Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Mar 13th, 2026

Feed Source

GitHub

Tactic or Technique is

Rule Name & Severity	Author	Last Updated	Labels
Adobe branded PDF file linking to a password-protected file from untrusted sender	Sublime Security	8mo ago Jul 16th, 2025	Malware/Ransomware Encryption Evasion Impersonation: Brand PDF Archive analysis File analysis Natural Language Understanding Optical Character Recognition Sender analysis
Attachment: Adobe image lure in body or attachment with suspicious link	Sublime Security	2mo ago Jan 5th, 2026	Credential Phishing Image as content Impersonation: Brand Content analysis Computer Vision Optical Character Recognition Sender analysis URL analysis
Attachment: Decoy PDF author (Julie P.)	Sublime Security	7mo ago Aug 5th, 2025	Credential Phishing Impersonation: Brand PDF File analysis Content analysis Sender analysis
Attachment: DocuSign impersonation via PDF linking to new domain	Sublime Security	2mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand PDF Social engineering Header analysis Sender analysis URL analysis File analysis Computer Vision Whois
Attachment: Dropbox image lure with no Dropbox domains in links	Sublime Security	8mo ago Jul 16th, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis File analysis Header analysis Optical Character Recognition Sender analysis
Attachment: EML with SharePoint files shared from GoDaddy federated tenants	Sublime Security	5mo ago Sep 23rd, 2025	Credential Phishing Evasion Impersonation: Brand Social engineering File analysis URL analysis Content analysis
Attachment: EML with Sharepoint link likely unrelated to sender	Sublime Security	5mo ago Sep 23rd, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Evasion File analysis URL analysis Header analysis Sender analysis
Attachment: Fake secure message and suspicious indicators	Sublime Security	2mo ago Jan 12th, 2026	Credential Phishing Image as content Impersonation: Brand Social engineering Content analysis File analysis Header analysis Natural Language Understanding Sender analysis
Attachment: Fake Slack installer	Sublime Security	3y ago Nov 29th, 2023	Malware/Ransomware Evasion HTML smuggling Impersonation: Brand Scripting Social engineering Archive analysis Computer Vision File analysis HTML analysis Natural Language Understanding URL analysis
Attachment: Fake Zoom installer	Sublime Security	3y ago Nov 29th, 2023	Malware/Ransomware Evasion HTML smuggling Impersonation: Brand Scripting Social engineering Archive analysis Computer Vision File analysis HTML analysis Natural Language Understanding URL analysis
Attachment: HTML smuggling Microsoft sign in	Sublime Security	2mo ago Jan 12th, 2026	Credential Phishing Free subdomain host HTML smuggling Impersonation: Brand Social engineering Archive analysis Content analysis File analysis Header analysis Javascript analysis Sender analysis URL analysis
Attachment: HTML with emoji-to-character map	Sublime Security	7mo ago Aug 5th, 2025	Credential Phishing Evasion HTML smuggling Impersonation: Brand Scripting Social engineering File analysis HTML analysis Javascript analysis Sender analysis
Attachment: Invoice and W-9 PDFs with suspicious creators	Sublime Security	1mo ago Jan 21st, 2026	BEC/Fraud PDF Social engineering Impersonation: Brand File analysis Optical Character Recognition Exif analysis Content analysis
Attachment: Microsoft 365 credential phishing	Sublime Security	2mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis File analysis Header analysis Optical Character Recognition Sender analysis
Attachment: Microsoft impersonation via PDF with link and suspicious language	Sublime Security	8mo ago Jul 16th, 2025	Credential Phishing Malware/Ransomware Image as content Impersonation: Brand PDF Scripting Social engineering Computer Vision File analysis Header analysis Natural Language Understanding Sender analysis
Attachment: PDF file with link to fake Bitcoin exchange	Sublime Security	2mo ago Jan 12th, 2026	BEC/Fraud Free email provider Impersonation: Brand PDF Social engineering Exif analysis File analysis Sender analysis URL analysis
Attachment: PDF with Microsoft Purview message impersonation	Sublime Security	4mo ago Nov 10th, 2025	Credential Phishing Impersonation: Brand PDF Social engineering File analysis Natural Language Understanding Content analysis
Attachment: RFP/RFQ impersonating government entities	Sublime Security	2y ago Jan 30th, 2024	BEC/Fraud Impersonation: Brand PDF Social engineering Content analysis File analysis Natural Language Understanding Optical Character Recognition Sender analysis
Attachment: USDA bid invitation impersonation	Sublime Security	7mo ago Aug 5th, 2025	BEC/Fraud Impersonation: Brand PDF Macros Social engineering Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis
