Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Jul 17th, 2025
Feed Source
Detection Method is
Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Callback phishing via Zoho service abuse | Sublime Security | 6mo ago Jan 10th, 2025 | /feeds/core/detection-rules/callback-phishing-via-zoho-service-abuse-61e351ec | |
Compensation Review With QR Code in Attached EML | Sublime Security | 3mo ago Apr 3rd, 2025 | /feeds/core/detection-rules/compensation-review-with-qr-code-in-attached-eml-98a2f03c | |
Credential phishing content and link (untrusted sender) | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/credential-phishing-content-and-link-untrusted-sender-f0c95bb7 | |
Credential Phishing: DocuSign embedded image lure with no DocuSign domains in links | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/credential-phishing-docusign-embedded-image-lure-with-no-docusign-domains-in-links-dfe8715e | |
Credential Phishing: Image as content, short or no body contents | Sublime Security | 2y ago Sep 8th, 2023 | /feeds/core/detection-rules/credential-phishing-image-as-content-short-or-no-body-contents-01313f38 | |
Credential phishing link (unknown sender) | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/credential-phishing-link-unknown-sender-a278012b | |
Credential Phishing via Dropbox comment abuse | Sublime Security | 1y ago Apr 23rd, 2024 | /feeds/core/detection-rules/credential-phishing-via-dropbox-comment-abuse-744d494d | |
Extortion / Sextortion in Attachment From Untrusted Sender | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/extortion-sextortion-in-attachment-from-untrusted-sender-3cb8d32c | |
Free subdomain link with login or captcha (untrusted sender) | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/free-subdomain-link-with-login-or-captcha-untrusted-sender-93288f82 | |
Google Accelerated Mobile Pages (AMP) abuse | Sublime Security | 1y ago Apr 25th, 2024 | /feeds/core/detection-rules/google-accelerated-mobile-pages-amp-abuse-46907029 | |
Google Drive abuse: Credential phishing link | Sublime Security | 11mo ago Jul 31st, 2024 | /feeds/core/detection-rules/google-drive-abuse-credential-phishing-link-c74aece0 | |
Link: Credential Phishing link with Undisclosed Recipients | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/link-credential-phishing-link-with-undisclosed-recipients-06fc155e | |
Link: Credential Phishing via WordPress | Sublime Security | 3mo ago Apr 11th, 2025 | /feeds/core/detection-rules/link-credential-phishing-via-wordpress-db696058 | |
Link: Figma Design Deck With Credential Phishing Language | Sublime Security | 2mo ago May 7th, 2025 | /feeds/core/detection-rules/link-figma-design-deck-with-credential-phishing-language-87601924 | |
Link: Multistage Landing - Abuse Adobe Acrobat Hosted PDF | Sublime Security | 1mo ago Jun 16th, 2025 | /feeds/core/detection-rules/link-multistage-landing-abuse-adobe-acrobat-hosted-pdf-609081ef | |
Link: Multistage Landing - Abused Adobe frame.io | Sublime Security | 4mo ago Mar 3rd, 2025 | /feeds/core/detection-rules/link-multistage-landing-abused-adobe-frameio-a6c457c5 | |
Link: Multistage Landing - Ludus Presentation | Sublime Security | 2mo ago May 14th, 2025 | /feeds/core/detection-rules/link-multistage-landing-ludus-presentation-a8b3c311 | |
Link: Multistage Landing - Scribd Document | Sublime Security | 2mo ago May 16th, 2025 | /feeds/core/detection-rules/link-multistage-landing-scribd-document-afa9807d | |
Link: QR code in EML attachment with credential phishing indicators | Sublime Security | 1y ago Apr 25th, 2024 | /feeds/core/detection-rules/link-qr-code-in-eml-attachment-with-credential-phishing-indicators-9908ed3a | |
Link: QR code with phishing disposition in img or pdf | Sublime Security | 3mo ago Apr 14th, 2025 | /feeds/core/detection-rules/link-qr-code-with-phishing-disposition-in-img-or-pdf-8e8949f6 | |
Link: QR Code with suspicious language (untrusted sender) | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/link-qr-code-with-suspicious-language-untrusted-sender-25a84d1c | |
Link: QuickBooks image lure with suspicious link | Sublime Security | 1y ago May 2nd, 2024 | /feeds/core/detection-rules/link-quickbooks-image-lure-with-suspicious-link-3826a923 | |
Open Redirect: Google domain with /url path and suspicious indicators | Sublime Security | 6mo ago Jan 10th, 2025 | /feeds/core/detection-rules/open-redirect-google-domain-with-url-path-and-suspicious-indicators-fc5adf74 | |
QR Code with suspicious indicators | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/qr-code-with-suspicious-indicators-04f5c34f | |
Suspicious invoice reference with missing or image-only attachments | Sublime Security | 1mo ago Jun 16th, 2025 | /feeds/core/detection-rules/suspicious-invoice-reference-with-missing-or-image-only-attachments-466c1680 | |
Suspicious recipient pattern and language with low reputation link to login | Sublime Security | 1y ago Apr 30th, 2024 | /feeds/core/detection-rules/suspicious-recipient-pattern-and-language-with-low-reputation-link-to-login-a8ea0402 | |
Suspicious Recipients pattern with no Compauth pass and suspicious content | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/suspicious-recipients-pattern-with-no-compauth-pass-and-suspicious-content-34fb65f6 | |
X (Twitter) Impersonation with Credential Phishing motives | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/x-twitter-impersonation-with-credential-phishing-motives-0b60dca6 |