Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Apr 21st, 2026
Feed Source
GitHub
Detection Method is
Rule Name & Severity
Author
Last Updated
Labels
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability
Sublime Security
3mo ago
Jan 12th, 2026
Malware/Ransomware
Exploit
Macros
Scripting
Archive analysis
Content analysis
File analysis
Macro analysis
OLE analysis
Attachment: Encrypted Microsoft Office file (unsolicited)
Sublime Security
3mo ago
Jan 12th, 2026
Malware/Ransomware
Encryption
Macros
Scripting
Archive analysis
File analysis
OLE analysis
Sender analysis
Attachment: Office file contains OLE relationship to credential phishing page
Sublime Security
3mo ago
Jan 12th, 2026
Credential Phishing
Evasion
Social engineering
File analysis
HTML analysis
Natural Language Understanding
OLE analysis
URL analysis
Attachment: OLE external relationship containing file scheme link to executable filetype
Sublime Security
4mo ago
Nov 24th, 2025
Malware/Ransomware
Evasion
Archive analysis
Content analysis
OLE analysis
Sender analysis
Attachment: OLE external relationship containing file scheme link to IP address
Sublime Security
3mo ago
Jan 12th, 2026
Malware/Ransomware
Evasion
Archive analysis
Content analysis
OLE analysis
Sender analysis
Attachment with auto-executing macro (unsolicited)
Sublime Security
3mo ago
Jan 12th, 2026
Malware/Ransomware
Macros
Archive analysis
Header analysis
File analysis
Macro analysis
OLE analysis
Sender analysis
Attachment with high risk VBA macro (unsolicited)
Sublime Security
3mo ago
Jan 12th, 2026
Malware/Ransomware
Macros
File analysis
Macro analysis
OLE analysis
Sender analysis
7 Rules