Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Apr 24th, 2026

Feed Source

GitHub

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
Attachment: Any HTML file (unsolicited)	Sublime Security	5mo ago Nov 3rd, 2025	HTML smuggling File analysis HTML analysis Sender analysis
Attachment: Any HTML file (untrusted sender)	Sublime Security	5mo ago Nov 3rd, 2025	HTML smuggling HTML analysis Sender analysis
Attachment: Archive containing HTML file with file scheme link	Sublime Security	1mo ago Mar 17th, 2026	Credential Phishing Evasion Exploit HTML smuggling Social engineering Archive analysis File analysis HTML analysis
Attachment: Double base64-encoded zip file in HTML smuggling attachment	@ajpc500	8mo ago Aug 5th, 2025	Malware/Ransomware Credential Phishing Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Sender analysis
Attachment: Embedded VBScript in MHT file (unsolicited)	Sublime Security	3mo ago Jan 12th, 2026	Malware/Ransomware Evasion Scripting Archive analysis File analysis HTML analysis Sender analysis
Attachment: EML containing a base64 encoded script	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Evasion HTML smuggling Scripting Social engineering File analysis HTML analysis Sender analysis
Attachment: EML file contains HTML attachment with login portal indicators	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Evasion HTML smuggling Content analysis File analysis Header analysis HTML analysis Javascript analysis Sender analysis
Attachment: EML file with HTML attachment (unsolicited)	Sublime Security	8mo ago Aug 20th, 2025	Credential Phishing Malware/Ransomware Evasion HTML smuggling Content analysis File analysis Header analysis HTML analysis Sender analysis
Attachment: EML with link to credential phishing page	Sublime Security	9mo ago Jul 16th, 2025	Credential Phishing Evasion Free file host Free subdomain host Social engineering Computer Vision Content analysis File analysis Header analysis HTML analysis Natural Language Understanding Optical Character Recognition URL analysis URL screenshot
Attachment: Fake Slack installer	Sublime Security	3y ago Nov 29th, 2023	Malware/Ransomware Evasion HTML smuggling Impersonation: Brand Scripting Social engineering Archive analysis Computer Vision File analysis HTML analysis Natural Language Understanding URL analysis
Attachment: Fake Zoom installer	Sublime Security	3y ago Nov 29th, 2023	Malware/Ransomware Evasion HTML smuggling Impersonation: Brand Scripting Social engineering Archive analysis Computer Vision File analysis HTML analysis Natural Language Understanding URL analysis
Attachment: HTML attachment with Javascript location	@vector_sec	8mo ago Aug 5th, 2025	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis Javascript analysis HTML analysis
Attachment: HTML attachment with login portal indicators	@ajpc500	3mo ago Jan 12th, 2026	Credential Phishing HTML smuggling Scripting Archive analysis File analysis HTML analysis Javascript analysis Sender analysis
Attachment: HTML file with excessive 'const' declarations and abnormally long timeouts	Sublime Security	5mo ago Nov 3rd, 2025	Malware/Ransomware Credential Phishing HTML smuggling Scripting Evasion HTML analysis File analysis Content analysis
Attachment: HTML file with excessive padding and suspicious patterns	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Evasion HTML smuggling File analysis HTML analysis YARA
Attachment: HTML file with reference to recipient and suspicious patterns	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing HTML smuggling Scripting Content analysis File analysis HTML analysis Javascript analysis YARA
Attachment: HTML smuggling 'body onload' linking to suspicious destination	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis URL analysis
Attachment: HTML smuggling 'body onload' with high entropy and suspicious text	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis
Attachment: HTML smuggling with atob and high entropy	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis Sender analysis URL analysis
Attachment: HTML smuggling with atob and high entropy via calendar invite	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting File analysis HTML analysis Javascript analysis Sender analysis
Attachment: HTML smuggling with auto-downloaded file	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis Sender analysis URL analysis
Attachment: HTML smuggling with base64 encoded JavaScript function	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis
Attachment: HTML smuggling with base64 encoded ZIP file	Sublime Security	5mo ago Nov 20th, 2025	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis
Attachment: HTML smuggling with concatenation obfuscation	@vector_sec	3mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis
