• Sublime Core Feed

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Dec 26th, 2025
Feed Source
GitHub
Detection Method is
Rule Name & Severity
Author
Last Updated
Labels
Attachment: Archive contains DLL-loading macro
Sublime Security
3y ago
Dec 28th, 2023
Malware/Ransomware
Exploit
LNK
Macros
Scripting
Archive analysis
File analysis
Macro analysis
YARA
/feeds/core/detection-rules/attachment-archive-contains-dll-loading-macro-3a193f5f
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability
Sublime Security
3y ago
Dec 19th, 2023
Malware/Ransomware
Exploit
Macros
Scripting
Archive analysis
Content analysis
File analysis
Macro analysis
OLE analysis
/feeds/core/detection-rules/attachment-cve-2021-40444-mshtml-remote-code-execution-vulnerability-8cefcf7f
Attachment: Macro files containing MHT content
Sublime Security
5mo ago
Aug 5th, 2025
Malware/Ransomware
Credential Phishing
Evasion
Macros
Scripting
Archive analysis
File analysis
Macro analysis
/feeds/core/detection-rules/attachment-macro-files-containing-mht-content-4d54e40b
Attachment: Macro with suspected use of COM ShellBrowserWindow object for process creation
@ajpc500
5mo ago
Aug 5th, 2025
Malware/Ransomware
Macros
Scripting
Content analysis
File analysis
Macro analysis
/feeds/core/detection-rules/attachment-macro-with-suspected-use-of-com-shellbrowserwindow-object-for-process-creation-527fc7f0
Attachment: Office file with document sharing and browser instruction lures
Sublime Security
2mo ago
Oct 16th, 2025
Credential Phishing
Social engineering
Evasion
Archive analysis
File analysis
Macro analysis
Optical Character Recognition
Content analysis
/feeds/core/detection-rules/attachment-office-file-with-document-sharing-and-browser-instruction-lures-b1250a4b
Attachment: Potential sandbox evasion in Office file
@ajpc500
5mo ago
Aug 5th, 2025
Malware/Ransomware
Evasion
Macros
File analysis
Macro analysis
/feeds/core/detection-rules/attachment-potential-sandbox-evasion-in-office-file-1c591681
Attachment soliciting user to enable macros
Sublime Security
5mo ago
Jul 16th, 2025
Malware/Ransomware
Macros
Archive analysis
File analysis
Macro analysis
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/attachment-soliciting-user-to-enable-macros-e9d75515
Attachment with auto-executing macro (unsolicited)
Sublime Security
5mo ago
Jul 16th, 2025
Malware/Ransomware
Macros
Archive analysis
Header analysis
File analysis
Macro analysis
OLE analysis
Sender analysis
/feeds/core/detection-rules/attachment-with-auto-executing-macro-unsolicited-af6624c3
Attachment with auto-opening VBA macro (unsolicited)
Sublime Security
5mo ago
Jul 16th, 2025
Malware/Ransomware
Macros
Archive analysis
File analysis
Macro analysis
Sender analysis
/feeds/core/detection-rules/attachment-with-auto-opening-vba-macro-unsolicited-d48b3e53
Attachment with high risk VBA macro (unsolicited)
Sublime Security
5mo ago
Jul 16th, 2025
Malware/Ransomware
Macros
File analysis
Macro analysis
OLE analysis
Sender analysis
/feeds/core/detection-rules/attachment-with-high-risk-vba-macro-unsolicited-a2b20e16
Attachment with VBA macros from employee impersonation (unsolicited)
Sublime Security
5mo ago
Jul 16th, 2025
Malware/Ransomware
Impersonation: Employee
Macros
Social engineering
Archive analysis
File analysis
Macro analysis
Sender analysis
/feeds/core/detection-rules/attachment-with-vba-macros-from-employee-impersonation-unsolicited-9b262123
Suspicious VBA macros from untrusted sender
Sublime Security
5mo ago
Jul 16th, 2025
Malware/Ransomware
Macros
File analysis
Macro analysis
Sender analysis
/feeds/core/detection-rules/suspicious-vba-macros-from-untrusted-sender-37cec120
12 Rules