Sublime Core Feed

Login to Sublime

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Mar 21st, 2025

Feed Source

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
Attachment: Archive contains DLL-loading macro	Sublime Security	2y ago Dec 28th, 2023	Malware/Ransomware Exploit LNK Macros Scripting Archive analysis File analysis Macro analysis YARA	/feeds/core/detection-rules/attachment-archive-contains-dll-loading-macro-3a193f5f
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability	Sublime Security	2y ago Dec 19th, 2023	Malware/Ransomware Exploit Macros Scripting Archive analysis Content analysis File analysis Macro analysis OLE analysis	/feeds/core/detection-rules/attachment-cve-2021-40444-mshtml-remote-code-execution-vulnerability-8cefcf7f
Attachment: Macro with Suspected Use of COM ShellBrowserWindow Object for Process Creation	@ajpc500	2y ago Dec 19th, 2023	Malware/Ransomware Macros Scripting Content analysis File analysis Macro analysis	/feeds/core/detection-rules/attachment-macro-with-suspected-use-of-com-shellbrowserwindow-object-for-process-creation-527fc7f0
Attachment: Potential Sandbox Evasion in Office File	@ajpc500	2y ago Dec 19th, 2023	Malware/Ransomware Evasion Macros File analysis Macro analysis	/feeds/core/detection-rules/attachment-potential-sandbox-evasion-in-office-file-1c591681
Attachment soliciting user to enable macros	Sublime Security	2y ago Dec 19th, 2023	Malware/Ransomware Macros Archive analysis File analysis Macro analysis Optical Character Recognition Sender analysis	/feeds/core/detection-rules/attachment-soliciting-user-to-enable-macros-e9d75515
Attachment with auto-executing macro (unsolicited)	Sublime Security	2y ago Dec 19th, 2023	Malware/Ransomware Macros Archive analysis Header analysis File analysis Macro analysis OLE analysis Sender analysis	/feeds/core/detection-rules/attachment-with-auto-executing-macro-unsolicited-af6624c3
Attachment with auto-opening VBA macro (unsolicited)	Sublime Security	2y ago Dec 19th, 2023	Malware/Ransomware Macros Archive analysis File analysis Macro analysis Sender analysis	/feeds/core/detection-rules/attachment-with-auto-opening-vba-macro-unsolicited-d48b3e53
Attachment with high risk VBA macro (unsolicited)	Sublime Security	2y ago Dec 19th, 2023	Malware/Ransomware Macros File analysis Macro analysis OLE analysis Sender analysis	/feeds/core/detection-rules/attachment-with-high-risk-vba-macro-unsolicited-a2b20e16
Attachment with VBA macros from employee impersonation (unsolicited)	Sublime Security	1y ago Feb 26th, 2024	Malware/Ransomware Impersonation: Employee Macros Social engineering Archive analysis File analysis Macro analysis Sender analysis	/feeds/core/detection-rules/attachment-with-vba-macros-from-employee-impersonation-unsolicited-9b262123
Suspicious VBA macros from untrusted sender	Sublime Security	1y ago Feb 23rd, 2024	Malware/Ransomware Macros File analysis Macro analysis Sender analysis	/feeds/core/detection-rules/suspicious-vba-macros-from-untrusted-sender-37cec120