• Sublime Core Feed

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Mar 27th, 2026
Feed Source
GitHub
Detection Method is
Rule Name & Severity
Author
Last Updated
Labels
Attachment: EML file contains HTML attachment with login portal indicators
Sublime Security
2mo ago
Jan 12th, 2026
Credential Phishing
Evasion
HTML smuggling
Content analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Sender analysis
Attachment: EML with embedded Javascript in SVG file
Sublime Security
7mo ago
Aug 8th, 2025
Credential Phishing
Malware/Ransomware
Scripting
Evasion
File analysis
Javascript analysis
Sender analysis
Attachment: File execution via Javascript
Sublime Security
2mo ago
Jan 12th, 2026
Malware/Ransomware
Evasion
Scripting
Archive analysis
File analysis
Javascript analysis
Sender analysis
Attachment: HTML attachment with Javascript location
@vector_sec
7mo ago
Aug 5th, 2025
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
Javascript analysis
HTML analysis
Attachment: HTML attachment with login portal indicators
@ajpc500
2mo ago
Jan 12th, 2026
Credential Phishing
HTML smuggling
Scripting
Archive analysis
File analysis
HTML analysis
Javascript analysis
Sender analysis
Attachment: HTML file with reference to recipient and suspicious patterns
Sublime Security
2mo ago
Jan 12th, 2026
Credential Phishing
HTML smuggling
Scripting
Content analysis
File analysis
HTML analysis
Javascript analysis
YARA
Attachment: HTML smuggling Microsoft sign in
Sublime Security
2mo ago
Jan 12th, 2026
Credential Phishing
Free subdomain host
HTML smuggling
Impersonation: Brand
Social engineering
Archive analysis
Content analysis
File analysis
Header analysis
Javascript analysis
Sender analysis
URL analysis
Attachment: HTML smuggling with atob and high entropy
Sublime Security
2mo ago
Jan 12th, 2026
Credential Phishing
Malware/Ransomware
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
Javascript analysis
Sender analysis
URL analysis
Attachment: HTML smuggling with atob and high entropy via calendar invite
Sublime Security
2mo ago
Jan 12th, 2026
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
Scripting
File analysis
HTML analysis
Javascript analysis
Sender analysis
Attachment: HTML smuggling with auto-downloaded file
Sublime Security
2mo ago
Jan 12th, 2026
Credential Phishing
Malware/Ransomware
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
Javascript analysis
Sender analysis
URL analysis
Attachment: HTML smuggling with base64 encoded JavaScript function
Sublime Security
2mo ago
Jan 12th, 2026
Credential Phishing
Malware/Ransomware
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
Javascript analysis
Attachment: HTML smuggling with base64 encoded ZIP file
Sublime Security
4mo ago
Nov 20th, 2025
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
Javascript analysis
Attachment: HTML smuggling with eval and atob
Sublime Security
2mo ago
Jan 12th, 2026
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
Javascript analysis
Attachment: HTML smuggling with eval and atob via calendar invite
Sublime Security
2mo ago
Jan 12th, 2026
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
Scripting
File analysis
HTML analysis
Javascript analysis
Attachment: HTML smuggling with excessive line break obfuscation
Sublime Security
2mo ago
Jan 12th, 2026
Credential Phishing
Malware/Ransomware
Encryption
Evasion
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
Javascript analysis
Attachment: HTML smuggling with excessive string concatenation and suspicious patterns
Sublime Security
2y ago
Aug 27th, 2024
Credential Phishing
Evasion
HTML smuggling
Scripting
Social engineering
File analysis
HTML analysis
Javascript analysis
Attachment: HTML smuggling with fromCharCode and other signals
Sublime Security
3y ago
Aug 21st, 2023
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
Javascript analysis
HTML analysis
Attachment: HTML smuggling with hex strings
@ajpc500
3y ago
Aug 21st, 2023
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
Archive analysis
Content analysis
File analysis
HTML analysis
Javascript analysis
Attachment: HTML smuggling with raw array buffer
Sublime Security
3y ago
Aug 21st, 2023
Credential Phishing
Malware/Ransomware
Evasion
Free subdomain host
HTML smuggling
Archive analysis
Content analysis
File analysis
Javascript analysis
Attachment: HTML smuggling with RC4 decryption
Sublime Security
2mo ago
Jan 12th, 2026
Credential Phishing
Malware/Ransomware
Encryption
Evasion
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
Javascript analysis
Attachment: HTML smuggling with ROT13
@Kyle_Parrish_
2mo ago
Jan 12th, 2026
Credential Phishing
Malware/Ransomware
Encryption
Evasion
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
Javascript analysis
HTML analysis
Attachment: HTML smuggling with setTimeout
Sublime Security
2mo ago
Jan 12th, 2026
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
Javascript analysis
Attachment: HTML smuggling with unescape
Sublime Security
2mo ago
Jan 12th, 2026
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
Scripting
Archive analysis
File analysis
HTML analysis
Javascript analysis
Attachment: HTML with emoji-to-character map
Sublime Security
7mo ago
Aug 5th, 2025
Credential Phishing
Evasion
HTML smuggling
Impersonation: Brand
Scripting
Social engineering
File analysis
HTML analysis
Javascript analysis
Sender analysis
Attachment: HTML with JavaScript functions for HTTP requests
Sublime Security
7mo ago
Aug 5th, 2025
Credential Phishing
Evasion
Scripting
Content analysis
HTML analysis
Javascript analysis
File analysis
Attachment: HTML with obfuscation and recipient's email in JavaScript strings
Sublime Security
6mo ago
Sep 25th, 2025
Credential Phishing
HTML smuggling
Scripting
Archive analysis
File analysis
HTML analysis
Javascript analysis
Attachment: ICS with embedded Javascript in SVG file
Sublime Security
1mo ago
Jan 29th, 2026
Credential Phishing
Malware/Ransomware
Scripting
Evasion
File analysis
Javascript analysis
Sender analysis
Link: chatbot.page platform abuse
Sublime Security
7mo ago
Aug 5th, 2025
Credential Phishing
Social engineering
Out of band pivot
URL analysis
Natural Language Understanding
Content analysis
HTML analysis
Javascript analysis
URL screenshot
Link: Cryptocurrency fraud with suspicious links
Sublime Security
3mo ago
Dec 1st, 2025
BEC/Fraud
Social engineering
Evasion
Free subdomain host
Scripting
Content analysis
Header analysis
Javascript analysis
Natural Language Understanding
Sender analysis
URL analysis
URL screenshot
Whois
Link: JavaScript obfuscation with Telegram bot integration
Sublime Security
1mo ago
Feb 25th, 2026
Credential Phishing
Evasion
Scripting
Content analysis
Javascript analysis
URL analysis
Link: Multistage landing - JotForm abuse
Sublime Security
3mo ago
Dec 1st, 2025
Credential Phishing
Evasion
Social engineering
Content analysis
HTML analysis
Javascript analysis
URL analysis
Low reputation link to auto-downloaded HTML file with smuggling indicators
Sublime Security
2mo ago
Jan 12th, 2026
Credential Phishing
Evasion
Free file host
Free subdomain host
HTML smuggling
Impersonation: Brand
Open redirect
Social engineering
Content analysis
File analysis
HTML analysis
Javascript analysis
Sender analysis
URL analysis
Request for Quote or Purchase (RFQ|RFP) with HTML smuggling attachment
Sublime Security
2mo ago
Jan 12th, 2026
Credential Phishing
Evasion
Content analysis
File analysis
HTML analysis
Javascript analysis
Natural Language Understanding
URL analysis
33 Rules