Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated May 15th, 2026

Feed Source

GitHub

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
Attachment: Compensation review lure with QR code	Sublime Security	1mo ago Apr 14th, 2026	Credential Phishing PDF QR code Social engineering File analysis Optical Character Recognition QR code analysis Natural Language Understanding Sender analysis Header analysis
Attachment: Credit card application with WhatsApp contact	Sublime Security	5mo ago Nov 20th, 2025	BEC/Fraud Social engineering Out of band pivot Content analysis File analysis Natural Language Understanding QR code analysis
Attachment: EML with QR code redirecting to Cloudflare challenges	Sublime Security	1mo ago Apr 1st, 2026	Credential Phishing Malware/Ransomware Evasion QR code File analysis QR code analysis URL analysis Archive analysis
Attachment: Fake voicemail via PDF	Sublime Security	15d ago Apr 30th, 2026	Credential Phishing PDF QR code Social engineering Computer Vision Content analysis File analysis Optical Character Recognition QR code analysis URL analysis
Attachment: HTML smuggling - QR Code with suspicious links	Sublime Security	4mo ago Jan 12th, 2026	Credential Phishing QR code Computer Vision Header analysis Natural Language Understanding QR code analysis Sender analysis URL analysis URL screenshot
Attachment: ICS calendar file with QR code containing recipient email address	Sublime Security	25d ago Apr 20th, 2026	Credential Phishing QR code Social engineering Evasion File analysis QR code analysis URL analysis Content analysis
Attachment: PDF with recipient email in link	Sublime Security	2mo ago Mar 3rd, 2026	Credential Phishing PDF QR code Encryption Social engineering File analysis QR code analysis URL analysis
Attachment: PDF with split QR code	Sublime Security	30d ago Apr 15th, 2026	Credential Phishing Evasion PDF QR code File analysis YARA QR code analysis
Attachment: QR code link with base64-encoded recipient address	Sublime Security	16d ago Apr 29th, 2026	Credential Phishing QR code Image as content Social engineering Evasion PDF Macros Computer Vision File analysis Natural Language Understanding QR code analysis Sender analysis
Attachment: QR code with credential phishing indicators	Sublime Security	4mo ago Jan 12th, 2026	Credential Phishing QR code Social engineering Computer Vision Header analysis Natural Language Understanding QR code analysis Sender analysis URL analysis URL screenshot
Attachment: QR code with encoded recipient targeting and redirect indicators	Sublime Security	3mo ago Jan 30th, 2026	Credential Phishing QR code Evasion Image as content Open redirect Archive analysis File analysis QR code analysis URL analysis
Attachment: QR code with recipient targeting and special characters	Sublime Security	2mo ago Feb 21st, 2026	Credential Phishing QR code Social engineering Evasion File analysis QR code analysis URL analysis Computer Vision
Attachment: QR code with suspicious URL patterns in EML file	Sublime Security	2mo ago Feb 21st, 2026	Credential Phishing QR code Evasion Social engineering Archive analysis File analysis QR code analysis URL analysis
Attachment: QR code with userinfo portion	Sublime Security	15d ago Apr 30th, 2026	Credential Phishing Malware/Ransomware Evasion Image as content PDF QR code QR code analysis File analysis Sender analysis
Attachment: SVG files with evasion elements	Sublime Security	7d ago May 8th, 2026	Malware/Ransomware Credential Phishing QR code Image as content Evasion File analysis XML analysis QR code analysis Sender analysis
Brand impersonation: Adobe (QR code)	Sublime Security	25d ago Apr 20th, 2026	Credential Phishing Impersonation: Brand PDF QR code Computer Vision Header analysis QR code analysis Sender analysis
Brand impersonation: DocuSign (QR code)	Sublime Security	7mo ago Oct 15th, 2025	Credential Phishing Impersonation: Brand PDF QR code Social engineering Computer Vision Header analysis QR code analysis Sender analysis
Brand impersonation: DocuSign with embedded QR code	Sublime Security	11d ago May 4th, 2026	Credential Phishing Evasion Image as content Impersonation: Brand QR code Computer Vision Content analysis QR code analysis Sender analysis
Brand Impersonation: Google (QR Code)	Sublime Security	6mo ago Oct 17th, 2025	Credential Phishing Impersonation: Brand PDF QR code Computer Vision Header analysis QR code analysis Sender analysis
Brand impersonation: Microsoft (QR code)	Sublime Security	4mo ago Jan 12th, 2026	Credential Phishing Impersonation: Brand PDF QR code Social engineering Computer Vision Header analysis QR code analysis Sender analysis
ClickFunnels link infrastructure abuse	Sublime Security	3mo ago Feb 5th, 2026	Credential Phishing Free email provider Free subdomain host Social engineering Content analysis Header analysis QR code analysis Sender analysis URL analysis
Compensation review with QR code in attached EML	Sublime Security	5mo ago Nov 26th, 2025	Credential Phishing QR code Social engineering Computer Vision Content analysis Optical Character Recognition QR code analysis
Constant Contact link infrastructure abuse	Sublime Security	6mo ago Oct 17th, 2025	Credential Phishing Free email provider Open redirect Social engineering Content analysis Header analysis QR code analysis Sender analysis
Extortion / Sextortion - PDF attachment leveraging breach data from freemail sender	Sublime Security	1y ago Feb 3rd, 2025	BEC/Fraud Free email provider PDF Social engineering QR code Content analysis File analysis QR code analysis
Link: QR code in EML attachment with credential phishing indicators	Sublime Security	5mo ago Dec 2nd, 2025	Credential Phishing Evasion Open redirect QR code Computer Vision Content analysis File analysis QR code analysis
Link: QR code with phishing disposition in img or pdf	Sublime Security	9mo ago Jul 30th, 2025	Credential Phishing QR code Social engineering Content analysis Computer Vision QR code analysis Sender analysis URL analysis
Link: QR Code with suspicious language (untrusted sender)	Sublime Security	9mo ago Jul 30th, 2025	Credential Phishing Impersonation: Brand QR code Social engineering Content analysis Computer Vision Natural Language Understanding QR code analysis Sender analysis URL analysis
Open redirect: typedrawers.com	Sublime Security	11mo ago May 23rd, 2025	Credential Phishing Evasion Open redirect QR code Social engineering Content analysis File analysis QR code analysis Sender analysis
QR code to auto-download of a suspicious file type (unsolicited)	Sublime Security	6mo ago Oct 17th, 2025	Malware/Ransomware Evasion LNK Social engineering Archive analysis File analysis Sender analysis URL analysis QR code analysis
QR Code with suspicious indicators	Sublime Security	23d ago Apr 22nd, 2026	Credential Phishing QR code Social engineering Content analysis Header analysis Computer Vision Natural Language Understanding QR code analysis Sender analysis URL analysis
Service abuse: Monday.com infrastructure with phishing intent	Sublime Security	2mo ago Mar 9th, 2026	Credential Phishing Evasion Social engineering QR code Content analysis File analysis Header analysis QR code analysis Sender analysis URL analysis
Unicode QR code	Sublime Security	8mo ago Aug 25th, 2025	Credential Phishing Evasion Content analysis Sender analysis QR code analysis

32 Rules