Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Jun 8th, 2026

Feed Source

GitHub

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
Link: QuickBooks image lure with suspicious link	Sublime Security	10mo ago Jul 23rd, 2025	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Optical Character Recognition URL analysis
Link: ScreenConnect installer with suspicious relay domain	Sublime Security	4mo ago Jan 12th, 2026	Malware/Ransomware Evasion Out of band pivot Social engineering URL analysis File analysis Content analysis
Link to auto-downloaded disk image in encrypted zip	@ajpc500	4mo ago Jan 12th, 2026	Malware/Ransomware Encryption Evasion Social engineering Archive analysis File analysis Sender analysis URL analysis YARA
Link to auto-downloaded DMG in archive	Sublime Security	10mo ago Jul 16th, 2025	Malware/Ransomware Evasion Archive analysis File analysis Sender analysis URL analysis
Link to auto-downloaded DMG in encrypted zip	Sublime Security	10mo ago Jul 16th, 2025	Malware/Ransomware Encryption Evasion Social engineering Archive analysis File analysis Sender analysis URL analysis YARA
Link to auto-downloaded file with Adobe branding	Sublime Security	10mo ago Jul 16th, 2025	Malware/Ransomware Impersonation: Brand Social engineering File analysis Optical Character Recognition Sender analysis URL analysis URL screenshot
Link to auto-downloaded file with Google Drive branding	Sublime Security	4mo ago Jan 12th, 2026	Malware/Ransomware Impersonation: Brand Social engineering Content analysis File analysis Optical Character Recognition URL analysis URL screenshot
Link to auto-download of a suspicious file type (unsolicited)	Sublime Security	4mo ago Jan 12th, 2026	Malware/Ransomware Encryption Evasion LNK Social engineering Archive analysis File analysis Sender analysis URL analysis YARA
Low reputation link to auto-downloaded HTML file with smuggling indicators	Sublime Security	4mo ago Jan 12th, 2026	Credential Phishing Evasion Free file host Free subdomain host HTML smuggling Impersonation: Brand Open redirect Social engineering Content analysis File analysis HTML analysis Javascript analysis Sender analysis URL analysis
macOS malware: Compiled AppleScript with document double-extension	Sublime Security	4mo ago Feb 5th, 2026	Malware/Ransomware Evasion Social engineering File analysis Header analysis
MalwareBazaar: Malicious attachment hash in archive (trusted reporters)	Sublime Security	1mo ago Apr 29th, 2026	Malware/Ransomware Evasion Archive analysis File analysis Sender analysis Threat intelligence
MalwareBazaar: Malicious attachment hash (trusted reporters)	Sublime Security	2mo ago Mar 26th, 2026	Malware/Ransomware File analysis Sender analysis Threat intelligence
Malware: Pikabot delivery via URL auto-download	Sublime Security	2y ago Apr 25th, 2024	Malware/Ransomware Evasion Archive analysis File analysis Threat intelligence URL analysis
Non-RFC compliant calendar files from unsolicited sender	Sublime Security	1mo ago Apr 28th, 2026	Evasion ICS Phishing Social engineering Archive analysis Content analysis File analysis Sender analysis
Open Redirect: Google domain with /url path and suspicious indicators	Sublime Security	4d ago Jun 5th, 2026	Credential Phishing Evasion Open redirect Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis
Open redirect: Hakumonkai.org	Sublime Security	8d ago Jun 1st, 2026	Credential Phishing Open redirect URL analysis File analysis
Open redirect: typedrawers.com	Sublime Security	1y ago May 23rd, 2025	Credential Phishing Evasion Open redirect QR code Social engineering Content analysis File analysis QR code analysis Sender analysis
PDF attachment with Google (AE) redirecting to a php or zip file	Sublime Security	4mo ago Jan 12th, 2026	Malware/Ransomware Open redirect PDF Content analysis File analysis URL analysis
QR code to auto-download of a suspicious file type (unsolicited)	Sublime Security	7mo ago Oct 17th, 2025	Malware/Ransomware Evasion LNK Social engineering Archive analysis File analysis Sender analysis URL analysis QR code analysis
Request for Quote or Purchase (RFQ\|RFP) with HTML smuggling attachment	Sublime Security	4mo ago Jan 12th, 2026	Credential Phishing Evasion Content analysis File analysis HTML analysis Javascript analysis Natural Language Understanding URL analysis
Service abuse: Citrix ShareFile impersonation via Outlook plugin	Sublime Security	4d ago Jun 5th, 2026	BEC/Fraud Credential Phishing Free file host Social engineering File analysis Content analysis
Service abuse: Monday.com infrastructure with phishing intent	Sublime Security	3mo ago Mar 9th, 2026	Credential Phishing Evasion Social engineering QR code Content analysis File analysis Header analysis QR code analysis Sender analysis URL analysis
Spam: Unsolicited malformed PDF	Sublime Security	10mo ago Jul 16th, 2025	Spam Evasion Free email provider PDF Content analysis File analysis Sender analysis
Stripe invoice abuse	Sublime Security	4mo ago Jan 12th, 2026	BEC/Fraud Callback Phishing PDF File analysis Header analysis
Suspicious attachment: Duplicate decoy PDF files	Sublime Security	10mo ago Aug 5th, 2025	Credential Phishing Evasion PDF File analysis Optical Character Recognition
Suspicious attachment with unscannable Cloudflare link	Sublime Security	4mo ago Jan 12th, 2026	Credential Phishing Evasion PDF Social engineering Impersonation: Employee Impersonation: VIP File analysis URL analysis Sender analysis Content analysis Header analysis Natural Language Understanding
Suspicious invoice reference with missing or image-only attachments	Sublime Security	4mo ago Jan 12th, 2026	Credential Phishing Social engineering Content analysis Computer Vision File analysis Natural Language Understanding Sender analysis
Suspicious VBA macros from untrusted sender	Sublime Security	4mo ago Jan 12th, 2026	Malware/Ransomware Macros File analysis Macro analysis Sender analysis
URI protocol handler: search-ms	Sublime Security	4mo ago Jan 12th, 2026	Malware/Ransomware Evasion File analysis HTML analysis
URLhaus: Malicious domain in message body or pdf attachment (trusted reporters)	Sublime Security	4mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware PDF File analysis Threat intelligence URL analysis
X (Twitter) impersonation with credential phishing motives	Sublime Security	25d ago May 15th, 2026	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Header analysis Optical Character Recognition Natural Language Understanding Sender analysis

281 Rules

Page 6 of 6