Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Attachment: Archive contains DLL-loading macro | Sublime Security | 3y ago Dec 28th, 2023 | /feeds/core/detection-rules/attachment-archive-contains-dll-loading-macro-3a193f5f | |
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability | Sublime Security | 3y ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-cve-2021-40444-mshtml-remote-code-execution-vulnerability-8cefcf7f | |
Attachment: CVE-2025-24071 - Microsoft Windows File Explorer Spoofing Vulnerability | Sublime Security | 9mo ago Mar 21st, 2025 | /feeds/core/detection-rules/attachment-cve-2025-24071-microsoft-windows-file-explorer-spoofing-vulnerability-2e69fa0b | |
Attachment: Encrypted Microsoft Office file (unsolicited) | Sublime Security | 5mo ago Jul 16th, 2025 | /feeds/core/detection-rules/attachment-encrypted-microsoft-office-file-unsolicited-1e47e953 | |
Attachment: Excel file with suspicious template identifier | Sublime Security | 3mo ago Sep 17th, 2025 | /feeds/core/detection-rules/attachment-excel-file-with-suspicious-template-identifier-40f84b4b | |
Attachment: Macro files containing MHT content | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/attachment-macro-files-containing-mht-content-4d54e40b | |
Attachment: Macro with suspected use of COM ShellBrowserWindow object for process creation | @ajpc500 | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/attachment-macro-with-suspected-use-of-com-shellbrowserwindow-object-for-process-creation-527fc7f0 | |
Attachment: Potential sandbox evasion in Office file | @ajpc500 | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/attachment-potential-sandbox-evasion-in-office-file-1c591681 | |
Attachment: QR code link with base64-encoded recipient address | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/attachment-qr-code-link-with-base64-encoded-recipient-address-927a0c1a | |
Attachment soliciting user to enable macros | Sublime Security | 5mo ago Jul 16th, 2025 | /feeds/core/detection-rules/attachment-soliciting-user-to-enable-macros-e9d75515 | |
Attachment: USDA bid invitation impersonation | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/attachment-usda-bid-invitation-impersonation-34eb9493 | |
Attachment with auto-executing macro (unsolicited) | Sublime Security | 5mo ago Jul 16th, 2025 | /feeds/core/detection-rules/attachment-with-auto-executing-macro-unsolicited-af6624c3 | |
Attachment with auto-opening VBA macro (unsolicited) | Sublime Security | 5mo ago Jul 16th, 2025 | /feeds/core/detection-rules/attachment-with-auto-opening-vba-macro-unsolicited-d48b3e53 | |
Attachment with high risk VBA macro (unsolicited) | Sublime Security | 5mo ago Jul 16th, 2025 | /feeds/core/detection-rules/attachment-with-high-risk-vba-macro-unsolicited-a2b20e16 | |
Attachment with macro calling executable | Sublime Security | 3y ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-with-macro-calling-executable-5ee6a197 | |
Attachment with VBA macros from employee impersonation (unsolicited) | Sublime Security | 5mo ago Jul 16th, 2025 | /feeds/core/detection-rules/attachment-with-vba-macros-from-employee-impersonation-unsolicited-9b262123 | |
Attachment: XLSX file with suspicious print titles metadata | Sublime Security | 3mo ago Sep 16th, 2025 | /feeds/core/detection-rules/attachment-xlsx-file-with-suspicious-print-titles-metadata-4c265cbe | |
Suspicious VBA macros from untrusted sender | Sublime Security | 5mo ago Jul 16th, 2025 | /feeds/core/detection-rules/suspicious-vba-macros-from-untrusted-sender-37cec120 |