Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated May 23rd, 2025

Feed Source

GitHub

Tactic or Technique is

Rule Name & Severity	Author	Last Updated	Labels
Adobe branded PDF file linking to a password-protected file from untrusted sender	Sublime Security	1y ago Feb 23rd, 2024	Malware/Ransomware Encryption Evasion Impersonation: Brand PDF Archive analysis File analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/adobe-branded-pdf-file-linking-to-a-password-protected-file-from-untrusted-sender-5ea75469
Attachment: Adobe image lure in body or attachment with suspicious link	Sublime Security	7d ago May 16th, 2025	Credential Phishing Image as content Impersonation: Brand Content analysis Computer Vision Optical Character Recognition Sender analysis URL analysis	/feeds/core/detection-rules/attachment-adobe-image-lure-in-body-or-attachment-with-suspicious-link-1d7add81
Attachment: Decoy PDF Author (Julie P.)	Sublime Security	7mo ago Oct 2nd, 2024	Credential Phishing Impersonation: Brand PDF File analysis Content analysis Sender analysis	/feeds/core/detection-rules/attachment-decoy-pdf-author-julie-p-4324213a
Attachment: DocuSign Impersonation (PDF) linking to New Domain <=3d	Sublime Security	1y ago Apr 25th, 2024	Credential Phishing Impersonation: Brand PDF Social engineering Header analysis Sender analysis URL analysis File analysis Computer Vision Whois	/feeds/core/detection-rules/attachment-docusign-impersonation-pdf-linking-to-new-domain-less3d-f0c96282
Attachment: Dropbox image lure with no Dropbox domains in links	Sublime Security	1y ago Jan 23rd, 2024	Credential Phishing Impersonation: Brand Social engineering Content analysis File analysis Header analysis Optical Character Recognition Sender analysis	/feeds/core/detection-rules/attachment-dropbox-image-lure-with-no-dropbox-domains-in-links-500eee2d
Attachment: Fake secure message and suspicious indicators	Sublime Security	8mo ago Sep 16th, 2024	Credential Phishing Image as content Impersonation: Brand Social engineering Content analysis File analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/attachment-fake-secure-message-and-suspicious-indicators-20a34d94
Attachment: Fake Slack installer	Sublime Security	2y ago Nov 29th, 2023	Malware/Ransomware Evasion HTML smuggling Impersonation: Brand Scripting Social engineering Archive analysis Computer Vision File analysis HTML analysis Natural Language Understanding URL analysis	/feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f
Attachment: Fake Zoom installer	Sublime Security	2y ago Nov 29th, 2023	Malware/Ransomware Evasion HTML smuggling Impersonation: Brand Scripting Social engineering Archive analysis Computer Vision File analysis HTML analysis Natural Language Understanding URL analysis	/feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6
Attachment: HTML Smuggling Microsoft Sign In	Sublime Security	1y ago Jan 31st, 2024	Credential Phishing Free subdomain host HTML smuggling Impersonation: Brand Social engineering Archive analysis Content analysis File analysis Header analysis Javascript analysis Sender analysis URL analysis	/feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385
Attachment: HTML With Emoji-to-Character Map	Sublime Security	5mo ago Dec 2nd, 2024	Credential Phishing Evasion HTML smuggling Impersonation: Brand Scripting Social engineering File analysis HTML analysis Javascript analysis Sender analysis	/feeds/core/detection-rules/attachment-html-with-emoji-to-character-map-3119d086
Attachment: Microsoft 365 Credential Phishing	Sublime Security	7mo ago Oct 16th, 2024	Credential Phishing Impersonation: Brand Social engineering Content analysis File analysis Header analysis Optical Character Recognition Sender analysis	/feeds/core/detection-rules/attachment-microsoft-365-credential-phishing-edce0229
Attachment: Microsoft impersonation via PDF with link and suspicious language	Sublime Security	1y ago May 2nd, 2024	Credential Phishing Malware/Ransomware Image as content Impersonation: Brand PDF Scripting Social engineering Computer Vision File analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/attachment-microsoft-impersonation-via-pdf-with-link-and-suspicious-language-70d41c7f
Attachment: PDF file with Link to Fake Bitcoin Exchange	Sublime Security	2y ago Aug 21st, 2023	BEC/Fraud Free email provider Impersonation: Brand PDF Social engineering Exif analysis File analysis Sender analysis URL analysis	/feeds/core/detection-rules/attachment-pdf-file-with-link-to-fake-bitcoin-exchange-47601cb7
Attachment: RFP/RFQ impersonating government entities	Sublime Security	1y ago Jan 30th, 2024	BEC/Fraud Impersonation: Brand PDF Social engineering Content analysis File analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/attachment-rfprfq-impersonating-government-entities-3b73e3b3
BEC/Fraud: Urgent Language and Suspicious Sending/Infrastructure Patterns	Sublime Security	2mo ago Mar 10th, 2025	BEC/Fraud Callback Phishing Spam Impersonation: Brand Social engineering Free email provider Content analysis Header analysis Sender analysis Whois	/feeds/core/detection-rules/becfraud-urgent-language-and-suspicious-sendinginfrastructure-patterns-ba8a79e0
Brand impersonation: Adobe (QR code)	Sublime Security	1mo ago Mar 27th, 2025	Credential Phishing Impersonation: Brand PDF QR code Computer Vision Header analysis QR code analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-adobe-qr-code-2fc36c6d
Brand impersonation: Adobe with suspicious language and link	Sublime Security	8mo ago Sep 19th, 2024	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-adobe-with-suspicious-language-and-link-32cc8bf1
Brand impersonation: ADP	Sublime Security	1y ago Jan 9th, 2024	Credential Phishing Impersonation: Brand Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-adp-bb9cf46b
Brand Impersonation: AliExpress	Sublime Security	25d ago Apr 28th, 2025	Callback Phishing Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-aliexpress-b14703d8
Brand impersonation: Amazon	Sublime Security	1mo ago Apr 18th, 2025	Credential Phishing Impersonation: Brand Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-amazon-13fc967d
