Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Mar 21st, 2025
Feed Source
Tactic or Technique is
Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Attachment: Archive contains DLL-loading macro | Sublime Security | 2y ago Dec 28th, 2023 | /feeds/core/detection-rules/attachment-archive-contains-dll-loading-macro-3a193f5f | |
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability | Sublime Security | 2y ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-cve-2021-40444-mshtml-remote-code-execution-vulnerability-8cefcf7f | |
Attachment: CVE-2025-24071 - Microsoft Windows File Explorer Spoofing Vulnerability | Sublime Security | 2d ago Mar 21st, 2025 | /feeds/core/detection-rules/attachment-cve-2025-24071-microsoft-windows-file-explorer-spoofing-vulnerability-2e69fa0b | |
Attachment: Encrypted Microsoft Office file (unsolicited) | Sublime Security | 2y ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-encrypted-microsoft-office-file-unsolicited-1e47e953 | |
Attachment: Macro with Suspected Use of COM ShellBrowserWindow Object for Process Creation | @ajpc500 | 2y ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-macro-with-suspected-use-of-com-shellbrowserwindow-object-for-process-creation-527fc7f0 | |
Attachment: Potential Sandbox Evasion in Office File | @ajpc500 | 2y ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-potential-sandbox-evasion-in-office-file-1c591681 | |
Attachment: QR Code Link With Base64-Encoded Recipient Address | Sublime Security | 26d ago Feb 25th, 2025 | /feeds/core/detection-rules/attachment-qr-code-link-with-base64-encoded-recipient-address-927a0c1a | |
Attachment soliciting user to enable macros | Sublime Security | 2y ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-soliciting-user-to-enable-macros-e9d75515 | |
Attachment with auto-executing macro (unsolicited) | Sublime Security | 2y ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-with-auto-executing-macro-unsolicited-af6624c3 | |
Attachment with auto-opening VBA macro (unsolicited) | Sublime Security | 2y ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-with-auto-opening-vba-macro-unsolicited-d48b3e53 | |
Attachment with high risk VBA macro (unsolicited) | Sublime Security | 2y ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-with-high-risk-vba-macro-unsolicited-a2b20e16 | |
Attachment with macro calling executable | Sublime Security | 2y ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-with-macro-calling-executable-5ee6a197 | |
Attachment with VBA macros from employee impersonation (unsolicited) | Sublime Security | 1y ago Feb 26th, 2024 | /feeds/core/detection-rules/attachment-with-vba-macros-from-employee-impersonation-unsolicited-9b262123 | |
Suspicious VBA macros from untrusted sender | Sublime Security | 1y ago Feb 23rd, 2024 | /feeds/core/detection-rules/suspicious-vba-macros-from-untrusted-sender-37cec120 |