• Sublime Core Feed

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Mar 4th, 2026
Feed Source
GitHub
Tactic or Technique is
Rule Name & Severity
Author
Last Updated
Labels
Attachment: Malicious OneNote commands
@Kyle_Parrish_
1mo ago
Jan 12th, 2026
Malware/Ransomware
OneNote
Scripting
Archive analysis
Content analysis
File analysis
YARA
/feeds/core/detection-rules/attachment-malicious-onenote-commands-7319f0eb
Link: SharePoint OneNote or PDF link with self sender behavior
Sublime Security
6d ago
Feb 27th, 2026
Credential Phishing
Evasion
Free file host
OneNote
PDF
Header analysis
URL analysis
Sender analysis
/feeds/core/detection-rules/link-sharepoint-onenote-or-pdf-link-with-self-sender-behavior-588e7203
Link: Uncommon SharePoint document type with sender's display name
Sublime Security
7mo ago
Aug 5th, 2025
Credential Phishing
Social engineering
OneNote
PDF
Content analysis
Header analysis
HTML analysis
URL analysis
/feeds/core/detection-rules/link-uncommon-sharepoint-document-type-with-senders-display-name-02d290b2
Sharepoint link likely unrelated to sender
Sublime Security
1mo ago
Jan 12th, 2026
BEC/Fraud
Credential Phishing
Impersonation: Employee
Lookalike domain
OneNote
PDF
Social engineering
URL analysis
Sender analysis
Header analysis
HTML analysis
/feeds/core/detection-rules/sharepoint-link-likely-unrelated-to-sender-6870f489
Suspicious SharePoint file sharing
Sublime Security
7mo ago
Aug 5th, 2025
Credential Phishing
Free email provider
Free file host
OneNote
PDF
Content analysis
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/suspicious-sharepoint-file-sharing-971c3d9c
5 Rules