Sublime Core Feed

Login to Sublime

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security

Last updated Mar 21st, 2025

Feed Source

Tactic or Technique is

Rule Name & Severity	Author	Last Updated	Labels
Attachment: Archive containing HTML file with file scheme link	Sublime Security	1y ago Mar 7th, 2024	Credential Phishing Evasion Exploit HTML smuggling Social engineering Archive analysis File analysis HTML analysis	/feeds/core/detection-rules/attachment-archive-containing-html-file-with-file-scheme-link-edf6d0d9
Attachment: Archive contains DLL-loading macro	Sublime Security	2y ago Dec 28th, 2023	Malware/Ransomware Exploit LNK Macros Scripting Archive analysis File analysis Macro analysis YARA	/feeds/core/detection-rules/attachment-archive-contains-dll-loading-macro-3a193f5f
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability	Sublime Security	2y ago Dec 19th, 2023	Malware/Ransomware Exploit Macros Scripting Archive analysis Content analysis File analysis Macro analysis OLE analysis	/feeds/core/detection-rules/attachment-cve-2021-40444-mshtml-remote-code-execution-vulnerability-8cefcf7f
Attachment: CVE-2023-21716 - Microsoft Office Remote Code Execution Vulnerability	Sublime Security	2y ago Dec 19th, 2023	Malware/Ransomware Exploit Content analysis File analysis	/feeds/core/detection-rules/attachment-cve-2023-21716-microsoft-office-remote-code-execution-vulnerability-23714cca
Attachment: CVE-2025-24071 - Microsoft Windows File Explorer Spoofing Vulnerability	Sublime Security	2d ago Mar 21st, 2025	Credential Phishing Scripting Macros Exploit Archive analysis Content analysis File analysis	/feeds/core/detection-rules/attachment-cve-2025-24071-microsoft-windows-file-explorer-spoofing-vulnerability-2e69fa0b
Attachment: LNK with embedded content	@ajpc500	2y ago Aug 21st, 2023	Malware/Ransomware Exploit LNK Scripting Content analysis Exif analysis File analysis	/feeds/core/detection-rules/attachment-lnk-with-embedded-content-41452f7a
CVE-2023-5631 - Roundcube Webmail XSS via crafted SVG	Sublime Security	1y ago Feb 23rd, 2024	Malware/Ransomware Evasion Exploit HTML smuggling Scripting Content analysis HTML analysis Sender analysis	/feeds/core/detection-rules/cve-2023-5631-roundcube-webmail-xss-via-crafted-svg-8405d61b
Link: CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability	Sublime Security	1y ago Feb 15th, 2024	Malware/Ransomware Evasion Exploit URL analysis	/feeds/core/detection-rules/link-cve-2024-21413-microsoft-outlook-remote-code-execution-vulnerability-e8151426
Mass campaign: Cross Site Scripting (XSS) attempt	Sublime Security	12mo ago Mar 27th, 2024	Malware/Ransomware Spam Exploit Free email provider Scripting Social engineering Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/mass-campaign-cross-site-scripting-xss-attempt-6cbb7124
Open redirect: City of Calgary	Sublime Security	6mo ago Sep 11th, 2024	Credential Phishing Exploit Open redirect Social engineering Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-city-of-calgary-00321858
Outlook hyperlink bypass: left-to-right mark (LRM) in base HTML tag	Sublime Security	2y ago Aug 21st, 2023	Credential Phishing Evasion Exploit Content analysis HTML analysis URL analysis	/feeds/core/detection-rules/outlook-hyperlink-bypass-left-to-right-mark-lrm-in-base-html-tag-160cc681