Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Mar 27th, 2026

Feed Source

GitHub

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
Attachment: Callback phishing solicitation via pdf file	Sublime Security	7mo ago Aug 5th, 2025	Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis
Attachment: Emotet heavily padded doc in zip file	Sublime Security	8mo ago Jul 16th, 2025	Malware/Ransomware Evasion Archive analysis Content analysis Exif analysis File analysis Sender analysis
Attachment: Encrypted PDF with credential theft body	Sublime Security	1mo ago Feb 26th, 2026	Credential Phishing Encryption Evasion PDF Social engineering Content analysis Exif analysis File analysis Natural Language Understanding Sender analysis
Attachment: Excel file with document sharing lure created by Go Excelize	Sublime Security	1mo ago Jan 29th, 2026	Credential Phishing Macros Social engineering File analysis Macro analysis Content analysis Exif analysis
Attachment: Excel file with suspicious template identifier	Sublime Security	2mo ago Jan 12th, 2026	Credential Phishing Evasion Macros Exif analysis File analysis
Attachment: Fake lawyer & sports agent identities	Sublime Security	2mo ago Jan 26th, 2026	BEC/Fraud Impersonation: VIP Social engineering Content analysis Exif analysis File analysis Optical Character Recognition
Attachment: Fictitious invoice using LinkedIn's address	Sublime Security	6mo ago Sep 3rd, 2025	BEC/Fraud PDF Social engineering File analysis Optical Character Recognition Natural Language Understanding Content analysis Exif analysis
Attachment: Invoice and W-9 PDFs with suspicious creators	Sublime Security	2mo ago Jan 21st, 2026	BEC/Fraud PDF Social engineering Impersonation: Brand File analysis Optical Character Recognition Exif analysis Content analysis
Attachment: Legal themed message or PDF with suspicious indicators	Sublime Security	1mo ago Feb 5th, 2026	Credential Phishing Extortion BEC/Fraud Evasion PDF Social engineering Content analysis File analysis Natural Language Understanding Optical Character Recognition URL analysis Whois Header analysis Exif analysis
Attachment: LNK with embedded content	@ajpc500	2mo ago Jan 12th, 2026	Malware/Ransomware Exploit LNK Scripting Content analysis Exif analysis File analysis
Attachment: Office document with VSTO add-in	@vector_sec	2mo ago Jan 12th, 2026	Malware/Ransomware Scripting Archive analysis Content analysis Exif analysis File analysis Sender analysis URL analysis
Attachment: Password-protected PDF with fake document indicators	Sublime Security	2mo ago Jan 21st, 2026	Malware/Ransomware Credential Phishing Encryption Evasion PDF File analysis YARA Exif analysis
Attachment: PDF bid/proposal lure with credential theft indicators	Sublime Security	3d ago Mar 27th, 2026	BEC/Fraud Credential Phishing PDF Social engineering Free file host Free subdomain host File analysis Content analysis Optical Character Recognition Natural Language Understanding URL analysis Exif analysis
Attachment: PDF file with link to fake Bitcoin exchange	Sublime Security	2mo ago Jan 12th, 2026	BEC/Fraud Free email provider Impersonation: Brand PDF Social engineering Exif analysis File analysis Sender analysis URL analysis
Attachment: PDF generated with wkhtmltopdf tool and default title	Sublime Security	3mo ago Dec 19th, 2025	BEC/Fraud Callback Phishing Credential Phishing Malware/Ransomware PDF Evasion File analysis Exif analysis
Attachment: PDF with a suspicious string and single URL	Sublime Security	13d ago Mar 17th, 2026	Credential Phishing PDF Social engineering Evasion Content analysis File analysis URL analysis Exif analysis
Attachment: PDF with ReportLab library and default metadata	Sublime Security	1mo ago Feb 27th, 2026	Credential Phishing PDF Evasion File analysis Exif analysis
Attachment: PDF with suspicious HeadlessChrome metadata	Sublime Security	2mo ago Jan 8th, 2026	Credential Phishing Malware/Ransomware Evasion PDF File analysis Exif analysis
Attachment: PowerPoint with suspicious hyperlink	Sublime Security	2mo ago Jan 12th, 2026	Malware/Ransomware Evasion Scripting Exif analysis File analysis
Attachment: Suspicious PDF created with headless browser	Sublime Security	6mo ago Sep 17th, 2025	Credential Phishing Evasion PDF Content analysis Exif analysis File analysis Optical Character Recognition
Attachment: XLSX file with suspicious print titles metadata	Sublime Security	6mo ago Sep 16th, 2025	Credential Phishing Evasion Macros File analysis Exif analysis
Callback phishing: AOL senders with suspicious HTML template or PDF attachment	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Free email provider Social engineering Content analysis Header analysis File analysis HTML analysis Exif analysis Sender analysis
Callback phishing: Social Security Administration fraud	Sublime Security	2mo ago Jan 12th, 2026	Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis
Spam: Item giveaway spam template	Sublime Security	7mo ago Aug 5th, 2025	Spam Image as content Content analysis HTML analysis Sender analysis Exif analysis

24 Rules