Sublime Core Feed | Sublime Security

Sublime Core Feed
Login to Sublime
Sublime Core FeedThis repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Mar 4th, 2026
Feed Source
GitHub
Detection Method is
Rule Name & Severity
Last Updated
Attachment: PDF Object Hash - Encrypted PDFs with fake payment notification
Sublime Security
3d ago
Mar 2nd, 2026
Malware/Ransomware
PDF
Evasion
File analysis
Threat intelligence
Malware/Ransomware
PDF
Evasion
File analysis
Threat intelligence
/feeds/core/detection-rules/attachment-pdf-object-hash-encrypted-pdfs-with-fake-payment-notification-a8a19bae
Brand impersonation: ukr[.]net
Sublime Security
3y ago
Aug 21st, 2023
Credential Phishing
Impersonation: Brand
Social engineering
Sender analysis
Threat intelligence
Credential Phishing
Impersonation: Brand
Social engineering
Sender analysis
Threat intelligence
/feeds/core/detection-rules/brand-impersonation-ukrnet-3cb4015f
Link: 9WOLF phishkit initial landing URI
Sublime Security
1mo ago
Jan 30th, 2026
Malware/Ransomware
Evasion
URL analysis
Threat intelligence
Malware/Ransomware
Evasion
URL analysis
Threat intelligence
/feeds/core/detection-rules/link-9wolf-phishkit-initial-landing-uri-a165e206
Link: URL redirecting to blob URL
Sublime Security
9d ago
Feb 24th, 2026
Credential Phishing
Malware/Ransomware
Evasion
Free file host
Open redirect
Sender analysis
URL analysis
Threat intelligence
Credential Phishing
Malware/Ransomware
Evasion
Free file host
Open redirect
Sender analysis
URL analysis
Threat intelligence
/feeds/core/detection-rules/link-url-redirecting-to-blob-url-1677135b
MalwareBazaar: Malicious attachment hash in archive (trusted reporters)
Sublime Security
7mo ago
Jul 16th, 2025
Malware/Ransomware
Evasion
Archive analysis
File analysis
Sender analysis
Threat intelligence
Malware/Ransomware
Evasion
Archive analysis
File analysis
Sender analysis
Threat intelligence
/feeds/core/detection-rules/malwarebazaar-malicious-attachment-hash-in-archive-trusted-reporters-9d734281
MalwareBazaar: Malicious attachment hash (trusted reporters)
Sublime Security
1mo ago
Jan 12th, 2026
Malware/Ransomware
File analysis
Sender analysis
Threat intelligence
Malware/Ransomware
File analysis
Sender analysis
Threat intelligence
/feeds/core/detection-rules/malwarebazaar-malicious-attachment-hash-trusted-reporters-5b5c9c3e
Malware: Pikabot delivery via URL auto-download
Sublime Security
2y ago
Apr 25th, 2024
Malware/Ransomware
Evasion
Archive analysis
File analysis
Threat intelligence
URL analysis
Malware/Ransomware
Evasion
Archive analysis
File analysis
Threat intelligence
URL analysis
/feeds/core/detection-rules/malware-pikabot-delivery-via-url-auto-download-f4be4572
URLhaus: Malicious domain in message body or pdf attachment (trusted reporters)
Sublime Security
1mo ago
Jan 12th, 2026
Credential Phishing
Malware/Ransomware
PDF
File analysis
Threat intelligence
URL analysis
Credential Phishing
Malware/Ransomware
PDF
File analysis
Threat intelligence
URL analysis
/feeds/core/detection-rules/urlhaus-malicious-domain-in-message-body-or-pdf-attachment-trusted-reporters-cfca2986
8 Rules