Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Jan 23rd, 2026

Feed Source

GitHub

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
Open redirect: sciencebuddies.org	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-sciencebuddiesorg-019317d4
Open redirect: secondstreetapp.com	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-secondstreetappcom-6767888d
Open redirect: Shibboleth SSO Logout Return Parameter	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Open redirect Evasion HTML analysis URL analysis Sender analysis	/feeds/core/detection-rules/open-redirect-shibboleth-sso-logout-return-parameter-374b7517
Open redirect: shoppermeet.net	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-shoppermeetnet-fe105c91
Open redirect: shoppingwebapi.didatravel.com	Sublime Security	5mo ago Aug 5th, 2025	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-shoppingwebapididatravelcom-ac452abf
Open redirect: Signature Travel Network	Sublime Security	8mo ago May 23rd, 2025	Credential Phishing Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-signature-travel-network-c92e3202
Open redirect: Slack	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-slack-1b15f4a3
Open redirect: slubnaglowie.pl	Sublime Security	8mo ago May 23rd, 2025	Credential Phishing Evasion Open redirect Social engineering Content analysis Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-slubnaglowiepl-2ec356d0
Open redirect: smartadserver.com	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-smartadservercom-27e5a585
Open redirect: smore.com	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-smorecom-666cb33d
Open redirect: Snapchat	@vector_sec	3y ago Dec 20th, 2023	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-snapchat-6f363e68
Open redirect: social.bigpress.net	Sublime Security	5mo ago Aug 5th, 2025	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-socialbigpressnet-7a994083
Open redirect: ssg-financial.com	Sublime Security	5mo ago Aug 5th, 2025	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-ssg-financialcom-604a48f1
Open redirect: stats.lib.pdx.edu	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-statslibpdxedu-0fe96183
Open redirect: storematch.jp	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-storematchjp-849bfbb8
Open redirect: Ticketmaster	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-ticketmaster-a5b3901f
Open redirect: TikTok	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-tiktok-d231d135
Open redirect: tkqlhce.com	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-tkqlhcecom-44eef073
Open redirect: tuttocauzioni.it	Sublime Security	5mo ago Aug 5th, 2025	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-tuttocauzioniit-6c0b2cb9
Open redirect: typedrawers.com	Sublime Security	8mo ago May 23rd, 2025	Credential Phishing Evasion Open redirect QR code Social engineering Content analysis File analysis QR code analysis Sender analysis	/feeds/core/detection-rules/open-redirect-typedrawerscom-158d9e95
Open redirect: unitedwaynwvt.org	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-unitedwaynwvtorg-da6eb27a
Open redirect: ust.hk	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-usthk-700a19fb
Open redirect: vconfex.com	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-vconfexcom-877de339
Open redirect: VK	@vector_sec	12d ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-vk-6ebd6d42
Open redirect: weblinkconnect.com	Sublime Security	5mo ago Aug 5th, 2025	Credential Phishing Evasion Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-weblinkconnectcom-967f7a11
Open redirect: whitefox.pl	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-whitefoxpl-18b74a2a
Open redirect: Xfinity CMP Redirection to Google AMP	Sublime Security	5mo ago Aug 5th, 2025	Credential Phishing Open redirect Evasion Header analysis URL analysis Sender analysis	/feeds/core/detection-rules/open-redirect-xfinity-cmp-redirection-to-google-amp-c0805b80
Open redirect: xfinity.com	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-xfinitycom-7b9012fa
Open redirect: YouTube	@vector_sec	2y ago Apr 24th, 2024	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-youtube-fb33bffe
Open redirect: YouTube --> Google Redirection Chain	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-youtube-greater-google-redirection-chain-67823fac
PayPal invoice abuse	Sublime Security	12d ago Jan 12th, 2026	BEC/Fraud Callback Phishing Evasion Social engineering Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/paypal-invoice-abuse-0ff7a0d4
Punycode sender domain	Sublime Security	3y ago Aug 21st, 2023	Credential Phishing Malware/Ransomware Evasion Lookalike domain Punycode Social engineering Sender analysis	/feeds/core/detection-rules/punycode-sender-domain-bc3d8db5
QR code to auto-download of a suspicious file type (unsolicited)	Sublime Security	3mo ago Oct 17th, 2025	Malware/Ransomware Evasion LNK Social engineering Archive analysis File analysis Sender analysis URL analysis QR code analysis	/feeds/core/detection-rules/qr-code-to-auto-download-of-a-suspicious-file-type-unsolicited-eed87ea2
