Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Feb 6th, 2026

Feed Source

GitHub

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
Attachment: Callback phishing solicitation via pdf file	Sublime Security	6mo ago Aug 5th, 2025	Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis	/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097
Attachment: Emotet heavily padded doc in zip file	Sublime Security	6mo ago Jul 16th, 2025	Malware/Ransomware Evasion Archive analysis Content analysis Exif analysis File analysis Sender analysis	/feeds/core/detection-rules/attachment-emotet-heavily-padded-doc-in-zip-file-9a5332ed
Attachment: Encrypted PDF with credential theft body	Sublime Security	2mo ago Dec 1st, 2025	Credential Phishing Encryption Evasion PDF Social engineering Content analysis Exif analysis File analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/attachment-encrypted-pdf-with-credential-theft-body-c9596c9a
Attachment: Excel file with document sharing lure created by Go Excelize	Sublime Security	11d ago Jan 29th, 2026	Credential Phishing Macros Social engineering File analysis Macro analysis Content analysis Exif analysis	/feeds/core/detection-rules/attachment-excel-file-with-document-sharing-lure-created-by-go-excelize-dfaf267f
Attachment: Excel file with suspicious template identifier	Sublime Security	28d ago Jan 12th, 2026	Credential Phishing Evasion Macros Exif analysis File analysis	/feeds/core/detection-rules/attachment-excel-file-with-suspicious-template-identifier-40f84b4b
Attachment: Fake lawyer & sports agent identities	Sublime Security	14d ago Jan 26th, 2026	BEC/Fraud Impersonation: VIP Social engineering Content analysis Exif analysis File analysis Optical Character Recognition	/feeds/core/detection-rules/attachment-fake-lawyer-and-sports-agent-identities-7d3a2478
Attachment: Fictitious invoice using LinkedIn's address	Sublime Security	5mo ago Sep 3rd, 2025	BEC/Fraud PDF Social engineering File analysis Optical Character Recognition Natural Language Understanding Content analysis Exif analysis	/feeds/core/detection-rules/attachment-fictitious-invoice-using-linkedins-address-aeee3d9f
Attachment: Invoice and W-9 PDFs with suspicious creators	Sublime Security	19d ago Jan 21st, 2026	BEC/Fraud PDF Social engineering Impersonation: Brand File analysis Optical Character Recognition Exif analysis Content analysis	/feeds/core/detection-rules/attachment-invoice-and-w-9-pdfs-with-suspicious-creators-305d6e32
Attachment: Legal themed message or PDF with suspicious indicators	Sublime Security	4d ago Feb 5th, 2026	Credential Phishing Extortion BEC/Fraud Evasion PDF Social engineering Content analysis File analysis Natural Language Understanding Optical Character Recognition URL analysis Whois Header analysis Exif analysis	/feeds/core/detection-rules/attachment-legal-themed-message-or-pdf-with-suspicious-indicators-19133301
Attachment: LNK with embedded content	@ajpc500	28d ago Jan 12th, 2026	Malware/Ransomware Exploit LNK Scripting Content analysis Exif analysis File analysis	/feeds/core/detection-rules/attachment-lnk-with-embedded-content-41452f7a
Attachment: Office document with VSTO add-in	@vector_sec	28d ago Jan 12th, 2026	Malware/Ransomware Scripting Archive analysis Content analysis Exif analysis File analysis Sender analysis URL analysis	/feeds/core/detection-rules/attachment-office-document-with-vsto-add-in-27afa730
Attachment: Password-protected PDF with fake document indicators	Sublime Security	19d ago Jan 21st, 2026	Malware/Ransomware Credential Phishing Encryption Evasion PDF File analysis YARA Exif analysis	/feeds/core/detection-rules/attachment-password-protected-pdf-with-fake-document-indicators-b45e4440
Attachment: PDF file with link to fake Bitcoin exchange	Sublime Security	28d ago Jan 12th, 2026	BEC/Fraud Free email provider Impersonation: Brand PDF Social engineering Exif analysis File analysis Sender analysis URL analysis	/feeds/core/detection-rules/attachment-pdf-file-with-link-to-fake-bitcoin-exchange-47601cb7
Attachment: PDF generated with wkhtmltopdf tool and default title	Sublime Security	1mo ago Dec 19th, 2025	BEC/Fraud Callback Phishing Credential Phishing Malware/Ransomware PDF Evasion File analysis Exif analysis	/feeds/core/detection-rules/attachment-pdf-generated-with-wkhtmltopdf-tool-and-default-title-64e6c8a8
Attachment: PDF with suspicious HeadlessChrome metadata	Sublime Security	1mo ago Jan 8th, 2026	Credential Phishing Malware/Ransomware Evasion PDF File analysis Exif analysis	/feeds/core/detection-rules/attachment-pdf-with-suspicious-headlesschrome-metadata-eda99b1d
Attachment: PowerPoint with suspicious hyperlink	Sublime Security	28d ago Jan 12th, 2026	Malware/Ransomware Evasion Scripting Exif analysis File analysis	/feeds/core/detection-rules/attachment-powerpoint-with-suspicious-hyperlink-0a999fb1
Attachment: Suspicious PDF created with headless browser	Sublime Security	4mo ago Sep 17th, 2025	Credential Phishing Evasion PDF Content analysis Exif analysis File analysis Optical Character Recognition	/feeds/core/detection-rules/attachment-suspicious-pdf-created-with-headless-browser-8f3108d7
Attachment: XLSX file with suspicious print titles metadata	Sublime Security	4mo ago Sep 16th, 2025	Credential Phishing Evasion Macros File analysis Exif analysis	/feeds/core/detection-rules/attachment-xlsx-file-with-suspicious-print-titles-metadata-4c265cbe
Callback phishing: AOL senders with suspicious HTML template or PDF attachment	Sublime Security	28d ago Jan 12th, 2026	Callback Phishing Free email provider Social engineering Content analysis Header analysis File analysis HTML analysis Exif analysis Sender analysis	/feeds/core/detection-rules/callback-phishing-aol-senders-with-suspicious-html-template-or-pdf-attachment-f6044eed
Callback phishing: Social Security Administration fraud	Sublime Security	28d ago Jan 12th, 2026	Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis	/feeds/core/detection-rules/callback-phishing-social-security-administration-fraud-a9049d52
Spam: Item giveaway spam template	Sublime Security	6mo ago Aug 5th, 2025	Spam Image as content Content analysis HTML analysis Sender analysis Exif analysis	/feeds/core/detection-rules/spam-item-giveaway-spam-template-06a5f93b

21 Rules