Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Jun 8th, 2026

Feed Source

GitHub

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
Attachment: WinRAR CVE-2025-8088 exploitation	Sublime Security	4mo ago Jan 12th, 2026	Malware/Ransomware Exploit Evasion Archive analysis File analysis YARA
Attachment with auto-executing macro (unsolicited)	Sublime Security	4d ago Jun 5th, 2026	Malware/Ransomware Macros Archive analysis Header analysis File analysis Macro analysis OLE analysis Sender analysis
Attachment with auto-opening VBA macro (unsolicited)	Sublime Security	4mo ago Jan 12th, 2026	Malware/Ransomware Macros Archive analysis File analysis Macro analysis Sender analysis
Attachment with encrypted zip (unsolicited)	Sublime Security	10mo ago Jul 16th, 2025	Malware/Ransomware Evasion Encryption Archive analysis File analysis Sender analysis
Attachment with high risk VBA macro (unsolicited)	Sublime Security	4mo ago Jan 12th, 2026	Malware/Ransomware Macros File analysis Macro analysis OLE analysis Sender analysis
Attachment with macro calling executable	Sublime Security	4mo ago Jan 12th, 2026	Malware/Ransomware Evasion Macros Archive analysis File analysis
Attachment with suspicious author (unsolicited)	Sublime Security	10mo ago Jul 16th, 2025	Malware/Ransomware File analysis Sender analysis
Attachment with unscannable encrypted zip	Sublime Security	1mo ago Apr 30th, 2026	Malware/Ransomware Encryption Evasion Archive analysis File analysis YARA
Attachment with VBA macros from employee impersonation (unsolicited)	Sublime Security	4mo ago Jan 12th, 2026	Malware/Ransomware Impersonation: Employee Macros Social engineering Archive analysis File analysis Macro analysis Sender analysis
Attachment: XLSX file with suspicious print titles metadata	Sublime Security	8mo ago Sep 16th, 2025	Credential Phishing Evasion Macros File analysis Exif analysis
Attachment: ZIP file with CVE-2026-0866 exploit	Sublime Security	2mo ago Mar 20th, 2026	Malware/Ransomware Exploit Evasion Archive analysis File analysis YARA
BEC/Fraud: Job scam fake thread or plaintext pivot to freemail	Sublime Security	4d ago Jun 5th, 2026	BEC/Fraud Free email provider Out of band pivot Content analysis File analysis Natural Language Understanding
Brand impersonation: Adobe Acrobat Sign PDF phishing file format template	Sublime Security	8d ago Jun 1st, 2026	Credential Phishing Impersonation: Brand PDF Computer Vision Optical Character Recognition File analysis
Brand impersonation: Amazon with suspicious attachment	Sublime Security	1mo ago Apr 14th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis
Brand impersonation: Chase bank with credential phishing indicators	Sublime Security	4mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Natural Language Understanding Sender analysis URL analysis
Brand impersonation: Coinbase with suspicious links	Sublime Security	8mo ago Sep 22nd, 2025	Credential Phishing Evasion Free subdomain host Image as content Impersonation: Brand Computer Vision Content analysis File analysis URL analysis
Brand impersonation: DocuSign PDF attachment with suspicious link	Sublime Security	7mo ago Oct 22nd, 2025	Credential Phishing Impersonation: Brand PDF Social engineering File analysis Natural Language Understanding Optical Character Recognition URL analysis
Brand impersonation: Dropbox	Sublime Security	3mo ago Feb 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis File analysis Header analysis Sender analysis
Brand impersonation: Google fake sign-in warning	Sublime Security	4mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Optical Character Recognition Sender analysis URL analysis
Brand impersonation: Microsoft fake sign-in alert	Sublime Security	4mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Header analysis Sender analysis Whois
Brand impersonation: Microsoft quarantine release notification in body	Sublime Security	10mo ago Jul 16th, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Sender analysis
Brand impersonation: Microsoft quarantine release notification in image attachment	Sublime Security	10mo ago Jul 16th, 2025	Credential Phishing Free file host Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis
Brand impersonation: Microsoft Teams	Sublime Security	2y ago Dec 3rd, 2024	Credential Phishing Impersonation: Brand Social engineering Content analysis File analysis Optical Character Recognition Sender analysis
Brand impersonation: Microsoft with low reputation links	Sublime Security	4d ago Jun 5th, 2026	Credential Phishing Free file host Image as content Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis
Brand impersonation: Norton	Sublime Security	4mo ago Jan 12th, 2026	Credential Phishing Free email provider Impersonation: Brand Social engineering Content analysis File analysis Header analysis Sender analysis
Brand Impersonation: PayPal	Sublime Security	8d ago Jun 1st, 2026	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Content analysis File analysis Header analysis Sender analysis
Brand impersonation: Proofpoint secure messaging without legitimate indicators	Sublime Security	6mo ago Nov 17th, 2025	Credential Phishing Impersonation: Brand Social engineering Content analysis File analysis Header analysis URL analysis