QR Code with suspicious indicators	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing QR code Social engineering Content analysis Header analysis Computer Vision Natural Language Understanding QR code analysis Sender analysis URL analysis	/feeds/core/detection-rules/qr-code-with-suspicious-indicators-04f5c34f
Reconnaissance: All recipients cc/bcc'd or undisclosed	Sublime Security	12d ago Jan 12th, 2026	Reconnaissance Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/reconnaissance-all-recipients-ccbccd-or-undisclosed-420f60d3
Reconnaissance: Email address harvesting attempt	Sublime Security	12d ago Jan 12th, 2026	BEC/Fraud Credential Phishing Spam Free email provider Social engineering Content analysis Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/reconnaissance-email-address-harvesting-attempt-bb31efbc
Reconnaissance: Large unknown recipient list	Sublime Security	2mo ago Nov 24th, 2025	Reconnaissance Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/reconnaissance-large-unknown-recipient-list-24783a28
Reconnaissance: Short generic greeting message	Sublime Security	1mo ago Dec 2nd, 2025	BEC/Fraud Callback Phishing Social engineering Free email provider Content analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/reconnaissance-short-generic-greeting-message-c67dedab
Recruitee Infrastructure Abuse	Sublime Security	6mo ago Jul 16th, 2025	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Natural Language Understanding Sender analysis URL analysis Whois	/feeds/core/detection-rules/recruitee-infrastructure-abuse-31cab83d
Russia return-path TLD (untrusted sender)	Sublime Security	12d ago Jan 12th, 2026	BEC/Fraud Credential Phishing Malware/Ransomware Header analysis Sender analysis	/feeds/core/detection-rules/russia-return-path-tld-untrusted-sender-588b3954
Scam: Piano giveaway	Sublime Security	1mo ago Dec 11th, 2025	BEC/Fraud Free email provider Content analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/scam-piano-giveaway-1a91a203
Self-sent fake PDF attachment with misleading link	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing Evasion Free subdomain host Social engineering Content analysis URL analysis Sender analysis	/feeds/core/detection-rules/self-sent-fake-pdf-attachment-with-misleading-link-8a285d2e
Sender name contains Active Directory distinguished name	Sublime Security	2y ago Nov 13th, 2024	Credential Phishing Sender analysis	/feeds/core/detection-rules/sender-name-contains-active-directory-distinguished-name-4f3c4901
Service abuse: Adobe Creative Cloud share from an unsolicited sender address	Sublime Security	3mo ago Oct 22nd, 2025	Credential Phishing Social engineering Free file host Evasion HTML analysis Sender analysis Header analysis	/feeds/core/detection-rules/service-abuse-adobe-creative-cloud-share-from-an-unsolicited-sender-address-47e42ca1
Service abuse: Adobe legitimate domain with document approval language	Sublime Security	1d ago Jan 23rd, 2026	BEC/Fraud Credential Phishing Social engineering Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/service-abuse-adobe-legitimate-domain-with-document-approval-language-237f4da4
Service abuse: Adobe Sign notification from an unsolicited reply-to address	Sublime Security	5mo ago Aug 5th, 2025	BEC/Fraud Callback Phishing Spam Social engineering Impersonation: Brand Header analysis Sender analysis	/feeds/core/detection-rules/service-abuse-adobe-sign-notification-from-an-unsolicited-reply-to-address-d00893ba
Service Abuse: Box file sharing with credential phishing intent	Sublime Security	12d ago Jan 12th, 2026	Credential Phishing BEC/Fraud Callback Phishing Evasion Social engineering Impersonation: Employee Impersonation: VIP Content analysis Natural Language Understanding Sender analysis Header analysis	/feeds/core/detection-rules/service-abuse-box-file-sharing-with-credential-phishing-intent-5bd0cb25
Service abuse: Callback phishing via Microsoft Teams invite	Sublime Security	1mo ago Dec 12th, 2025	Callback Phishing Impersonation: Brand Out of band pivot Social engineering Content analysis URL analysis Sender analysis	/feeds/core/detection-rules/service-abuse-callback-phishing-via-microsoft-teams-invite-13e35e5f
Service abuse: Cisco secure email service with financial request	Sublime Security	3mo ago Oct 1st, 2025	BEC/Fraud Impersonation: Brand Social engineering Evasion Content analysis Header analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/service-abuse-cisco-secure-email-service-with-financial-request-43a6daa8
Service abuse: DocSend share from an unsolicited reply-to address	Sublime Security	5mo ago Aug 5th, 2025	Credential Phishing Evasion Free file host Social engineering Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/service-abuse-docsend-share-from-an-unsolicited-reply-to-address-b377e64c

594 Rules

Page 10 of 12