Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Mar 21st, 2025

Feed Source

GitHub

Tactic or Technique is

Rule Name & Severity	Author	Last Updated	Labels
Attachment: Adobe image lure in body or attachment with suspicious link	Sublime Security	1mo ago Feb 7th, 2025	Credential Phishing Image as content Impersonation: Brand Content analysis Computer Vision Optical Character Recognition Sender analysis URL analysis	/feeds/core/detection-rules/attachment-adobe-image-lure-in-body-or-attachment-with-suspicious-link-1d7add81
Attachment: Callback Phishing solicitation via image file	@vector_sec	11d ago Mar 12th, 2025	Callback Phishing Evasion Free email provider Out of band pivot Social engineering Image as content Content analysis Optical Character Recognition Sender analysis URL analysis Computer Vision	/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-image-file-60acbb36
Attachment: Fake attachment image lure	Sublime Security	8mo ago Jul 19th, 2024	Credential Phishing Malware/Ransomware Evasion Image as content Social engineering File analysis Natural Language Understanding Optical Character Recognition	/feeds/core/detection-rules/attachment-fake-attachment-image-lure-96b8b285
Attachment: Fake scan-to-email	Sublime Security	4mo ago Oct 28th, 2024	Credential Phishing Free file host Image as content PDF Social engineering Content analysis File analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/attachment-fake-scan-to-email-ea850cc1
Attachment: Fake secure message and suspicious indicators	Sublime Security	6mo ago Sep 16th, 2024	Credential Phishing Image as content Impersonation: Brand Social engineering Content analysis File analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/attachment-fake-secure-message-and-suspicious-indicators-20a34d94
Attachment: Microsoft impersonation via PDF with link and suspicious language	Sublime Security	10mo ago May 2nd, 2024	Credential Phishing Malware/Ransomware Image as content Impersonation: Brand PDF Scripting Social engineering Computer Vision File analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/attachment-microsoft-impersonation-via-pdf-with-link-and-suspicious-language-70d41c7f
Attachment: QR Code Link With Base64-Encoded Recipient Address	Sublime Security	26d ago Feb 25th, 2025	Credential Phishing QR code Image as content Social engineering Evasion PDF Macros Computer Vision File analysis Natural Language Understanding QR code analysis Sender analysis	/feeds/core/detection-rules/attachment-qr-code-link-with-base64-encoded-recipient-address-927a0c1a
Attachment: QR Code With Userinfo Portion	Sublime Security	30d ago Feb 21st, 2025	Credential Phishing Malware/Ransomware Evasion Image as content PDF QR code QR code analysis File analysis Sender analysis	/feeds/core/detection-rules/attachment-qr-code-with-userinfo-portion-9d62cc5c
Attachment: SVG Files With Evasion Elements	Sublime Security	30d ago Feb 21st, 2025	Malware/Ransomware Credential Phishing QR code Image as content Evasion File analysis XML analysis QR code analysis Sender analysis	/feeds/core/detection-rules/attachment-svg-files-with-evasion-elements-5d2dbb60
Brand Impersonation: Coinbase with suspicious links	Sublime Security	2y ago Nov 18th, 2023	Credential Phishing Evasion Free subdomain host Image as content Impersonation: Brand Computer Vision Content analysis File analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-coinbase-with-suspicious-links-b61e2f8e
Brand Impersonation: DocuSign with embedded QR code	Sublime Security	10mo ago May 2nd, 2024	Credential Phishing Evasion Image as content Impersonation: Brand QR code Computer Vision Content analysis QR code analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-docusign-with-embedded-qr-code-f5cde463
Brand impersonation: Fake fax	Sublime Security	1y ago Feb 23rd, 2024	Credential Phishing Impersonation: Brand Image as content Free file host Free subdomain host Social engineering Computer Vision Content analysis Optical Character Recognition Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-fake-fax-2a96b90a
Brand Impersonation: Microsoft Planner With Suspicious Link	Sublime Security	5mo ago Oct 9th, 2024	Credential Phishing Evasion Image as content Impersonation: Brand Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-planner-with-suspicious-link-ea363c08
Brand impersonation: Microsoft with low reputation links	Sublime Security	3mo ago Dec 18th, 2024	Credential Phishing Free file host Image as content Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-with-low-reputation-links-b59201b6
Brand impersonation: USPS	Sublime Security	3mo ago Dec 16th, 2024	Credential Phishing Image as content Impersonation: Brand Social engineering Computer Vision Content analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/brand-impersonation-usps-28b9130a
Credential Phishing: Hyper-linked image leading to free file host	Sublime Security	10mo ago May 2nd, 2024	Credential Phishing Evasion Free file host Image as content Social engineering Content analysis Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/credential-phishing-hyper-linked-image-leading-to-free-file-host-f5cb1eca
Credential Phishing: Image as content, short or no body contents	Sublime Security	2y ago Sep 8th, 2023	Credential Phishing Evasion Image as content Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition	/feeds/core/detection-rules/credential-phishing-image-as-content-short-or-no-body-contents-01313f38
Image as content with a link to an open redirect (unsolicited)	Sublime Security	11mo ago Apr 23rd, 2024	Credential Phishing Malware/Ransomware Evasion Image as content Open redirect Social engineering Content analysis HTML analysis URL analysis	/feeds/core/detection-rules/image-as-content-with-a-link-to-an-open-redirect-unsolicited-f5cec36b
Inline image as message with attachment or link	Sublime Security	2y ago Dec 11th, 2023	Credential Phishing Evasion Image as content Content analysis HTML analysis URL analysis	/feeds/core/detection-rules/inline-image-as-message-with-attachment-or-link-823d7107
Invoicera infrastructure abuse	Sublime Security	1y ago Mar 7th, 2024	Credential Phishing Spam Free file host Free subdomain host Image as content Social engineering Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/invoicera-infrastructure-abuse-1e56f310
PHP Mailer with common phishing attachments	@vector_sec	2y ago Aug 21st, 2023	Credential Phishing Image as content Header analysis	/feeds/core/detection-rules/php-mailer-with-common-phishing-attachments-07e03563
Spam: BlackBaud infrastructure abuse	Sublime Security	1y ago Jan 17th, 2024	Spam Evasion Impersonation: Brand Image as content Social engineering Content analysis Header analysis	/feeds/core/detection-rules/spam-blackbaud-infrastructure-abuse-3db46591
Spam: Image as content with Hidden HTML Element	Sublime Security	20d ago Mar 3rd, 2025	Spam Evasion Image as content Content analysis HTML analysis Sender analysis	/feeds/core/detection-rules/spam-image-as-content-with-hidden-html-element-5de8861f
Spam: Item Giveaway Spam Template	Sublime Security	2mo ago Jan 8th, 2025	Spam Image as content Content analysis HTML analysis Sender analysis Exif analysis	/feeds/core/detection-rules/spam-item-giveaway-spam-template-06a5f93b