Brand impersonation: Amazon with suspicious attachment	Sublime Security	9d ago May 14th, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-amazon-with-suspicious-attachment-5751dcb9
Brand impersonation: American Express (AMEX)	Sublime Security	8mo ago Sep 12th, 2024	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-american-express-amex-992a9fa9
Brand impersonation: Apple	Sublime Security	2y ago Aug 21st, 2023	Credential Phishing Impersonation: Brand Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-apple-0b17f2c2
Brand impersonation: Aramco	Sublime Security	7mo ago Oct 10th, 2024	BEC/Fraud Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis HTML analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/brand-impersonation-aramco-96e87699
Brand impersonation: Bank of America	Sublime Security	11mo ago Jun 14th, 2024	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-bank-of-america-d2fc6ea1
Brand impersonation: Barracuda Networks	Sublime Security	10mo ago Jul 8th, 2024	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-barracuda-networks-583fd5eb
Brand impersonation: Binance	Sublime Security	2mo ago Feb 24th, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis HTML analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/brand-impersonation-binance-c3302a76
Brand impersonation: Blockchain[.]com	Sublime Security	1y ago Apr 23rd, 2024	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-blockchaincom-0d85e555
Brand Impersonation: Booking.com	Sublime Security	1mo ago Apr 16th, 2025	Credential Phishing Impersonation: Brand Social engineering Natural Language Understanding Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-bookingcom-d1d8882f
Brand Impersonation: Capital One	Sublime Security	3mo ago Feb 20th, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Sender analysis Header analysis	/feeds/core/detection-rules/brand-impersonation-capital-one-d53848e4
Brand impersonation: Charles Schwab	Sublime Security	3mo ago Feb 13th, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-charles-schwab-7abde595
Brand impersonation: Chase Bank	Sublime Security	30d ago Apr 23rd, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-chase-bank-c680f1e7
Brand Impersonation: Chase bank with credential phishing indicators	Sublime Security	1y ago Apr 25th, 2024	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Natural Language Understanding Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-chase-bank-with-credential-phishing-indicators-d9577856
Brand impersonation: Coinbase	Sublime Security	1y ago Apr 23rd, 2024	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-coinbase-3dca757a
Brand Impersonation: Coinbase with suspicious links	Sublime Security	2y ago Nov 18th, 2023	Credential Phishing Evasion Free subdomain host Image as content Impersonation: Brand Computer Vision Content analysis File analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-coinbase-with-suspicious-links-b61e2f8e
Brand impersonation: Dashlane	Sublime Security	1y ago Apr 23rd, 2024	Credential Phishing Impersonation: Brand Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-dashlane-9e400937
Brand impersonation: DHL	Sublime Security	3mo ago Feb 7th, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-dhl-be4b4ae0
Brand impersonation: Digital Ocean	Sublime Security	1y ago Mar 4th, 2024	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-digital-ocean-7f2f0e97
Brand Impersonation: DocSend	Sublime Security	8mo ago Sep 11th, 2024	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-docsend-cd9a3f7a
Brand impersonation: DocuSign	Sublime Security	2d ago May 21st, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Spoofing Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-docusign-4d29235c
Brand impersonation: DocuSign branded attachment lure with no DocuSign links	Sublime Security	23d ago Apr 30th, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL screenshot	/feeds/core/detection-rules/brand-impersonation-docusign-branded-attachment-lure-with-no-docusign-links-814a5694
Brand Impersonation: DocuSign pdf attachment with suspicious link	Sublime Security	3mo ago Feb 3rd, 2025	Credential Phishing Impersonation: Brand PDF Social engineering File analysis Natural Language Understanding Optical Character Recognition URL analysis	/feeds/core/detection-rules/brand-impersonation-docusign-pdf-attachment-with-suspicious-link-2601cbb7
Brand impersonation: DocuSign (QR code)	Sublime Security	11mo ago Jun 12th, 2024	Credential Phishing Impersonation: Brand PDF QR code Social engineering Computer Vision Header analysis QR code analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-docusign-qr-code-0b16c28a
Brand Impersonation: DocuSign with embedded QR code	Sublime Security	1y ago May 2nd, 2024	Credential Phishing Evasion Image as content Impersonation: Brand QR code Computer Vision Content analysis QR code analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-docusign-with-embedded-qr-code-f5cde463
Brand impersonation: DoorDash	Sublime Security	9mo ago Aug 12th, 2024	Credential Phishing Impersonation: Brand Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-doordash-b0aaaed5
Brand impersonation: Dotloop	Sublime Security	1y ago Apr 23rd, 2024	Credential Phishing Impersonation: Brand Social engineering Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-dotloop-f997581a
Brand impersonation: Dropbox	Sublime Security	6mo ago Nov 13th, 2024	Credential Phishing Impersonation: Brand Social engineering Content analysis File analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-dropbox-61f11d12
Brand impersonation: Enbridge	Sublime Security	3mo ago Jan 24th, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-enbridge-203a6a28
Brand Impersonation: Exodus	Sublime Security	1y ago Apr 25th, 2024	Credential Phishing Impersonation: Brand Social engineering Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/brand-impersonation-exodus-40c77ecc
Brand Impersonation: Fake DocuSign HTML table not linking to DocuSign domains	Sublime Security	3mo ago Feb 4th, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis HTML analysis Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-fake-docusign-html-table-not-linking-to-docusign-domains-28923dde