• Sublime Core Feed

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Mar 12th, 2026
Feed Source
GitHub
Tactic or Technique is
Rule Name & Severity
Author
Last Updated
Labels
Attachment: Archive contains DLL-loading macro
Sublime Security
3y ago
Dec 28th, 2023
Malware/Ransomware
Exploit
LNK
Macros
Scripting
Archive analysis
File analysis
Macro analysis
YARA
Attachment: Link file with UNC path
Sublime Security
1mo ago
Jan 12th, 2026
Credential Phishing
Evasion
LNK
File analysis
Attachment: LNK file
@ajpc500
3y ago
Aug 21st, 2023
Malware/Ransomware
LNK
Archive analysis
File analysis
Attachment: LNK with embedded content
@ajpc500
1mo ago
Jan 12th, 2026
Malware/Ransomware
Exploit
LNK
Scripting
Content analysis
Exif analysis
File analysis
Link to auto-download of a suspicious file type (unsolicited)
Sublime Security
1mo ago
Jan 12th, 2026
Malware/Ransomware
Encryption
Evasion
LNK
Social engineering
Archive analysis
File analysis
Sender analysis
URL analysis
YARA
QR code to auto-download of a suspicious file type (unsolicited)
Sublime Security
4mo ago
Oct 17th, 2025
Malware/Ransomware
Evasion
LNK
Social engineering
Archive analysis
File analysis
Sender analysis
URL analysis
QR code analysis
6 Rules