Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Apr 24th, 2026

Feed Source

GitHub

Tactic or Technique is

Rule Name & Severity	Author	Last Updated	Labels
Attachment: Microsoft impersonation via PDF with link and suspicious language	Sublime Security	9mo ago Jul 16th, 2025	Credential Phishing Malware/Ransomware Image as content Impersonation: Brand PDF Scripting Social engineering Computer Vision File analysis Header analysis Natural Language Understanding Sender analysis
Attachment: Office document with VSTO add-in	@vector_sec	3mo ago Jan 12th, 2026	Malware/Ransomware Scripting Archive analysis Content analysis Exif analysis File analysis Sender analysis URL analysis
Attachment: Office file with suspicious function calls or downloaded file path	Sublime Security	3mo ago Jan 12th, 2026	Malware/Ransomware Evasion Scripting Archive analysis File analysis
Attachment: PowerPoint with suspicious hyperlink	Sublime Security	3mo ago Jan 12th, 2026	Malware/Ransomware Evasion Scripting Exif analysis File analysis
Attachment: PowerShell content	@ajpc500	8mo ago Aug 5th, 2025	Malware/Ransomware Scripting Archive analysis File analysis
Attachment: SFX archive containing commands	Sublime Security	3mo ago Jan 12th, 2026	Malware/Ransomware Evasion Scripting File analysis
Attachment: SVG file execution	Sublime Security	8mo ago Aug 8th, 2025	Malware/Ransomware Scripting Archive analysis Content analysis File analysis
CVE-2023-5631 - Roundcube Webmail XSS via crafted SVG	Sublime Security	3mo ago Jan 12th, 2026	Malware/Ransomware Evasion Exploit HTML smuggling Scripting Content analysis HTML analysis Sender analysis
HTML: Bidirectional (BIDI) HTML override with right to left obfuscation	Sublime Security	6mo ago Oct 17th, 2025	BEC/Fraud Credential Phishing Evasion Social engineering Scripting Content analysis HTML analysis
HTML smuggling containing recipient email address	Sublime Security	5mo ago Nov 4th, 2025	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis File analysis Sender analysis
Link: Cryptocurrency fraud with suspicious links	Sublime Security	4mo ago Dec 1st, 2025	BEC/Fraud Social engineering Evasion Free subdomain host Scripting Content analysis Header analysis Javascript analysis Natural Language Understanding Sender analysis URL analysis URL screenshot Whois
Link: JavaScript obfuscation with Telegram bot integration	Sublime Security	1mo ago Feb 25th, 2026	Credential Phishing Evasion Scripting Content analysis Javascript analysis URL analysis
Link: Landing page with search-ms protocol redirect	Sublime Security	17d ago Apr 7th, 2026	Malware/Ransomware Evasion Scripting URL analysis Threat intelligence
Mass campaign: Cross Site Scripting (XSS) attempt	Sublime Security	9mo ago Jul 16th, 2025	Malware/Ransomware Spam Exploit Free email provider Scripting Social engineering Content analysis Header analysis Sender analysis
Suspected cross-site scripting (XSS) found in subject	Sublime Security	7mo ago Sep 4th, 2025	Credential Phishing Evasion Scripting Content analysis Sender analysis
Suspected WordPress abuse with cross-site scripting (XSS) indicators	Sublime Security	8mo ago Aug 5th, 2025	Malware/Ransomware Credential Phishing Scripting Impersonation: Brand Social engineering Content analysis Sender analysis

66 Rules

Page 2 of 2