Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Apr 24th, 2026

Feed Source

GitHub

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
Open redirect: typedrawers.com	Sublime Security	11mo ago May 23rd, 2025	Credential Phishing Evasion Open redirect QR code Social engineering Content analysis File analysis QR code analysis Sender analysis
PDF attachment with Google (AE) redirecting to a php or zip file	Sublime Security	3mo ago Jan 12th, 2026	Malware/Ransomware Open redirect PDF Content analysis File analysis URL analysis
QR code to auto-download of a suspicious file type (unsolicited)	Sublime Security	6mo ago Oct 17th, 2025	Malware/Ransomware Evasion LNK Social engineering Archive analysis File analysis Sender analysis URL analysis QR code analysis
Request for Quote or Purchase (RFQ\|RFP) with HTML smuggling attachment	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Evasion Content analysis File analysis HTML analysis Javascript analysis Natural Language Understanding URL analysis
Service abuse: Monday.com infrastructure with phishing intent	Sublime Security	1mo ago Mar 9th, 2026	Credential Phishing Evasion Social engineering QR code Content analysis File analysis Header analysis QR code analysis Sender analysis URL analysis
Spam: Unsolicited malformed PDF	Sublime Security	9mo ago Jul 16th, 2025	Spam Evasion Free email provider PDF Content analysis File analysis Sender analysis
Stripe invoice abuse	Sublime Security	3mo ago Jan 12th, 2026	BEC/Fraud Callback Phishing PDF File analysis Header analysis
Suspicious attachment: Duplicate decoy PDF files	Sublime Security	8mo ago Aug 5th, 2025	Credential Phishing Evasion PDF File analysis Optical Character Recognition
Suspicious attachment with unscannable Cloudflare link	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Evasion PDF Social engineering Impersonation: Employee Impersonation: VIP File analysis URL analysis Sender analysis Content analysis Header analysis Natural Language Understanding
Suspicious invoice reference with missing or image-only attachments	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Social engineering Content analysis Computer Vision File analysis Natural Language Understanding Sender analysis
Suspicious VBA macros from untrusted sender	Sublime Security	3mo ago Jan 12th, 2026	Malware/Ransomware Macros File analysis Macro analysis Sender analysis
URI protocol handler: search-ms	Sublime Security	3mo ago Jan 12th, 2026	Malware/Ransomware Evasion File analysis HTML analysis
URLhaus: Malicious domain in message body or pdf attachment (trusted reporters)	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware PDF File analysis Threat intelligence URL analysis
X (Twitter) impersonation with credential phishing motives	Sublime Security	8mo ago Aug 5th, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Header analysis Optical Character Recognition Natural Language Understanding Sender analysis

264 Rules

Page 6 of 6