Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Jun 18th, 2025
Feed Source
Detection Method is
Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Attachment: Adobe image lure in body or attachment with suspicious link | Sublime Security | 1mo ago May 16th, 2025 | /feeds/core/detection-rules/attachment-adobe-image-lure-in-body-or-attachment-with-suspicious-link-1d7add81 | |
Attachment: Callback Phishing solicitation via image file | @vector_sec | 3mo ago Mar 12th, 2025 | /feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36 | |
Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d | Sublime Security | 1y ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282 | |
Attachment: EML with link to credential phishing page | Sublime Security | 9mo ago Sep 13th, 2024 | /feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca | |
Attachment: Fake Slack installer | Sublime Security | 2y ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f | |
Attachment: Fake Voicemail via PDF | Sublime Security | 1mo ago Apr 30th, 2025 | /feeds/core/detection-rules/attachment-fake-voicemail-via-pdf-d3587209 | |
Attachment: Fake Zoom installer | Sublime Security | 2y ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6 | |
Attachment: HTML smuggling - QR Code with suspicious links | Sublime Security | 1y ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-qr-code-with-suspicious-links-010e757d | |
Attachment: Microsoft impersonation via PDF with link and suspicious language | Sublime Security | 1y ago May 2nd, 2024 | /feeds/core/detection-rules/attachment-microsoft-impersonation-via-pdf-with-link-and-suspicious-language-70d41c7f | |
Attachment: QR Code Link With Base64-Encoded Recipient Address | Sublime Security | 2mo ago Mar 27th, 2025 | /feeds/core/detection-rules/attachment-qr-code-link-with-base64-encoded-recipient-address-927a0c1a | |
Attachment: QR code with credential phishing indicators | Sublime Security | 2mo ago Apr 14th, 2025 | /feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1 | |
Brand impersonation: Adobe (QR code) | Sublime Security | 2mo ago Mar 27th, 2025 | /feeds/core/detection-rules/brand-impersonation-adobe-qr-code-2fc36c6d | |
Brand impersonation: Adobe with suspicious language and link | Sublime Security | 8d ago Jun 11th, 2025 | /feeds/core/detection-rules/brand-impersonation-adobe-with-suspicious-language-and-link-32cc8bf1 | |
Brand impersonation: Amazon with suspicious attachment | Sublime Security | 1mo ago May 14th, 2025 | /feeds/core/detection-rules/brand-impersonation-amazon-with-suspicious-attachment-5751dcb9 | |
Brand Impersonation: Capital One | Sublime Security | 3mo ago Feb 20th, 2025 | /feeds/core/detection-rules/brand-impersonation-capital-one-d53848e4 | |
Brand Impersonation: Chase bank with credential phishing indicators | Sublime Security | 1y ago Apr 25th, 2024 | /feeds/core/detection-rules/brand-impersonation-chase-bank-with-credential-phishing-indicators-d9577856 | |
Brand Impersonation: Coinbase with suspicious links | Sublime Security | 2y ago Nov 18th, 2023 | /feeds/core/detection-rules/brand-impersonation-coinbase-with-suspicious-links-b61e2f8e | |
Brand impersonation: DocuSign branded attachment lure with no DocuSign links | Sublime Security | 15d ago Jun 4th, 2025 | /feeds/core/detection-rules/brand-impersonation-docusign-branded-attachment-lure-with-no-docusign-links-814a5694 | |
Brand impersonation: DocuSign (QR code) | Sublime Security | 1y ago Jun 12th, 2024 | /feeds/core/detection-rules/brand-impersonation-docusign-qr-code-0b16c28a | |
Brand Impersonation: DocuSign with embedded QR code | Sublime Security | 1y ago May 2nd, 2024 | /feeds/core/detection-rules/brand-impersonation-docusign-with-embedded-qr-code-f5cde463 | |
Brand Impersonation: Fake Fax | Sublime Security | 17d ago Jun 2nd, 2025 | /feeds/core/detection-rules/brand-impersonation-fake-fax-2a96b90a | |
Brand impersonation: Google Drive fake file share | Sublime Security | 21d ago May 29th, 2025 | /feeds/core/detection-rules/brand-impersonation-google-drive-fake-file-share-b424a941 | |
Brand impersonation: Google fake sign-in warning | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/brand-impersonation-google-fake-sign-in-warning-2d998eee | |
Brand Impersonation: Google (QR Code) | Sublime Security | 1y ago Apr 3rd, 2024 | /feeds/core/detection-rules/brand-impersonation-google-qr-code-7ffd184c | |
