Sublime Core Feed | Sublime Security

Sublime Core Feed
Login to Sublime
Sublime Core FeedThis repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Apr 21st, 2026
Feed Source
GitHub
Detection Method is
Rule Name & Severity
Last Updated
Attachment: PDF Object Hash - Encrypted PDFs with fake payment notification
Sublime Security
1mo ago
Mar 2nd, 2026
Malware/Ransomware
PDF
Evasion
File analysis
Threat intelligence
Malware/Ransomware
PDF
Evasion
File analysis
Threat intelligence
Brand impersonation: ukr[.]net
Sublime Security
3y ago
Aug 21st, 2023
Credential Phishing
Impersonation: Brand
Social engineering
Sender analysis
Threat intelligence
Credential Phishing
Impersonation: Brand
Social engineering
Sender analysis
Threat intelligence
Link: 9WOLF phishkit initial landing URI
Sublime Security
2mo ago
Jan 30th, 2026
Malware/Ransomware
Evasion
URL analysis
Threat intelligence
Malware/Ransomware
Evasion
URL analysis
Threat intelligence
Link: Landing page with search-ms protocol redirect
Sublime Security
15d ago
Apr 7th, 2026
Malware/Ransomware
Evasion
Scripting
URL analysis
Threat intelligence
Malware/Ransomware
Evasion
Scripting
URL analysis
Threat intelligence
Link: URL redirecting to blob URL
Sublime Security
1mo ago
Feb 24th, 2026
Credential Phishing
Malware/Ransomware
Evasion
Free file host
Open redirect
Sender analysis
URL analysis
Threat intelligence
Credential Phishing
Malware/Ransomware
Evasion
Free file host
Open redirect
Sender analysis
URL analysis
Threat intelligence
MalwareBazaar: Malicious attachment hash in archive (trusted reporters)
Sublime Security
9mo ago
Jul 16th, 2025
Malware/Ransomware
Evasion
Archive analysis
File analysis
Sender analysis
Threat intelligence
Malware/Ransomware
Evasion
Archive analysis
File analysis
Sender analysis
Threat intelligence
MalwareBazaar: Malicious attachment hash (trusted reporters)
Sublime Security
27d ago
Mar 26th, 2026
Malware/Ransomware
File analysis
Sender analysis
Threat intelligence
Malware/Ransomware
File analysis
Sender analysis
Threat intelligence
Malware: Pikabot delivery via URL auto-download
Sublime Security
2y ago
Apr 25th, 2024
Malware/Ransomware
Evasion
Archive analysis
File analysis
Threat intelligence
URL analysis
Malware/Ransomware
Evasion
Archive analysis
File analysis
Threat intelligence
URL analysis
Service abuse: Google OAuth with suspicious redirect destination
Sublime Security
1mo ago
Mar 12th, 2026
Credential Phishing
Evasion
Free file host
Free subdomain host
Open redirect
Social engineering
URL analysis
Threat intelligence
Credential Phishing
Evasion
Free file host
Free subdomain host
Open redirect
Social engineering
URL analysis
Threat intelligence
URLhaus: Malicious domain in message body or pdf attachment (trusted reporters)
Sublime Security
3mo ago
Jan 12th, 2026
Credential Phishing
Malware/Ransomware
PDF
File analysis
Threat intelligence
URL analysis
Credential Phishing
Malware/Ransomware
PDF
File analysis
Threat intelligence
URL analysis
10 Rules