Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Jun 18th, 2025

Feed Source

GitHub

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
Attachment: Fake Voicemail via PDF	Sublime Security	1mo ago Apr 30th, 2025	Credential Phishing PDF QR code Social engineering Computer Vision Content analysis File analysis Optical Character Recognition QR code analysis URL analysis	/feeds/core/detection-rules/attachment-fake-voicemail-via-pdf-d3587209
Attachment: HTML smuggling - QR Code with suspicious links	Sublime Security	1y ago Apr 25th, 2024	Credential Phishing QR code Computer Vision Header analysis Natural Language Understanding QR code analysis Sender analysis URL analysis URL screenshot	/feeds/core/detection-rules/attachment-html-smuggling-qr-code-with-suspicious-links-010e757d
Attachment: QR Code Link With Base64-Encoded Recipient Address	Sublime Security	2mo ago Mar 27th, 2025	Credential Phishing QR code Image as content Social engineering Evasion PDF Macros Computer Vision File analysis Natural Language Understanding QR code analysis Sender analysis	/feeds/core/detection-rules/attachment-qr-code-link-with-base64-encoded-recipient-address-927a0c1a
Attachment: QR code with credential phishing indicators	Sublime Security	2mo ago Apr 14th, 2025	Credential Phishing QR code Social engineering Computer Vision Header analysis Natural Language Understanding QR code analysis Sender analysis URL analysis URL screenshot	/feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1
Attachment: QR Code With Userinfo Portion	Sublime Security	3mo ago Feb 21st, 2025	Credential Phishing Malware/Ransomware Evasion Image as content PDF QR code QR code analysis File analysis Sender analysis	/feeds/core/detection-rules/attachment-qr-code-with-userinfo-portion-9d62cc5c
Attachment: SVG Files With Evasion Elements	Sublime Security	3mo ago Feb 21st, 2025	Malware/Ransomware Credential Phishing QR code Image as content Evasion File analysis XML analysis QR code analysis Sender analysis	/feeds/core/detection-rules/attachment-svg-files-with-evasion-elements-5d2dbb60
Brand impersonation: Adobe (QR code)	Sublime Security	2mo ago Mar 27th, 2025	Credential Phishing Impersonation: Brand PDF QR code Computer Vision Header analysis QR code analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-adobe-qr-code-2fc36c6d
Brand impersonation: DocuSign (QR code)	Sublime Security	1y ago Jun 12th, 2024	Credential Phishing Impersonation: Brand PDF QR code Social engineering Computer Vision Header analysis QR code analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-docusign-qr-code-0b16c28a
Brand Impersonation: DocuSign with embedded QR code	Sublime Security	1y ago May 2nd, 2024	Credential Phishing Evasion Image as content Impersonation: Brand QR code Computer Vision Content analysis QR code analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-docusign-with-embedded-qr-code-f5cde463
Brand Impersonation: Google (QR Code)	Sublime Security	1y ago Apr 3rd, 2024	Credential Phishing Impersonation: Brand PDF QR code Computer Vision Header analysis QR code analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-google-qr-code-7ffd184c
Brand impersonation: Microsoft (QR code)	Sublime Security	17d ago Jun 2nd, 2025	Credential Phishing Impersonation: Brand PDF QR code Social engineering Computer Vision Header analysis QR code analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-qr-code-ed0f772a
ClickFunnels link infrastructure abuse	Sublime Security	1mo ago May 16th, 2025	Credential Phishing Free email provider Free subdomain host Social engineering Content analysis Header analysis QR code analysis Sender analysis URL analysis	/feeds/core/detection-rules/clickfunnels-link-infrastructure-abuse-9192fbe9
Compensation Review With QR Code in Attached EML	Sublime Security	2mo ago Apr 3rd, 2025	Credential Phishing QR code Social engineering Computer Vision Content analysis Optical Character Recognition QR code analysis	/feeds/core/detection-rules/compensation-review-with-qr-code-in-attached-eml-98a2f03c
Constant Contact link infrastructure abuse	Sublime Security	5mo ago Jan 11th, 2025	Credential Phishing Free email provider Open redirect Social engineering Content analysis Header analysis QR code analysis Sender analysis	/feeds/core/detection-rules/constant-contact-link-infrastructure-abuse-8c5e8e4c
Extortion / Sextortion - PDF attachment leveraging breach data from freemail sender	Sublime Security	4mo ago Feb 3rd, 2025	BEC/Fraud Free email provider PDF Social engineering QR code Content analysis File analysis QR code analysis	/feeds/core/detection-rules/extortion-sextortion-pdf-attachment-leveraging-breach-data-from-freemail-sender-efb5a213
Link: QR code in EML attachment with credential phishing indicators	Sublime Security	1y ago Apr 25th, 2024	Credential Phishing Evasion Open redirect QR code Computer Vision Content analysis File analysis QR code analysis	/feeds/core/detection-rules/link-qr-code-in-eml-attachment-with-credential-phishing-indicators-9908ed3a
Link: QR code with phishing disposition in img or pdf	Sublime Security	2mo ago Apr 14th, 2025	Credential Phishing QR code Social engineering Content analysis Computer Vision QR code analysis Sender analysis URL analysis	/feeds/core/detection-rules/link-qr-code-with-phishing-disposition-in-img-or-pdf-8e8949f6
Link: QR Code with suspicious language (untrusted sender)	Sublime Security	2mo ago Apr 14th, 2025	Credential Phishing Impersonation: Brand QR code Social engineering Content analysis Computer Vision Natural Language Understanding QR code analysis Sender analysis URL analysis	/feeds/core/detection-rules/link-qr-code-with-suspicious-language-untrusted-sender-25a84d1c
Open redirect: typedrawers.com	Sublime Security	27d ago May 23rd, 2025	Credential Phishing Evasion Open redirect QR code Social engineering Content analysis File analysis QR code analysis Sender analysis	/feeds/core/detection-rules/open-redirect-typedrawerscom-158d9e95
QR code to auto-download of a suspicious file type (unsolicited)	Sublime Security	7mo ago Nov 20th, 2024	Malware/Ransomware Evasion LNK Social engineering Archive analysis File analysis Sender analysis URL analysis QR code analysis	/feeds/core/detection-rules/qr-code-to-auto-download-of-a-suspicious-file-type-unsolicited-eed87ea2
QR Code with suspicious indicators	Sublime Security	2mo ago Apr 7th, 2025	Credential Phishing QR code Social engineering Content analysis Header analysis Computer Vision Natural Language Understanding QR code analysis Sender analysis URL analysis	/feeds/core/detection-rules/qr-code-with-suspicious-indicators-04f5c34f
Unicode QR Code	Sublime Security	3mo ago Feb 26th, 2025	Credential Phishing Evasion Content analysis Sender analysis QR code analysis	/feeds/core/detection-rules/unicode-qr-code-1a0bdd25