Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Jul 17th, 2025

Feed Source

GitHub

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
Link: Figma Design Deck With Credential Phishing Language	Sublime Security	2mo ago May 7th, 2025	Credential Phishing Evasion Free file host Social engineering Natural Language Understanding Computer Vision Optical Character Recognition URL analysis URL screenshot Sender analysis	/feeds/core/detection-rules/link-figma-design-deck-with-credential-phishing-language-87601924
Link: Intuit Link Abuse with File Share Context	Sublime Security	23d ago Jun 27th, 2025	Credential Phishing Impersonation: Brand Social engineering URL analysis Natural Language Understanding Content analysis Header analysis	/feeds/core/detection-rules/link-intuit-link-abuse-with-file-share-context-cd15cc34
Link: Microsoft Dynamics 365 form phishing	Sublime Security	4d ago Jul 16th, 2025	Credential Phishing Evasion Content analysis File analysis Optical Character Recognition Natural Language Understanding URL analysis URL screenshot	/feeds/core/detection-rules/link-microsoft-dynamics-365-form-phishing-f72b9085
Link: Microsoft impersonation using hosted png with suspicious link	Sublime Security	4d ago Jul 16th, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis Natural Language Understanding Sender analysis URL analysis	/feeds/core/detection-rules/link-microsoft-impersonation-using-hosted-png-with-suspicious-link-07c696d4
Link: Multistage Landing - Ludus Presentation	Sublime Security	2mo ago May 14th, 2025	Credential Phishing Evasion Social engineering Impersonation: Brand Header analysis URL analysis Computer Vision URL screenshot Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/link-multistage-landing-ludus-presentation-a8b3c311
Link: Multistage Landing - Published Google Doc	Sublime Security	2mo ago May 14th, 2025	Credential Phishing Free file host Social engineering Natural Language Understanding URL analysis Whois	/feeds/core/detection-rules/link-multistage-landing-published-google-doc-031e1ff8
Link: Multistage Landing - Scribd Document	Sublime Security	2mo ago May 16th, 2025	Credential Phishing Evasion Social engineering Impersonation: Brand Free file host URL analysis HTML analysis Natural Language Understanding Computer Vision Optical Character Recognition URL screenshot	/feeds/core/detection-rules/link-multistage-landing-scribd-document-afa9807d
Link: QR Code with suspicious language (untrusted sender)	Sublime Security	4d ago Jul 16th, 2025	Credential Phishing Impersonation: Brand QR code Social engineering Content analysis Computer Vision Natural Language Understanding QR code analysis Sender analysis URL analysis	/feeds/core/detection-rules/link-qr-code-with-suspicious-language-untrusted-sender-25a84d1c
Mass campaign: recipient address in subject, body, and link (untrusted sender)	Sublime Security	4d ago Jul 16th, 2025	Credential Phishing Social engineering Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/mass-campaign-recipient-address-in-subject-body-and-link-untrusted-sender-599dabf5
Mismatched Links: Free File Share With Urgent Language	Sublime Security	24d ago Jun 26th, 2025	BEC/Fraud Callback Phishing Credential Phishing Extortion Malware/Ransomware Spam Free file host Social engineering Natural Language Understanding Sender analysis URL analysis	/feeds/core/detection-rules/mismatched-links-free-file-share-with-urgent-language-478334c8
Open Redirect: Google domain with /url path and suspicious indicators	Sublime Security	6mo ago Jan 10th, 2025	Credential Phishing Evasion Open redirect Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-google-domain-with-url-path-and-suspicious-indicators-fc5adf74
QR Code with suspicious indicators	Sublime Security	4d ago Jul 16th, 2025	Credential Phishing QR code Social engineering Content analysis Header analysis Computer Vision Natural Language Understanding QR code analysis Sender analysis URL analysis	/feeds/core/detection-rules/qr-code-with-suspicious-indicators-04f5c34f
Recruitee Infrastructure Abuse	Sublime Security	4d ago Jul 16th, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Natural Language Understanding Sender analysis URL analysis Whois	/feeds/core/detection-rules/recruitee-infrastructure-abuse-31cab83d
Request for Quote or Purchase (RFQ\|RFP) with HTML smuggling attachment	Sublime Security	2y ago Aug 24th, 2023	Credential Phishing Evasion Content analysis File analysis HTML analysis Javascript analysis Natural Language Understanding URL analysis	/feeds/core/detection-rules/request-for-quote-or-purchase-rfqorrfp-with-html-smuggling-attachment-a47a5755
Request for Quote or Purchase (RFQ\|RFP) with suspicious sender or recipient pattern	Sublime Security	6d ago Jul 14th, 2025	BEC/Fraud Evasion Free email provider Content analysis Natural Language Understanding URL analysis	/feeds/core/detection-rules/request-for-quote-or-purchase-rfqorrfp-with-suspicious-sender-or-recipient-pattern-2ac0d329
Salesforce Infrastructure Abuse	Sublime Security	4d ago Jul 16th, 2025	Credential Phishing Evasion Social engineering Content analysis Header analysis Natural Language Understanding URL analysis	/feeds/core/detection-rules/salesforce-infrastructure-abuse-78a77c70
Scam: Piano Giveaway	Sublime Security	1mo ago Jun 11th, 2025	BEC/Fraud Free email provider Content analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/scam-piano-giveaway-1a91a203
