Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Jul 17th, 2025
Feed Source
Tactic or Technique is
Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Attachment: Archive contains DLL-loading macro | Sublime Security | 2y ago Dec 28th, 2023 | /feeds/core/detection-rules/attachment-archive-contains-dll-loading-macro-3a193f5f | |
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability | Sublime Security | 2y ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-cve-2021-40444-mshtml-remote-code-execution-vulnerability-8cefcf7f | |
Attachment: CVE-2025-24071 - Microsoft Windows File Explorer Spoofing Vulnerability | Sublime Security | 4mo ago Mar 21st, 2025 | /feeds/core/detection-rules/attachment-cve-2025-24071-microsoft-windows-file-explorer-spoofing-vulnerability-2e69fa0b | |
Attachment: Encrypted Microsoft Office file (unsolicited) | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/attachment-encrypted-microsoft-office-file-unsolicited-1e47e953 | |
Attachment: Macro Files Containing MHT Content | Sublime Security | 1mo ago Jun 12th, 2025 | /feeds/core/detection-rules/attachment-macro-files-containing-mht-content-4d54e40b | |
Attachment: Macro with Suspected Use of COM ShellBrowserWindow Object for Process Creation | @ajpc500 | 2y ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-macro-with-suspected-use-of-com-shellbrowserwindow-object-for-process-creation-527fc7f0 | |
Attachment: Potential Sandbox Evasion in Office File | @ajpc500 | 2y ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-potential-sandbox-evasion-in-office-file-1c591681 | |
Attachment: QR Code Link With Base64-Encoded Recipient Address | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/attachment-qr-code-link-with-base64-encoded-recipient-address-927a0c1a | |
Attachment soliciting user to enable macros | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/attachment-soliciting-user-to-enable-macros-e9d75515 | |
Attachment: USDA Bid Invitation Impersonation | Sublime Security | 1mo ago May 23rd, 2025 | /feeds/core/detection-rules/attachment-usda-bid-invitation-impersonation-34eb9493 | |
Attachment with auto-executing macro (unsolicited) | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/attachment-with-auto-executing-macro-unsolicited-af6624c3 | |
Attachment with auto-opening VBA macro (unsolicited) | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/attachment-with-auto-opening-vba-macro-unsolicited-d48b3e53 | |
Attachment with high risk VBA macro (unsolicited) | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/attachment-with-high-risk-vba-macro-unsolicited-a2b20e16 | |
Attachment with macro calling executable | Sublime Security | 2y ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-with-macro-calling-executable-5ee6a197 | |
Attachment with VBA macros from employee impersonation (unsolicited) | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/attachment-with-vba-macros-from-employee-impersonation-unsolicited-9b262123 | |
Suspicious VBA macros from untrusted sender | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/suspicious-vba-macros-from-untrusted-sender-37cec120 |