• Sublime Core Feed

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Dec 26th, 2025
Feed Source
GitHub
Detection Method is
Rule Name & Severity
Author
Last Updated
Labels
Brand impersonation: ukr[.]net
Sublime Security
3y ago
Aug 21st, 2023
Credential Phishing
Impersonation: Brand
Social engineering
Sender analysis
Threat intelligence
/feeds/core/detection-rules/brand-impersonation-ukrnet-3cb4015f
MalwareBazaar: Malicious attachment hash in archive (trusted reporters)
Sublime Security
5mo ago
Jul 16th, 2025
Malware/Ransomware
Evasion
Archive analysis
File analysis
Sender analysis
Threat intelligence
/feeds/core/detection-rules/malwarebazaar-malicious-attachment-hash-in-archive-trusted-reporters-9d734281
MalwareBazaar: Malicious attachment hash (trusted reporters)
Sublime Security
5mo ago
Jul 16th, 2025
Malware/Ransomware
File analysis
Sender analysis
Threat intelligence
/feeds/core/detection-rules/malwarebazaar-malicious-attachment-hash-trusted-reporters-5b5c9c3e
Malware: Pikabot delivery via URL auto-download
Sublime Security
2y ago
Apr 25th, 2024
Malware/Ransomware
Evasion
Archive analysis
File analysis
Threat intelligence
URL analysis
/feeds/core/detection-rules/malware-pikabot-delivery-via-url-auto-download-f4be4572
URLhaus: Malicious domain in message body or pdf attachment (trusted reporters)
Sublime Security
3y ago
Nov 18th, 2023
Credential Phishing
Malware/Ransomware
PDF
File analysis
Threat intelligence
URL analysis
/feeds/core/detection-rules/urlhaus-malicious-domain-in-message-body-or-pdf-attachment-trusted-reporters-cfca2986
5 Rules