Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Mar 21st, 2025
Feed Source
Detection Method is
Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Attachment: EML with link to credential phishing page | Sublime Security | 6mo ago Sep 13th, 2024 | /feeds/core/detection-rules/attachment-eml-with-link-to-credential-phishing-page-1df41cca | |
Attachment: HTML smuggling - QR Code with suspicious links | Sublime Security | 11mo ago Apr 25th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-qr-code-with-suspicious-links-010e757d | |
Attachment: QR code with credential phishing indicators | Sublime Security | 5d ago Mar 18th, 2025 | /feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1 | |
Brand impersonation: DocuSign branded attachment lure with no DocuSign links | Sublime Security | 1mo ago Feb 20th, 2025 | /feeds/core/detection-rules/brand-impersonation-docusign-branded-attachment-lure-with-no-docusign-links-814a5694 | |
Credential phishing content and link (untrusted sender) | Sublime Security | 3mo ago Nov 25th, 2024 | /feeds/core/detection-rules/credential-phishing-content-and-link-untrusted-sender-f0c95bb7 | |
Credential phishing link (unknown sender) | Sublime Security | 11mo ago Apr 25th, 2024 | /feeds/core/detection-rules/credential-phishing-link-unknown-sender-a278012b | |
Free subdomain link with credential theft indicators | Sublime Security | 3mo ago Dec 12th, 2024 | /feeds/core/detection-rules/free-subdomain-link-with-credential-theft-indicators-9187479c | |
Free subdomain link with login or captcha (untrusted sender) | Sublime Security | 11mo ago Apr 25th, 2024 | /feeds/core/detection-rules/free-subdomain-link-with-login-or-captcha-untrusted-sender-93288f82 | |
Google Accelerated Mobile Pages (AMP) abuse | Sublime Security | 11mo ago Apr 25th, 2024 | /feeds/core/detection-rules/google-accelerated-mobile-pages-amp-abuse-46907029 | |
Google Drive abuse: Credential phishing link | Sublime Security | 7mo ago Jul 31st, 2024 | /feeds/core/detection-rules/google-drive-abuse-credential-phishing-link-c74aece0 | |
Link: Adobe Share with Suspicious Indicators | Sublime Security | 3mo ago Dec 3rd, 2024 | /feeds/core/detection-rules/link-adobe-share-with-suspicious-indicators-b33cae80 | |
Link: Credential Phishing link with Undisclosed Recipients | Sublime Security | 11mo ago Apr 25th, 2024 | /feeds/core/detection-rules/link-credential-phishing-link-with-undisclosed-recipients-06fc155e | |
Link: Microsoft Dynamics 365 form phishing | Sublime Security | 4mo ago Nov 14th, 2024 | /feeds/core/detection-rules/link-microsoft-dynamics-365-form-phishing-f72b9085 | |
Link to auto-downloaded file with Adobe branding | Sublime Security | 11mo ago Apr 25th, 2024 | /feeds/core/detection-rules/link-to-auto-downloaded-file-with-adobe-branding-e826c2cf | |
Link to auto-downloaded file with Google Drive branding | Sublime Security | 11mo ago Apr 25th, 2024 | /feeds/core/detection-rules/link-to-auto-downloaded-file-with-google-drive-branding-4b5343be | |
Suspicious recipient pattern and language with low reputation link to login | Sublime Security | 10mo ago Apr 30th, 2024 | /feeds/core/detection-rules/suspicious-recipient-pattern-and-language-with-low-reputation-link-to-login-a8ea0402 | |
Suspicious Recipients pattern with no Compauth pass and suspicious content | Sublime Security | 6mo ago Aug 27th, 2024 | /feeds/core/detection-rules/suspicious-recipients-pattern-with-no-compauth-pass-and-suspicious-content-34fb65f6 |