• Sublime Core Feed

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Jan 23rd, 2026
Feed Source
GitHub
Tactic or Technique is
Rule Name & Severity
Author
Last Updated
Labels
Attachment: Archive contains DLL-loading macro
Sublime Security
3y ago
Dec 28th, 2023
Malware/Ransomware
Exploit
LNK
Macros
Scripting
Archive analysis
File analysis
Macro analysis
YARA
/feeds/core/detection-rules/attachment-archive-contains-dll-loading-macro-3a193f5f
Attachment: Link file with UNC path
Sublime Security
11d ago
Jan 12th, 2026
Credential Phishing
Evasion
LNK
File analysis
/feeds/core/detection-rules/attachment-link-file-with-unc-path-3b7ee0fb
Attachment: LNK file
@ajpc500
3y ago
Aug 21st, 2023
Malware/Ransomware
LNK
Archive analysis
File analysis
/feeds/core/detection-rules/attachment-lnk-file-44532abe
Attachment: LNK with embedded content
@ajpc500
11d ago
Jan 12th, 2026
Malware/Ransomware
Exploit
LNK
Scripting
Content analysis
Exif analysis
File analysis
/feeds/core/detection-rules/attachment-lnk-with-embedded-content-41452f7a
Link to auto-download of a suspicious file type (unsolicited)
Sublime Security
11d ago
Jan 12th, 2026
Malware/Ransomware
Encryption
Evasion
LNK
Social engineering
Archive analysis
File analysis
Sender analysis
URL analysis
YARA
/feeds/core/detection-rules/link-to-auto-download-of-a-suspicious-file-type-unsolicited-67ae2152
QR code to auto-download of a suspicious file type (unsolicited)
Sublime Security
3mo ago
Oct 17th, 2025
Malware/Ransomware
Evasion
LNK
Social engineering
Archive analysis
File analysis
Sender analysis
URL analysis
QR code analysis
/feeds/core/detection-rules/qr-code-to-auto-download-of-a-suspicious-file-type-unsolicited-eed87ea2
6 Rules