• Sublime Core Feed

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Jun 30th, 2025
Feed Source
GitHub
Tactic or Technique is
Rule Name & Severity
Author
Last Updated
Labels
Attachment: Archive contains DLL-loading macro
Sublime Security
2y ago
Dec 28th, 2023
Malware/Ransomware
Exploit
LNK
Macros
Scripting
Archive analysis
File analysis
Macro analysis
YARA
/feeds/core/detection-rules/attachment-archive-contains-dll-loading-macro-3a193f5f
Attachment: Link file with UNC path
Sublime Security
2y ago
Aug 21st, 2023
Credential Phishing
Evasion
LNK
File analysis
/feeds/core/detection-rules/attachment-link-file-with-unc-path-3b7ee0fb
Attachment: LNK file
@ajpc500
2y ago
Aug 21st, 2023
Malware/Ransomware
LNK
Archive analysis
File analysis
/feeds/core/detection-rules/attachment-lnk-file-44532abe
Attachment: LNK with embedded content
@ajpc500
2y ago
Aug 21st, 2023
Malware/Ransomware
Exploit
LNK
Scripting
Content analysis
Exif analysis
File analysis
/feeds/core/detection-rules/attachment-lnk-with-embedded-content-41452f7a
Link to auto-download of a suspicious file type (unsolicited)
Sublime Security
3mo ago
Mar 5th, 2025
Malware/Ransomware
Encryption
Evasion
LNK
Social engineering
Archive analysis
File analysis
Sender analysis
URL analysis
YARA
/feeds/core/detection-rules/link-to-auto-download-of-a-suspicious-file-type-unsolicited-67ae2152
QR code to auto-download of a suspicious file type (unsolicited)
Sublime Security
7mo ago
Nov 20th, 2024
Malware/Ransomware
Evasion
LNK
Social engineering
Archive analysis
File analysis
Sender analysis
URL analysis
QR code analysis
/feeds/core/detection-rules/qr-code-to-auto-download-of-a-suspicious-file-type-unsolicited-eed87ea2
6 Rules