Brand impersonation: Sharepoint	Sublime Security	8d ago Jun 1st, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Natural Language Understanding Sender analysis
Brand impersonation: SharePoint PDF attachment with credential theft language	Sublime Security	1mo ago May 4th, 2026	Credential Phishing Impersonation: Brand Social engineering PDF Evasion Computer Vision File analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis Header analysis Whois
Business Email Compromise (BEC) attempt from unsolicited sender	Sublime Security	10mo ago Jul 16th, 2025	BEC/Fraud Social engineering Spoofing Content analysis File analysis Header analysis Sender analysis
Callback phishing: AOL senders with suspicious HTML template or PDF attachment	Sublime Security	1mo ago May 4th, 2026	Callback Phishing Free email provider Social engineering Content analysis Header analysis File analysis HTML analysis Exif analysis Sender analysis
Callback phishing in body or attachment (untrusted sender)	Sublime Security	2mo ago Mar 27th, 2026	Callback Phishing Out of band pivot Social engineering Content analysis File analysis Optical Character Recognition Natural Language Understanding Sender analysis
Callback phishing: Social Security Administration fraud	Sublime Security	4mo ago Jan 12th, 2026	Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis
Callback phishing solicitation in message body	Sublime Security	7mo ago Oct 17th, 2025	Callback Phishing Free email provider Impersonation: Brand Out of band pivot Social engineering File analysis Sender analysis
Callback phishing via calendar invite	Sublime Security	28d ago May 12th, 2026	Callback Phishing Social engineering Evasion ICS Phishing File analysis Header analysis Natural Language Understanding Sender analysis
Callback phishing via extensionless rfc822 attachment	Sublime Security	4mo ago Jan 12th, 2026	Callback Phishing Impersonation: Brand Social engineering File analysis Natural Language Understanding Optical Character Recognition Sender analysis
Callback phishing via Google Group abuse	Sublime Security	1mo ago May 4th, 2026	Callback Phishing Free email provider Impersonation: Brand Social engineering File analysis Natural Language Understanding Optical Character Recognition Sender analysis
Commonly abused sender TLD with engaging language	Sublime Security	10mo ago Aug 7th, 2025	Credential Phishing Social engineering File analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis
Credential phishing: Image as content, short or no body contents	Sublime Security	4mo ago Jan 12th, 2026	Credential Phishing Evasion Image as content Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition
Encrypted Microsoft Office files from untrusted sender	Sublime Security	10mo ago Aug 5th, 2025	BEC/Fraud Callback Phishing Credential Phishing Extortion Malware/Ransomware Spam Encryption Evasion File analysis YARA Sender analysis
Extortion / sextortion in attachment from untrusted sender	Sublime Security	10mo ago Aug 5th, 2025	Extortion Social engineering Spoofing Computer Vision Content analysis File analysis Natural Language Understanding Optical Character Recognition Sender analysis
Extortion / Sextortion - PDF attachment leveraging breach data from freemail sender	Sublime Security	1y ago Feb 3rd, 2025	BEC/Fraud Free email provider PDF Social engineering QR code Content analysis File analysis QR code analysis
Free subdomain link with login or captcha (untrusted sender)	Sublime Security	4mo ago Jan 12th, 2026	Credential Phishing Free subdomain host Social engineering Computer Vision File analysis Sender analysis URL screenshot
HTML smuggling containing recipient email address	Sublime Security	7mo ago Nov 4th, 2025	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis File analysis Sender analysis
Impersonation: Fake Gmail attachment	Sublime Security	4mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand Content analysis File analysis Sender analysis
Impersonation: Recipient organization in sender display name with credential theft image	Sublime Security	3mo ago Feb 17th, 2026	Credential Phishing Image as content Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Natural Language Understanding Optical Character Recognition Sender analysis
Link: Direct POWR.io Form Builder with suspicious patterns	Sublime Security	10mo ago Aug 5th, 2025	Credential Phishing Callback Phishing Social engineering File analysis URL analysis Content analysis
Link: Microsoft Dynamics 365 form phishing	Sublime Security	4mo ago Jan 27th, 2026	Credential Phishing Evasion Content analysis File analysis Optical Character Recognition Natural Language Understanding URL analysis URL screenshot
Link: Microsoft protected message with matching sender and recipient addresses	Sublime Security	4mo ago Jan 12th, 2026	Credential Phishing Evasion Social engineering Content analysis File analysis Header analysis Sender analysis URL analysis
Link: QR code in EML attachment with credential phishing indicators	Sublime Security	6mo ago Dec 2nd, 2025	Credential Phishing Evasion Open redirect QR code Computer Vision Content analysis File analysis QR code analysis

281 Rules

Page 5 of 6