Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Feb 12th, 2026

Feed Source

GitHub

Tactic or Technique is

Rule Name & Severity	Author	Last Updated	Labels
Suspicious attachment: Duplicate decoy PDF files	Sublime Security	6mo ago Aug 5th, 2025	Credential Phishing Evasion PDF File analysis Optical Character Recognition	/feeds/core/detection-rules/suspicious-attachment-duplicate-decoy-pdf-files-79b9b2e7
Suspicious attachment with unscannable Cloudflare link	Sublime Security	1mo ago Jan 12th, 2026	Credential Phishing Evasion PDF Social engineering Impersonation: Employee Impersonation: VIP File analysis URL analysis Sender analysis Content analysis Header analysis Natural Language Understanding	/feeds/core/detection-rules/suspicious-attachment-with-unscannable-cloudflare-link-00f92b6f
Suspicious SharePoint file sharing	Sublime Security	6mo ago Aug 5th, 2025	Credential Phishing Free email provider Free file host OneNote PDF Content analysis Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/suspicious-sharepoint-file-sharing-971c3d9c
URLhaus: Malicious domain in message body or pdf attachment (trusted reporters)	Sublime Security	1mo ago Jan 12th, 2026	Credential Phishing Malware/Ransomware PDF File analysis Threat intelligence URL analysis	/feeds/core/detection-rules/urlhaus-malicious-domain-in-message-body-or-pdf-attachment-trusted-reporters-cfca2986

54 Rules

Page 2 of 2