-unsolicited-sender-122b39f3
Link: Webflow Link from Unsolicited Sender	Sublime Security	6mo ago Sep 16th, 2024	Callback Phishing Free file host Free subdomain host Content analysis URL analysis Sender analysis	/feeds/core/detection-rules/link-webflow-link-from-unsolicited-sender-d4f3b8cf
Link: Zoho Form Link from Unsolicited Sender	Sublime Security	4mo ago Nov 5th, 2024	Callback Phishing Free file host Content analysis URL analysis Sender analysis	/feeds/core/detection-rules/link-zoho-form-link-from-unsolicited-sender-eb04a9f2
Message Traversed Multiple onmicrosoft.com Tenants	Sublime Security	3mo ago Dec 18th, 2024	Callback Phishing Evasion Free email provider Free subdomain host Sender analysis Header analysis	/feeds/core/detection-rules/message-traversed-multiple-onmicrosoftcom-tenants-9cf01c0d
Microsoft Infrastructure Abuse With Suspicious Patterns	Sublime Security	2mo ago Jan 7th, 2025	BEC/Fraud Callback Phishing Evasion Impersonation: Brand Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/microsoft-infrastructure-abuse-with-suspicious-patterns-cfe8e804
PayPal Invoice Abuse	Sublime Security	20d ago Mar 3rd, 2025	BEC/Fraud Callback Phishing Evasion Social engineering Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/paypal-invoice-abuse-0ff7a0d4
Service Abuse: DocuSign Notification with Suspicious Sender or Document Name	Sublime Security	3mo ago Dec 16th, 2024	Callback Phishing BEC/Fraud Evasion Social engineering Sender analysis Header analysis Content analysis	/feeds/core/detection-rules/service-abuse-docusign-notification-with-suspicious-sender-or-document-name-5e4707cd
Service Abuse: Dropbox Share From an Unsolicited Reply-To Address	Sublime Security	3mo ago Dec 18th, 2024	Callback Phishing BEC/Fraud Evasion Social engineering Sender analysis Header analysis Content analysis	/feeds/core/detection-rules/service-abuse-dropbox-share-from-an-unsolicited-reply-to-address-50a1499f
Service Abuse: Dropbox Share From New Domain	Sublime Security	4mo ago Nov 13th, 2024	Callback Phishing Credential Phishing BEC/Fraud Evasion Social engineering Content analysis Sender analysis Header analysis	/feeds/core/detection-rules/service-abuse-dropbox-share-from-new-domain-0e664bd9
Service Abuse: Dropbox Share with Suspicious Sender or Document Name	Sublime Security	1mo ago Jan 24th, 2025	Callback Phishing BEC/Fraud Evasion Social engineering Sender analysis Header analysis Content analysis	/feeds/core/detection-rules/service-abuse-dropbox-share-with-suspicious-sender-or-document-name-27007c9f
Service Abuse: Google Drive Share From an Unsolicited Reply-To Address	Sublime Security	2mo ago Jan 2nd, 2025	BEC/Fraud Callback Phishing Credential Phishing Free email provider Social engineering Free file host Header analysis Sender analysis	/feeds/core/detection-rules/service-abuse-google-drive-share-from-an-unsolicited-reply-to-address-4581ec0c
Service Abuse: Google Drive Share From New Reply-To Domain	Sublime Security	2mo ago Jan 9th, 2025	BEC/Fraud Callback Phishing Credential Phishing Free email provider Social engineering Free file host Header analysis Sender analysis Whois	/feeds/core/detection-rules/service-abuse-google-drive-share-from-new-reply-to-domain-c1a2d367
Service Abuse: HelloSign Share with Suspicious Sender or Document Name	Sublime Security	3mo ago Dec 3rd, 2024	Callback Phishing BEC/Fraud Evasion Social engineering Sender analysis Header analysis Content analysis	/feeds/core/detection-rules/service-abuse-hellosign-share-with-suspicious-sender-or-document-name-464d98f3
Service Abuse: Payoneer Callback Scam	Sublime Security	4mo ago Nov 5th, 2024	Callback Phishing BEC/Fraud Evasion Social engineering Sender analysis Header analysis Content analysis	/feeds/core/detection-rules/service-abuse-payoneer-callback-scam-b7fb174c
Service Abuse: QuickBooks Notification From New Domain	Sublime Security	3mo ago Dec 16th, 2024	Callback Phishing Credential Phishing BEC/Fraud Evasion Social engineering Content analysis Sender analysis Header analysis	/feeds/core/detection-rules/service-abuse-quickbooks-notification-from-new-domain-c4f46473
Service Abuse: QuickBooks Notification with Suspicious Comments	Sublime Security	3mo ago Dec 16th, 2024	Callback Phishing Credential Phishing BEC/Fraud Evasion Social engineering Content analysis Sender analysis Header analysis	/feeds/core/detection-rules/service-abuse-quickbooks-notification-with-suspicious-comments-a23d0950
Spam: Default Microsoft Exchange Online sender domain (onmicrosoft.com)	Sublime Security	2mo ago Jan 10th, 2025	Callback Phishing Credential Phishing Spam Free email provider Impersonation: Brand Social engineering Content analysis Sender analysis	/feeds/core/detection-rules/spam-default-microsoft-exchange-online-sender-domain-onmicrosoftcom-3f2a64ce
Stripe Invoice Abuse	Sublime Security	2y ago Aug 21st, 2023	BEC/Fraud Callback Phishing PDF File analysis Header analysis	/feeds/core/detection-rules/stripe-invoice-abuse-90162d16
Suspicious mailer received from Gmail servers	Sublime Security	5mo ago Oct 8th, 2024	Callback Phishing Spam Free email provider Social engineering Header analysis	/feeds/core/detection-rules/suspicious-mailer-received-from-gmail-servers-f05f04ee
Venmo Payment Request Abuse	Sublime Security	3mo ago Dec 20th, 2024	Callback Phishing BEC/Fraud Social engineering Impersonation: Brand Evasion Natural Language Understanding Content analysis Sender analysis HTML analysis	/feeds/core/detection-rules/venmo-payment-request-abuse-4450639a