Attachment: HTML smuggling with decimal encoding	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis
Attachment: HTML smuggling with embedded base64-encoded executable	Sublime Security	2y ago Mar 25th, 2024	Malware/Ransomware Evasion HTML smuggling Archive analysis File analysis HTML analysis YARA
Attachment: HTML smuggling with embedded base64-encoded ISO	Sublime Security	3y ago Aug 21st, 2023	Credential Phishing Malware/Ransomware Evasion HTML smuggling ISO Archive analysis Content analysis File analysis HTML analysis Sender analysis
Attachment: HTML smuggling with embedded base64 streamed file download	Sublime Security	3y ago Aug 21st, 2023	Malware/Ransomware HTML smuggling Scripting Social engineering Archive analysis Content analysis File analysis HTML analysis
Attachment: HTML smuggling with eval and atob	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis
Attachment: HTML smuggling with eval and atob via calendar invite	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting File analysis HTML analysis Javascript analysis
Attachment: HTML smuggling with excessive line break obfuscation	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Encryption Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis
Attachment: HTML smuggling with excessive string concatenation and suspicious patterns	Sublime Security	2y ago Aug 27th, 2024	Credential Phishing Evasion HTML smuggling Scripting Social engineering File analysis HTML analysis Javascript analysis
Attachment: HTML smuggling with fromCharCode and other signals	Sublime Security	3y ago Aug 21st, 2023	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis Javascript analysis HTML analysis
Attachment: HTML smuggling with hex strings	@ajpc500	3y ago Aug 21st, 2023	Credential Phishing Malware/Ransomware Evasion HTML smuggling Archive analysis Content analysis File analysis HTML analysis Javascript analysis
Attachment: HTML smuggling with high entropy and other signals	Sublime Security	3y ago Aug 21st, 2023	Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis
Attachment: HTML smuggling with RC4 decryption	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Encryption Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis
Attachment: HTML smuggling with ROT13	@Kyle_Parrish_	3mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Encryption Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis Javascript analysis HTML analysis
Attachment: HTML smuggling with setTimeout	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis
Attachment: HTML smuggling with unescape	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis File analysis HTML analysis Javascript analysis
Attachment: HTML with emoji-to-character map	Sublime Security	8mo ago Aug 5th, 2025	Credential Phishing Evasion HTML smuggling Impersonation: Brand Scripting Social engineering File analysis HTML analysis Javascript analysis Sender analysis
Attachment: HTML with hidden body	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Evasion Scripting Content analysis HTML analysis File analysis
Attachment: HTML with JavaScript functions for HTTP requests	Sublime Security	8mo ago Aug 5th, 2025	Credential Phishing Evasion Scripting Content analysis HTML analysis Javascript analysis File analysis
Attachment: HTML with obfuscation and recipient's email in JavaScript strings	Sublime Security	7mo ago Sep 25th, 2025	Credential Phishing HTML smuggling Scripting Archive analysis File analysis HTML analysis Javascript analysis
Attachment: Office file contains OLE relationship to credential phishing page	Sublime Security	3mo ago Jan 12th, 2026	Credential Phishing Evasion Social engineering File analysis HTML analysis Natural Language Understanding OLE analysis URL analysis
Attachment: Web files with suspicious comments	Sublime Security	8mo ago Aug 8th, 2025	Credential Phishing Malware/Ransomware HTML smuggling Evasion File analysis HTML analysis Content analysis
Body HTML: Comment with 24-character hex token	Sublime Security	1mo ago Mar 17th, 2026	Spam Evasion Content analysis HTML analysis
Body HTML: Recipient SLD in HTML class	Sublime Security	7mo ago Sep 23rd, 2025	Credential Phishing Evasion Social engineering HTML analysis Header analysis Sender analysis
Brand impersonation: Adobe Sign with suspicious indicators	Sublime Security	3mo ago Jan 8th, 2026	Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis HTML analysis Sender analysis
Brand impersonation: Aramco	Sublime Security	2mo ago Jan 28th, 2026	BEC/Fraud Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis HTML analysis Natural Language Understanding Sender analysis
Brand impersonation: Binance	Sublime Security	7mo ago Sep 3rd, 2025	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Content analysis Header analysis HTML analysis Natural Language Understanding Sender analysis

109 Rules

Page 1 of 3