Sublime Core Feed | Sublime Security

Sublime Core Feed
Login to Sublime
Sublime Core FeedThis repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Mar 4th, 2026
Feed Source
GitHub
Tactic or Technique is
Rule Name & Severity
Last Updated
Anthropic Magic String in HTML
Sublime Security
24d ago
Feb 9th, 2026
Malware/Ransomware
Exploit
Content analysis
Malware/Ransomware
Exploit
Content analysis
/feeds/core/detection-rules/anthropic-magic-string-in-html-d860c6a8
Attachment: Archive containing HTML file with file scheme link
Sublime Security
7mo ago
Jul 16th, 2025
Credential Phishing
Evasion
Exploit
HTML smuggling
Social engineering
Archive analysis
File analysis
HTML analysis
Credential Phishing
Evasion
Exploit
HTML smuggling
Social engineering
Archive analysis
File analysis
HTML analysis
/feeds/core/detection-rules/attachment-archive-containing-html-file-with-file-scheme-link-edf6d0d9
Attachment: Archive contains DLL-loading macro
Sublime Security
3y ago
Dec 28th, 2023
Malware/Ransomware
Exploit
LNK
Macros
Scripting
Archive analysis
File analysis
Macro analysis
YARA
Malware/Ransomware
Exploit
LNK
Macros
Scripting
Archive analysis
File analysis
Macro analysis
YARA
/feeds/core/detection-rules/attachment-archive-contains-dll-loading-macro-3a193f5f
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability
Sublime Security
1mo ago
Jan 12th, 2026
Malware/Ransomware
Exploit
Macros
Scripting
Archive analysis
Content analysis
File analysis
Macro analysis
OLE analysis
Malware/Ransomware
Exploit
Macros
Scripting
Archive analysis
Content analysis
File analysis
Macro analysis
OLE analysis
/feeds/core/detection-rules/attachment-cve-2021-40444-mshtml-remote-code-execution-vulnerability-8cefcf7f
Attachment: CVE-2023-21716 - Microsoft Office Remote Code Execution Vulnerability
Sublime Security
1mo ago
Jan 12th, 2026
Malware/Ransomware
Exploit
Content analysis
File analysis
Malware/Ransomware
Exploit
Content analysis
File analysis
/feeds/core/detection-rules/attachment-cve-2023-21716-microsoft-office-remote-code-execution-vulnerability-23714cca
Attachment: CVE-2025-24071 - Microsoft Windows File Explorer Spoofing Vulnerability
Sublime Security
11mo ago
Mar 21st, 2025
Credential Phishing
Scripting
Macros
Exploit
Archive analysis
Content analysis
File analysis
Credential Phishing
Scripting
Macros
Exploit
Archive analysis
Content analysis
File analysis
/feeds/core/detection-rules/attachment-cve-2025-24071-microsoft-windows-file-explorer-spoofing-vulnerability-2e69fa0b
Attachment: LNK with embedded content
1mo ago
Jan 12th, 2026
Malware/Ransomware
Exploit
LNK
Scripting
Content analysis
Exif analysis
File analysis
Malware/Ransomware
Exploit
LNK
Scripting
Content analysis
Exif analysis
File analysis
/feeds/core/detection-rules/attachment-lnk-with-embedded-content-41452f7a
Attachment: WinRAR CVE-2025-8088 exploitation
Sublime Security
1mo ago
Jan 12th, 2026
Malware/Ransomware
Exploit
Evasion
Archive analysis
File analysis
YARA
Malware/Ransomware
Exploit
Evasion
Archive analysis
File analysis
YARA
/feeds/core/detection-rules/attachment-winrar-cve-2025-8088-exploitation-33b3a82b
Callback Phishing via Signable E-Signature Request
Sublime Security
1mo ago
Jan 12th, 2026
Callback Phishing
Exploit
Impersonation: Brand
Out of band pivot
Social engineering
Computer Vision
Content analysis
Header analysis
Sender analysis
URL analysis
Callback Phishing
Exploit
Impersonation: Brand
Out of band pivot
Social engineering
Computer Vision
Content analysis
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/callback-phishing-via-signable-e-signature-request-4599575d
Callback phishing via SignFree e-signature request
Sublime Security
1mo ago
Jan 12th, 2026
Callback Phishing
Exploit
Impersonation: Brand
Out of band pivot
Social engineering
Computer Vision
Content analysis
Header analysis
Sender analysis
URL analysis
Callback Phishing
Exploit
Impersonation: Brand
Out of band pivot
Social engineering
Computer Vision
Content analysis
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/callback-phishing-via-signfree-e-signature-request-21381c37
Callback phishing via Xodo Sign comment
Sublime Security
1mo ago
Jan 12th, 2026
Callback Phishing
Exploit
Impersonation: Brand
Out of band pivot
Social engineering
Computer Vision
Content analysis
Header analysis
Sender analysis
URL analysis
Callback Phishing
Exploit
Impersonation: Brand
Out of band pivot
Social engineering
Computer Vision
Content analysis
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/callback-phishing-via-xodo-sign-comment-6f722c5d
CVE-2023-5631 - Roundcube Webmail XSS via crafted SVG
Sublime Security
1mo ago
Jan 12th, 2026
Malware/Ransomware
Evasion
Exploit
HTML smuggling
Scripting
Content analysis
HTML analysis
Sender analysis
Malware/Ransomware
Evasion
Exploit
HTML smuggling
Scripting
Content analysis
HTML analysis
Sender analysis
/feeds/core/detection-rules/cve-2023-5631-roundcube-webmail-xss-via-crafted-svg-8405d61b
Link: CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability
Sublime Security
2y ago
Feb 15th, 2024
Malware/Ransomware
Evasion
Exploit
URL analysis
Malware/Ransomware
Evasion
Exploit
URL analysis
/feeds/core/detection-rules/link-cve-2024-21413-microsoft-outlook-remote-code-execution-vulnerability-e8151426
Mass campaign: Cross Site Scripting (XSS) attempt
Sublime Security
7mo ago
Jul 16th, 2025
Malware/Ransomware
Spam
Exploit
Free email provider
Scripting
Social engineering
Content analysis
Header analysis
Sender analysis
Malware/Ransomware
Spam
Exploit
Free email provider
Scripting
Social engineering
Content analysis
Header analysis
Sender analysis
/feeds/core/detection-rules/mass-campaign-cross-site-scripting-xss-attempt-6cbb7124
Open redirect: City of Calgary
Sublime Security
9mo ago
May 23rd, 2025
Credential Phishing
Exploit
Open redirect
Social engineering
Sender analysis
URL analysis
Credential Phishing
Exploit
Open redirect
Social engineering
Sender analysis
URL analysis
/feeds/core/detection-rules/open-redirect-city-of-calgary-00321858
Outlook hyperlink bypass: left-to-right mark (LRM) in base HTML tag
Sublime Security
2mo ago
Dec 10th, 2025
Credential Phishing
Evasion
Exploit
Content analysis
HTML analysis
URL analysis
Credential Phishing
Evasion
Exploit
Content analysis
HTML analysis
URL analysis
/feeds/core/detection-rules/outlook-hyperlink-bypass-left-to-right-mark-lrm-in-base-html-tag-160cc681
16 Rules