Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Jan 23rd, 2026

Feed Source

GitHub

Tactic or Technique is

Rule Name & Severity	Author	Last Updated	Labels
Attachment: Office file with suspicious function calls or downloaded file path	Sublime Security	11d ago Jan 12th, 2026	Malware/Ransomware Evasion Scripting Archive analysis File analysis	/feeds/core/detection-rules/attachment-office-file-with-suspicious-function-calls-or-downloaded-file-path-4c78b969
Attachment: PowerPoint with suspicious hyperlink	Sublime Security	11d ago Jan 12th, 2026	Malware/Ransomware Evasion Scripting Exif analysis File analysis	/feeds/core/detection-rules/attachment-powerpoint-with-suspicious-hyperlink-0a999fb1
Attachment: PowerShell content	@ajpc500	5mo ago Aug 5th, 2025	Malware/Ransomware Scripting Archive analysis File analysis	/feeds/core/detection-rules/attachment-powershell-content-c12566db
Attachment: SFX archive containing commands	Sublime Security	11d ago Jan 12th, 2026	Malware/Ransomware Evasion Scripting File analysis	/feeds/core/detection-rules/attachment-sfx-archive-containing-commands-343e6c8c
Attachment: SVG file execution	Sublime Security	5mo ago Aug 8th, 2025	Malware/Ransomware Scripting Archive analysis Content analysis File analysis	/feeds/core/detection-rules/attachment-svg-file-execution-084b0cde
CVE-2023-5631 - Roundcube Webmail XSS via crafted SVG	Sublime Security	11d ago Jan 12th, 2026	Malware/Ransomware Evasion Exploit HTML smuggling Scripting Content analysis HTML analysis Sender analysis	/feeds/core/detection-rules/cve-2023-5631-roundcube-webmail-xss-via-crafted-svg-8405d61b
HTML: Bidirectional (BIDI) HTML override with right to left obfuscation	Sublime Security	3mo ago Oct 17th, 2025	BEC/Fraud Credential Phishing Evasion Social engineering Scripting Content analysis HTML analysis	/feeds/core/detection-rules/html-bidirectional-bidi-html-override-with-right-to-left-obfuscation-f93940d2
HTML smuggling containing recipient email address	Sublime Security	2mo ago Nov 4th, 2025	Credential Phishing Malware/Ransomware Evasion HTML smuggling Scripting Archive analysis File analysis Sender analysis	/feeds/core/detection-rules/html-smuggling-containing-recipient-email-address-af32ff2f
Link: Cryptocurrency fraud with suspicious links	Sublime Security	1mo ago Dec 1st, 2025	BEC/Fraud Social engineering Evasion Free subdomain host Scripting Content analysis Header analysis Javascript analysis Natural Language Understanding Sender analysis URL analysis URL screenshot Whois	/feeds/core/detection-rules/link-cryptocurrency-fraud-with-suspicious-links-d0da37ce
Mass campaign: Cross Site Scripting (XSS) attempt	Sublime Security	6mo ago Jul 16th, 2025	Malware/Ransomware Spam Exploit Free email provider Scripting Social engineering Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/mass-campaign-cross-site-scripting-xss-attempt-6cbb7124
Suspected cross-site scripting (XSS) found in subject	Sublime Security	4mo ago Sep 4th, 2025	Credential Phishing Evasion Scripting Content analysis Sender analysis	/feeds/core/detection-rules/suspected-cross-site-scripting-xss-found-in-subject-8a946cfa
Suspected WordPress abuse with cross-site scripting (XSS) indicators	Sublime Security	5mo ago Aug 5th, 2025	Malware/Ransomware Credential Phishing Scripting Impersonation: Brand Social engineering Content analysis Sender analysis	/feeds/core/detection-rules/suspected-wordpress-abuse-with-cross-site-scripting-xss-indicators-9c21225b

62 Rules

Page 2 of 2