Sublime Core Feed

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated May 15th, 2024

Feed Source

Detection Method is

Rule Name & Severity	Author	Last Updated	Labels
Attachment: Archive contains DLL-loading macro	Sublime Security	5 months ago Dec 28th, 2023	Malware/Ransomware Exploit LNK Macros Scripting Archive analysis File analysis Macro analysis YARA	/feeds/core/detection-rules/attachment-archive-contains-dll-loading-macro-3a193f5f
Attachment: Archive with embedded EXE file	Sublime Security	3 months ago Feb 27th, 2024	Malware/Ransomware Evasion Archive analysis File analysis YARA	/feeds/core/detection-rules/attachment-archive-with-embedded-exe-file-e2b0ad86
Attachment: DocX embedded Binary	Sublime Security	2 months ago Mar 26th, 2024	Malware/Ransomware Evasion Archive analysis Content analysis YARA	/feeds/core/detection-rules/attachment-docx-embedded-binary-feff0241
Attachment: HTML file with excessive padding and suspicious patterns	Sublime Security	9 months ago Aug 21st, 2023	Credential Phishing Malware/Ransomware Evasion HTML smuggling File analysis HTML analysis YARA	/feeds/core/detection-rules/attachment-html-file-with-excessive-padding-and-suspicious-patterns-0a6aee1e
Attachment: HTML file with reference to recipient and suspicious patterns	Sublime Security	12 days ago May 3rd, 2024	Credential Phishing HTML smuggling Scripting Content analysis File analysis HTML analysis Javascript analysis YARA	/feeds/core/detection-rules/attachment-html-file-with-reference-to-recipient-and-suspicious-patterns-5333493d
Attachment: HTML smuggling with embedded base64-encoded executable	Sublime Security	2 months ago Mar 25th, 2024	Malware/Ransomware Evasion HTML smuggling Archive analysis File analysis HTML analysis YARA	/feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-encoded-executable-b00c4527
Attachment: JavaScript file with suspicious base64-encoded executable	Sublime Security	a month ago Apr 1st, 2024	Malware/Ransomware Evasion Scripting Archive analysis File analysis YARA	/feeds/core/detection-rules/attachment-javascript-file-with-suspicious-base64-encoded-executable-b8db0cf3
Attachment: Malicious OneNote Commands	@Kyle_Parrish_	9 months ago Aug 21st, 2023	Malware/Ransomware OneNote Scripting Archive analysis Content analysis File analysis YARA	/feeds/core/detection-rules/attachment-malicious-onenote-commands-7319f0eb
Attachment: RTF with embedded content	@amitchell516	3 months ago Feb 26th, 2024	Malware/Ransomware Evasion File analysis YARA	/feeds/core/detection-rules/attachment-rtf-with-embedded-content-61dd2dd7
Attachment with unscannable encrypted zip (unsolicited)	Sublime Security	6 months ago Nov 1st, 2023	Malware/Ransomware Encryption Evasion Archive analysis File analysis Sender analysis YARA	/feeds/core/detection-rules/attachment-with-unscannable-encrypted-zip-unsolicited-529d4a9a
Link to auto-downloaded disk image in encrypted zip	@ajpc500	20 days ago Apr 25th, 2024	Malware/Ransomware Encryption Evasion Social engineering Archive analysis File analysis Sender analysis URL analysis YARA	/feeds/core/detection-rules/link-to-auto-downloaded-disk-image-in-encrypted-zip-b50f0cb1
Link to auto-downloaded DMG in encrypted zip	Sublime Security	20 days ago Apr 25th, 2024	Malware/Ransomware Encryption Evasion Social engineering Archive analysis File analysis Sender analysis URL analysis YARA	/feeds/core/detection-rules/link-to-auto-downloaded-dmg-in-encrypted-zip-43af98d3
Link to auto-download of a suspicious file type (unsolicited)	Sublime Security	6 days ago May 9th, 2024	Malware/Ransomware Encryption Evasion LNK Social engineering Archive analysis File analysis Sender analysis URL analysis YARA	/feeds/core/detection-rules/link-to-auto-download-of-a-suspicious-file-type-unsolicited-67ae2152

13 Rules