Spoofable internal domain with suspicious signals	Sublime Security	1y ago May 3rd, 2024	Credential Phishing Free file host Free subdomain host Social engineering Spoofing Content analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/spoofable-internal-domain-with-suspicious-signals-40089d69
Suspected Lookalike domain with suspicious language	Sublime Security	6mo ago Dec 24th, 2024	BEC/Fraud Evasion Lookalike domain Social engineering Content analysis Natural Language Understanding Sender analysis Whois	/feeds/core/detection-rules/suspected-lookalike-domain-with-suspicious-language-3674ced0
Suspicious attachment with unscannable Cloudflare link	Sublime Security	4d ago Jul 16th, 2025	Credential Phishing Evasion PDF Social engineering Impersonation: Employee Impersonation: VIP File analysis URL analysis Sender analysis Content analysis Header analysis Natural Language Understanding	/feeds/core/detection-rules/suspicious-attachment-with-unscannable-cloudflare-link-00f92b6f
Suspicious invoice reference with missing or image-only attachments	Sublime Security	1mo ago Jun 16th, 2025	Credential Phishing Social engineering Content analysis Computer Vision File analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/suspicious-invoice-reference-with-missing-or-image-only-attachments-466c1680
Suspicious newly registered reply-to domain with engaging financial or urgent language	Sublime Security	4d ago Jul 16th, 2025	BEC/Fraud Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis Whois	/feeds/core/detection-rules/suspicious-newly-registered-reply-to-domain-with-engaging-financial-or-urgent-language-db4d9bb3
Suspicious recipient pattern and language with low reputation link to login	Sublime Security	1y ago Apr 30th, 2024	Credential Phishing Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis URL screenshot	/feeds/core/detection-rules/suspicious-recipient-pattern-and-language-with-low-reputation-link-to-login-a8ea0402
Suspicious Recipients pattern with NLU credential theft indicators	Sublime Security	24d ago Jun 26th, 2025	Credential Phishing Evasion Content analysis Header analysis Natural Language Understanding URL analysis	/feeds/core/detection-rules/suspicious-recipients-pattern-with-nlu-credential-theft-indicators-8e121c3e
Suspicious Recipients pattern with no Compauth pass and suspicious content	Sublime Security	4d ago Jul 16th, 2025	Content analysis Computer Vision Header analysis Natural Language Understanding URL analysis URL screenshot	/feeds/core/detection-rules/suspicious-recipients-pattern-with-no-compauth-pass-and-suspicious-content-34fb65f6
Vendor Compromise: GovDelivery Message With Suspicious Link	Sublime Security	1mo ago Jun 4th, 2025	Credential Phishing Malware/Ransomware Free subdomain host IPFS Social engineering Evasion Impersonation: Brand Natural Language Understanding URL analysis Whois	/feeds/core/detection-rules/vendor-compromise-govdelivery-message-with-suspicious-link-0d2d5172
Venmo Payment Request Abuse	Sublime Security	7mo ago Dec 20th, 2024	Callback Phishing BEC/Fraud Social engineering Impersonation: Brand Evasion Natural Language Understanding Content analysis Sender analysis HTML analysis	/feeds/core/detection-rules/venmo-payment-request-abuse-4450639a
VIP Impersonation via Google Group relay with suspicious indicators	Sublime Security	1y ago May 3rd, 2024	BEC/Fraud Credential Phishing Malware/Ransomware Evasion Free email provider Impersonation: Employee Social engineering Spoofing Content analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/vip-impersonation-via-google-group-relay-with-suspicious-indicators-57f9cd3b
VIP impersonation with BEC language (near match, untrusted sender)	Sublime Security	4d ago Jul 16th, 2025	BEC/Fraud Impersonation: VIP Social engineering Content analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/vip-impersonation-with-bec-language-near-match-untrusted-sender-303081da
VIP impersonation with charitable donation fraud	Sublime Security	4d ago Jul 16th, 2025	BEC/Fraud Impersonation: Employee Impersonation: VIP Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/vip-impersonation-with-charitable-donation-fraud-35a56b8e
VIP impersonation with invoicing request	Sublime Security	1y ago Apr 23rd, 2024	BEC/Fraud Impersonation: VIP Content analysis Header analysis Natural Language Understanding	/feeds/core/detection-rules/vip-impersonation-with-invoicing-request-a60f89a0
VIP impersonation with urgent request (strict match, untrusted sender)	Sublime Security	4d ago Jul 16th, 2025	BEC/Fraud Impersonation: VIP Social engineering Content analysis Content analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/vip-impersonation-with-urgent-request-strict-match-untrusted-sender-0dd1fa60
Xero Infrastructure Abuse	Sublime Security	1mo ago May 23rd, 2025	Credential Phishing Evasion Social engineering Content analysis Header analysis Natural Language Understanding URL analysis	/feeds/core/detection-rules/xero-infrastructure-abuse-918c4bd3
X (Twitter) Impersonation with Credential Phishing motives	Sublime Security	4d ago Jul 16th, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Header analysis Optical Character Recognition Natural Language Understanding Sender analysis	/feeds/core/detection-rules/x-twitter-impersonation-with-credential-phishing-motives-0b60dca6
Zoom Events Newsletter Abuse	Sublime Security	27d ago Jun 23rd, 2025	Credential Phishing Free file host Free subdomain host Social engineering Impersonation: Brand Header analysis HTML analysis Natural Language Understanding URL analysis	/feeds/core/detection-rules/zoom-events-newsletter-abuse-c8fce846