Sublime Core Feed

Login to Sublime

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Apr 28th, 2025

Feed Source

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
Attachment: Archive contains DLL-loading macro	Sublime Security	2y ago Dec 28th, 2023	Malware/Ransomware Exploit LNK Macros Scripting Archive analysis File analysis Macro analysis YARA	/feeds/core/detection-rules/attachment-archive-contains-dll-loading-macro-3a193f5f
Attachment: Archive with embedded EXE file	Sublime Security	1y ago Feb 27th, 2024	Malware/Ransomware Evasion Archive analysis File analysis YARA	/feeds/core/detection-rules/attachment-archive-with-embedded-exe-file-e2b0ad86
Attachment: DocX embedded Binary	Sublime Security	1y ago Mar 26th, 2024	Malware/Ransomware Evasion Archive analysis Content analysis YARA	/feeds/core/detection-rules/attachment-docx-embedded-binary-feff0241
Attachment: HTML file with excessive padding and suspicious patterns	Sublime Security	2y ago Aug 21st, 2023	Credential Phishing Malware/Ransomware Evasion HTML smuggling File analysis HTML analysis YARA	/feeds/core/detection-rules/attachment-html-file-with-excessive-padding-and-suspicious-patterns-0a6aee1e
Attachment: HTML file with reference to recipient and suspicious patterns	Sublime Security	12mo ago May 3rd, 2024	Credential Phishing HTML smuggling Scripting Content analysis File analysis HTML analysis Javascript analysis YARA	/feeds/core/detection-rules/attachment-html-file-with-reference-to-recipient-and-suspicious-patterns-5333493d
Attachment: HTML smuggling with embedded base64-encoded executable	Sublime Security	1y ago Mar 25th, 2024	Malware/Ransomware Evasion HTML smuggling Archive analysis File analysis HTML analysis YARA	/feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-executable-b00c4527
Attachment: JavaScript file with suspicious base64-encoded executable	Sublime Security	1y ago Apr 1st, 2024	Malware/Ransomware Evasion Scripting Archive analysis File analysis YARA	/feeds/core/detection-rules/attachment-javascript-file-with-suspicious-base64-encoded-executable-b8db0cf3
Attachment: Malformed OLE file	Sublime Security	5mo ago Nov 25th, 2024	Credential Phishing Malware/Ransomware Evasion File analysis YARA	/feeds/core/detection-rules/attachment-malformed-ole-file-5aadc68f
Attachment: Malicious OneNote Commands	@Kyle_Parrish_	2y ago Aug 21st, 2023	Malware/Ransomware OneNote Scripting Archive analysis Content analysis File analysis YARA	/feeds/core/detection-rules/attachment-malicious-onenote-commands-7319f0eb
Attachment: RTF with embedded content	@amitchell516	1y ago Feb 26th, 2024	Malware/Ransomware Evasion File analysis YARA	/feeds/core/detection-rules/attachment-rtf-with-embedded-content-61dd2dd7
Attachment with unscannable encrypted zip (unsolicited)	Sublime Security	2y ago Nov 1st, 2023	Malware/Ransomware Encryption Evasion Archive analysis File analysis Sender analysis YARA	/feeds/core/detection-rules/attachment-with-unscannable-encrypted-zip-unsolicited-529d4a9a
Link to auto-downloaded disk image in encrypted zip	@ajpc500	1y ago Apr 25th, 2024	Malware/Ransomware Encryption Evasion Social engineering Archive analysis File analysis Sender analysis URL analysis YARA	/feeds/core/detection-rules/link-to-auto-downloaded-disk-image-in-encrypted-zip-b50f0cb1
Link to auto-downloaded DMG in encrypted zip	Sublime Security	1y ago Apr 25th, 2024	Malware/Ransomware Encryption Evasion Social engineering Archive analysis File analysis Sender analysis URL analysis YARA	/feeds/core/detection-rules/link-to-auto-downloaded-dmg-in-encrypted-zip-43af98d3
Link to auto-download of a suspicious file type (unsolicited)	Sublime Security	1mo ago Mar 5th, 2025	Malware/Ransomware Encryption Evasion LNK Social engineering Archive analysis File analysis Sender analysis URL analysis YARA	/feeds/core/detection-rules/link-to-auto-download-of-a-suspicious-file-type-unsolicited-67ae2152