Sublime Core Feed | Sublime Security

Sublime Core Feed
Login to Sublime
Sublime Core FeedThis repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Dec 26th, 2025
Feed Source
GitHub
Tactic or Technique is
Rule Name & Severity
Last Updated
Attachment: Malicious OneNote commands
@Kyle_Parrish_
5mo ago
Aug 5th, 2025
Malware/Ransomware
OneNote
Scripting
Archive analysis
Content analysis
File analysis
YARA
Malware/Ransomware
OneNote
Scripting
Archive analysis
Content analysis
File analysis
YARA
/feeds/core/detection-rules/attachment-malicious-onenote-commands-7319f0eb
Link: Uncommon SharePoint document type with sender's display name
Sublime Security
5mo ago
Aug 5th, 2025
Credential Phishing
Social engineering
OneNote
PDF
Content analysis
Header analysis
HTML analysis
URL analysis
Credential Phishing
Social engineering
OneNote
PDF
Content analysis
Header analysis
HTML analysis
URL analysis
/feeds/core/detection-rules/link-uncommon-sharepoint-document-type-with-senders-display-name-02d290b2
Sharepoint link likely unrelated to sender
Sublime Security
3mo ago
Sep 19th, 2025
BEC/Fraud
Credential Phishing
Impersonation: Employee
Lookalike domain
OneNote
PDF
Social engineering
URL analysis
Sender analysis
Header analysis
HTML analysis
BEC/Fraud
Credential Phishing
Impersonation: Employee
Lookalike domain
OneNote
PDF
Social engineering
URL analysis
Sender analysis
Header analysis
HTML analysis
/feeds/core/detection-rules/sharepoint-link-likely-unrelated-to-sender-6870f489
Suspicious SharePoint file sharing
Sublime Security
5mo ago
Aug 5th, 2025
Credential Phishing
Free email provider
Free file host
OneNote
PDF
Content analysis
Header analysis
Sender analysis
URL analysis
Credential Phishing
Free email provider
Free file host
OneNote
PDF
Content analysis
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/suspicious-sharepoint-file-sharing-971c3d9c
4 Rules