Brand impersonation: Gusto | Sublime Security | 1y ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-gusto-54025c1c | |
Brand impersonation: Hulu | Sublime Security | 4mo ago Feb 4th, 2025 | /feeds/core/detection-rules/brand-impersonation-hulu-6833de58 | |
Brand impersonation: KnowBe4 | Sublime Security | 6mo ago Nov 25th, 2024 | /feeds/core/detection-rules/brand-impersonation-knowbe4-7c798386 | |
Brand Impersonation: Mailchimp | Sublime Security | 1mo ago May 5th, 2025 | /feeds/core/detection-rules/brand-impersonation-mailchimp-48b454c7 | |
Brand Impersonation: MetaMask | Sublime Security | 3mo ago Feb 24th, 2025 | /feeds/core/detection-rules/brand-impersonation-metamask-ddb4c618 | |
Brand impersonation: Microsoft fake sign-in alert | Sublime Security | 1y ago Apr 25th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-fake-sign-in-alert-3f4c9e7a | |
Brand impersonation: Microsoft logo or suspicious language with open redirect | Sublime Security | 1y ago Mar 7th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-logo-or-suspicious-language-with-open-redirect-27b8d8d8 | |
Brand impersonation: Microsoft (QR code) | Sublime Security | 17d ago Jun 2nd, 2025 | /feeds/core/detection-rules/brand-impersonation-microsoft-qr-code-ed0f772a | |
Brand impersonation: Microsoft quarantine release notification in body | Sublime Security | 3d ago Jun 16th, 2025 | /feeds/core/detection-rules/brand-impersonation-microsoft-quarantine-release-notification-in-body-6d19527c | |
Brand impersonation: Microsoft quarantine release notification in image attachment | Sublime Security | 11mo ago Jun 27th, 2024 | /feeds/core/detection-rules/brand-impersonation-microsoft-quarantine-release-notification-in-image-attachment-185db6b3 | |
Brand impersonation: Microsoft with embedded logo and credential theft language | Sublime Security | 1mo ago May 7th, 2025 | /feeds/core/detection-rules/brand-impersonation-microsoft-with-embedded-logo-and-credential-theft-language-3ee9ef3d | |
Brand impersonation: Microsoft with low reputation links | Sublime Security | 1mo ago May 7th, 2025 | /feeds/core/detection-rules/brand-impersonation-microsoft-with-low-reputation-links-b59201b6 | |
Brand impersonation: Okta | Sublime Security | 1y ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-okta-b7a2989a | |
Brand Impersonation: PayPal | Sublime Security | 15d ago Jun 4th, 2025 | /feeds/core/detection-rules/brand-impersonation-paypal-a6b2ceee | |
Brand impersonation: PNC | Sublime Security | 1y ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-impersonation-pnc-1b5ae4fb | |
Brand impersonation: Quickbooks | Sublime Security | 2mo ago Apr 1st, 2025 | /feeds/core/detection-rules/brand-impersonation-quickbooks-4fd791d1 | |
Brand impersonation: Sharepoint | Sublime Security | 7d ago Jun 12th, 2025 | /feeds/core/detection-rules/brand-impersonation-sharepoint-284b1b70 | |
Brand impersonation: Sharepoint fake file share | Sublime Security | 7d ago Jun 12th, 2025 | /feeds/core/detection-rules/brand-impersonation-sharepoint-fake-file-share-ff8b296b | |
Brand Impersonation: TikTok | Sublime Security | 2mo ago Mar 31st, 2025 | /feeds/core/detection-rules/brand-impersonation-tiktok-aaacc8b7 | |
Brand impersonation: UPS | Sublime Security | 2mo ago Apr 8th, 2025 | /feeds/core/detection-rules/brand-impersonation-ups-73b68869 | |
Brand impersonation: USPS | Sublime Security | 6mo ago Dec 16th, 2024 | /feeds/core/detection-rules/brand-impersonation-usps-28b9130a | |
Brand Impersonation: Zoom | Sublime Security | 1mo ago May 15th, 2025 | /feeds/core/detection-rules/brand-impersonation-zoom-5abad540 | |
Callback Phishing via Adobe Sign comment | Sublime Security | 1mo ago Apr 25th, 2025 | /feeds/core/detection-rules/callback-phishing-via-adobe-sign-comment-7eb4516d | |
Callback Phishing via DocuSign comment | Sublime Security | 5mo ago Jan 2nd, 2025 | /feeds/core/detection-rules/callback-phishing-via-docusign-comment-48aec918 | |
Callback phishing via Intuit service abuse | Sublime Security | 29d ago May 21st, 2025 | /feeds/core/detection-rules/callback-phishing-via-intuit-service-abuse-f2fe1294 | |
Callback Phishing via Xodo Sign comment | Sublime Security | 1mo ago Apr 28th, 2025 | /feeds/core/detection-rules/callback-phishing-via-xodo-sign-comment-6f722c5d |