Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Apr 21st, 2026
Feed Source
GitHub
Tactic or Technique is
Rule Name & Severity
Author
Last Updated
Labels
Attachment: Archive contains DLL-loading macro
Sublime Security
3y ago
Dec 28th, 2023
Malware/Ransomware
Exploit
LNK
Macros
Scripting
Archive analysis
File analysis
Macro analysis
YARA
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability
Sublime Security
3mo ago
Jan 12th, 2026
Malware/Ransomware
Exploit
Macros
Scripting
Archive analysis
Content analysis
File analysis
Macro analysis
OLE analysis
Attachment: CVE-2025-24071 - Microsoft Windows File Explorer Spoofing Vulnerability
Sublime Security
1y ago
Mar 21st, 2025
Credential Phishing
Scripting
Macros
Exploit
Archive analysis
Content analysis
File analysis
Attachment: Encrypted Microsoft Office file (unsolicited)
Sublime Security
3mo ago
Jan 12th, 2026
Malware/Ransomware
Encryption
Macros
Scripting
Archive analysis
File analysis
OLE analysis
Sender analysis
Attachment: Excel file with document sharing lure created by Go Excelize
Sublime Security
2mo ago
Jan 29th, 2026
Credential Phishing
Macros
Social engineering
File analysis
Macro analysis
Content analysis
Exif analysis
Attachment: Excel file with suspicious template identifier
Sublime Security
3mo ago
Jan 12th, 2026
Credential Phishing
Evasion
Macros
Exif analysis
File analysis
Attachment: Macro files containing MHT content
Sublime Security
3mo ago
Jan 12th, 2026
Malware/Ransomware
Credential Phishing
Evasion
Macros
Scripting
Archive analysis
File analysis
Macro analysis
Attachment: Macro with suspected use of COM ShellBrowserWindow object for process creation
@ajpc500
3mo ago
Jan 12th, 2026
Malware/Ransomware
Macros
Scripting
Content analysis
File analysis
Macro analysis
Attachment: Potential sandbox evasion in Office file
@ajpc500
3mo ago
Jan 12th, 2026
Malware/Ransomware
Evasion
Macros
File analysis
Macro analysis
Attachment: QR code link with base64-encoded recipient address
Sublime Security
3mo ago
Jan 12th, 2026
Credential Phishing
QR code
Image as content
Social engineering
Evasion
PDF
Macros
Computer Vision
File analysis
Natural Language Understanding
QR code analysis
Sender analysis
Attachment soliciting user to enable macros
Sublime Security
3mo ago
Jan 12th, 2026
Malware/Ransomware
Macros
Archive analysis
File analysis
Macro analysis
Optical Character Recognition
Sender analysis
Attachment: USDA bid invitation impersonation
Sublime Security
8mo ago
Aug 5th, 2025
BEC/Fraud
Impersonation: Brand
PDF
Macros
Social engineering
Content analysis
File analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
Attachment with auto-executing macro (unsolicited)
Sublime Security
3mo ago
Jan 12th, 2026
Malware/Ransomware
Macros
Archive analysis
Header analysis
File analysis
Macro analysis
OLE analysis
Sender analysis
Attachment with auto-opening VBA macro (unsolicited)
Sublime Security
3mo ago
Jan 12th, 2026
Malware/Ransomware
Macros
Archive analysis
File analysis
Macro analysis
Sender analysis
Attachment with high risk VBA macro (unsolicited)
Sublime Security
3mo ago
Jan 12th, 2026
Malware/Ransomware
Macros
File analysis
Macro analysis
OLE analysis
Sender analysis
Attachment with macro calling executable
Sublime Security
3mo ago
Jan 12th, 2026
Malware/Ransomware
Evasion
Macros
Archive analysis
File analysis
Attachment with VBA macros from employee impersonation (unsolicited)
Sublime Security
3mo ago
Jan 12th, 2026
Malware/Ransomware
Impersonation: Employee
Macros
Social engineering
Archive analysis
File analysis
Macro analysis
Sender analysis
Attachment: XLSX file with suspicious print titles metadata
Sublime Security
7mo ago
Sep 16th, 2025
Credential Phishing
Evasion
Macros
File analysis
Exif analysis
Suspicious VBA macros from untrusted sender
Sublime Security
3mo ago
Jan 12th, 2026
Malware/Ransomware
Macros
File analysis
Macro analysis
Sender analysis
19 Rules