BEC/Fraud: Urgent language and suspicious sending/infrastructure patterns	Sublime Security	2mo ago Jan 12th, 2026	BEC/Fraud Callback Phishing Spam Impersonation: Brand Social engineering Free email provider Content analysis Header analysis Sender analysis Whois
Brand impersonation: AARP	Sublime Security	3mo ago Dec 1st, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis
Brand impersonation: Adobe (QR code)	Sublime Security	2mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand PDF QR code Computer Vision Header analysis QR code analysis Sender analysis
Brand impersonation: Adobe Sign with suspicious indicators	Sublime Security	2mo ago Jan 8th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis HTML analysis Sender analysis
Brand impersonation: Adobe with suspicious language and link	Sublime Security	3mo ago Nov 24th, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Sender analysis
Brand impersonation: ADP	Sublime Security	2mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Header analysis Sender analysis
Brand impersonation: AliExpress	Sublime Security	7mo ago Aug 5th, 2025	Callback Phishing Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis URL analysis
Brand impersonation: Amazon	Sublime Security	29d ago Feb 13th, 2026	Credential Phishing Impersonation: Brand Social engineering Header analysis Sender analysis
Brand impersonation: Amazon Web Services (AWS)	Sublime Security	5mo ago Oct 10th, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis Optical Character Recognition Sender analysis Natural Language Understanding
Brand impersonation: Amazon with suspicious attachment	Sublime Security	2mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis
Brand impersonation: American Express (AMEX)	Sublime Security	25d ago Feb 17th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis
Brand impersonation: Apple	Sublime Security	3y ago Aug 21st, 2023	Credential Phishing Impersonation: Brand Social engineering Header analysis Sender analysis
Brand impersonation: Aquent	Sublime Security	5mo ago Oct 9th, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis
Brand impersonation: Aramco	Sublime Security	1mo ago Jan 28th, 2026	BEC/Fraud Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis HTML analysis Natural Language Understanding Sender analysis
Brand impersonation: AuthentiSign	Sublime Security	1mo ago Jan 21st, 2026	Credential Phishing BEC/Fraud Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis Sender analysis
Brand impersonation: Bank of America	Sublime Security	2mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis
Brand impersonation: Barracuda Networks	Sublime Security	2mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis
Brand impersonation: Binance	Sublime Security	6mo ago Sep 3rd, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis HTML analysis Natural Language Understanding Sender analysis
Brand impersonation: Blockchain[.]com	Sublime Security	1mo ago Jan 21st, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis
Brand impersonation: Booking.com	Sublime Security	2d ago Mar 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Natural Language Understanding Header analysis Sender analysis
Brand impersonation: Box file sharing service	Sublime Security	5mo ago Sep 23rd, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Sender analysis
Brand impersonation: Capital One	Sublime Security	3mo ago Nov 17th, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Sender analysis Header analysis
Brand impersonation: Charles Schwab	Sublime Security	6mo ago Sep 3rd, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis
Brand impersonation: Chase Bank	Sublime Security	12d ago Mar 2nd, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis
Brand impersonation: Chase bank with credential phishing indicators	Sublime Security	2mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Natural Language Understanding Sender analysis URL analysis
Brand impersonation: Coinbase	Sublime Security	4mo ago Nov 4th, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis
Brand impersonation: Coinbase with suspicious links	Sublime Security	5mo ago Sep 22nd, 2025	Credential Phishing Evasion Free subdomain host Image as content Impersonation: Brand Computer Vision Content analysis File analysis URL analysis
Brand impersonation: Dashlane	Sublime Security	8mo ago Jul 16th, 2025	Credential Phishing Impersonation: Brand Social engineering Header analysis Sender analysis
Brand impersonation: DHL	Sublime Security	3mo ago Dec 1st, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis
Brand impersonation: DigitalOcean	Sublime Security	5mo ago Sep 18th, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis
Brand impersonation: Discord notification	Sublime Security	4mo ago Oct 23rd, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis

263 Rules

Page 1 of 6