Sublime Core Feed | Sublime Security

Sublime Core Feed
Login to Sublime
Sublime Core FeedThis repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Apr 21st, 2026
Feed Source
GitHub
Tactic or Technique is
Rule Name & Severity
Last Updated
Attachment: Malicious OneNote commands
@Kyle_Parrish_
3mo ago
Jan 12th, 2026
Malware/Ransomware
OneNote
Scripting
Archive analysis
Content analysis
File analysis
YARA
Malware/Ransomware
OneNote
Scripting
Archive analysis
Content analysis
File analysis
YARA
Link: SharePoint OneNote or PDF link with self sender behavior
Sublime Security
1mo ago
Feb 27th, 2026
Credential Phishing
Evasion
Free file host
OneNote
PDF
Header analysis
URL analysis
Sender analysis
Credential Phishing
Evasion
Free file host
OneNote
PDF
Header analysis
URL analysis
Sender analysis
Link: Uncommon SharePoint document type with sender's display name
Sublime Security
8mo ago
Aug 5th, 2025
Credential Phishing
Social engineering
OneNote
PDF
Content analysis
Header analysis
HTML analysis
URL analysis
Credential Phishing
Social engineering
OneNote
PDF
Content analysis
Header analysis
HTML analysis
URL analysis
Sharepoint link likely unrelated to sender
Sublime Security
3mo ago
Jan 12th, 2026
BEC/Fraud
Credential Phishing
Impersonation: Employee
Lookalike domain
OneNote
PDF
Social engineering
URL analysis
Sender analysis
Header analysis
HTML analysis
BEC/Fraud
Credential Phishing
Impersonation: Employee
Lookalike domain
OneNote
PDF
Social engineering
URL analysis
Sender analysis
Header analysis
HTML analysis
Suspicious SharePoint file sharing
Sublime Security
8mo ago
Aug 5th, 2025
Credential Phishing
Free email provider
Free file host
OneNote
PDF
Content analysis
Header analysis
Sender analysis
URL analysis
Credential Phishing
Free email provider
Free file host
OneNote
PDF
Content analysis
Header analysis
Sender analysis
URL analysis
5 Rules