• Sublime Core Feed

Sublime Core Feed

This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.

Sublime Security
Last updated Apr 28th, 2025
Feed Source
GitHub
Tactic or Technique is
Rule Name & Severity
Author
Last Updated
Labels
Attachment: Malicious OneNote Commands
@Kyle_Parrish_
2y ago
Aug 21st, 2023
Malware/Ransomware
OneNote
Scripting
Archive analysis
Content analysis
File analysis
YARA
/feeds/core/detection-rules/attachment-malicious-onenote-commands-7319f0eb
Sharepoint Link Likely Unrelated to Sender
Sublime Security
1mo ago
Mar 12th, 2025
BEC/Fraud
Credential Phishing
Impersonation: Employee
Lookalike domain
OneNote
PDF
Social engineering
URL analysis
Sender analysis
Header analysis
HTML analysis
/feeds/core/detection-rules/sharepoint-link-likely-unrelated-to-sender-6870f489
Suspicious SharePoint File Sharing
Sublime Security
19d ago
Apr 11th, 2025
Credential Phishing
Free email provider
Free file host
OneNote
PDF
Content analysis
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/suspicious-sharepoint-file-sharing-971c3d9c
3 Rules