Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Mar 21st, 2025
Feed Source
Tactic or Technique is
Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Attachment: Archive contains DLL-loading macro | Sublime Security | 2y ago Dec 28th, 2023 | /feeds/core/detection-rules/attachment-archive-contains-dll-loading-macro-3a193f5f | |
Attachment: .csproj with suspicious commands | Sublime Security | 2y ago Aug 17th, 2023 | /feeds/core/detection-rules/attachment-csproj-with-suspicious-commands-fe45b81d | |
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability | Sublime Security | 2y ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-cve-2021-40444-mshtml-remote-code-execution-vulnerability-8cefcf7f | |
Attachment: CVE-2025-24071 - Microsoft Windows File Explorer Spoofing Vulnerability | Sublime Security | 2d ago Mar 21st, 2025 | /feeds/core/detection-rules/attachment-cve-2025-24071-microsoft-windows-file-explorer-spoofing-vulnerability-2e69fa0b | |
Attachment: Double Base64-encoded Zip File in HTML Smuggling Attachment | @ajpc500 | 2y ago Oct 4th, 2023 | /feeds/core/detection-rules/attachment-double-base64-encoded-zip-file-in-html-smuggling-attachment-61ebb07b | |
Attachment: Embedded Javascript in SVG file (unsolicited) | Sublime Security | 18d ago Mar 5th, 2025 | /feeds/core/detection-rules/attachment-embedded-javascript-in-svg-file-unsolicited-f70293bc | |
Attachment: Embedded VBScript in MHT file (unsolicited) | Sublime Security | 2y ago Oct 4th, 2023 | /feeds/core/detection-rules/attachment-embedded-vbscript-in-mht-file-unsolicited-b30353a6 | |
Attachment: EML containing a base64 encoded script | Sublime Security | 1y ago Jan 30th, 2024 | /feeds/core/detection-rules/attachment-eml-containing-a-base64-encoded-script-fc3d9445 | |
Attachment: EML with Embedded Javascript in SVG File (unsolicited) | Sublime Security | 19d ago Mar 4th, 2025 | /feeds/core/detection-rules/attachment-eml-with-embedded-javascript-in-svg-file-unsolicited-dfafb78f | |
Attachment: Encrypted Microsoft Office file (unsolicited) | Sublime Security | 2y ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-encrypted-microsoft-office-file-unsolicited-1e47e953 | |
Attachment: Fake Slack installer | Sublime Security | 2y ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-slack-installer-cded2d2f | |
Attachment: Fake Zoom installer | Sublime Security | 2y ago Nov 29th, 2023 | /feeds/core/detection-rules/attachment-fake-zoom-installer-840a12a6 | |
Attachment: File execution via Javascript | Sublime Security | 2y ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-file-execution-via-javascript-627ae0b1 | |
Attachment: HTML Attachment with Javascript location | @vector_sec | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-attachment-with-javascript-location-e0611295 | |
Attachment: HTML Attachment with Login Portal Indicators | @ajpc500 | 11mo ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-html-attachment-with-login-portal-indicators-3aabf4a7 | |
Attachment: HTML file contains exclusively Javascript | Sublime Security | 1y ago Feb 1st, 2024 | /feeds/core/detection-rules/attachment-html-file-contains-exclusively-javascript-b6d38168 | |
Attachment: HTML file with excessive 'const' declarations and abnormally long timeouts | Sublime Security | 1mo ago Feb 3rd, 2025 | /feeds/core/detection-rules/attachment-html-file-with-excessive-const-declarations-and-abnormally-long-timeouts-66f8a07a | |
Attachment: HTML file with reference to recipient and suspicious patterns | Sublime Security | 10mo ago May 3rd, 2024 | /feeds/core/detection-rules/attachment-html-file-with-reference-to-recipient-and-suspicious-patterns-5333493d | |
Attachment: HTML smuggling 'body onload' linking to suspicious destination | Sublime Security | 2y ago Sep 22nd, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-body-onload-linking-to-suspicious-destination-c1e2beed | |
Attachment: HTML smuggling 'body onload' with high entropy and suspicious text | Sublime Security | 2y ago Sep 25th, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-body-onload-with-high-entropy-and-suspicious-text-329ac12d | |
Attachment: HTML smuggling with atob and high entropy | Sublime Security | 6mo ago Aug 29th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-03fcac11 | |
Attachment: HTML smuggling with auto-downloaded file | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-auto-downloaded-file-abf724f5 | |
Attachment: HTML smuggling with base64 encoded JavaScript function | Sublime Security | 2y ago Aug 27th, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-base64-encoded-javascript-function-4e8a12ec | |
Attachment: HTML smuggling with concatenation obfuscation | @vector_sec | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-concatenation-obfuscation-108ab346 | |
Attachment: HTML smuggling with decimal encoding | Sublime Security | 11mo ago Apr 23rd, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-decimal-encoding-f99213c4 | |
Attachment: HTML smuggling with embedded base64 streamed file download | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-embedded-base64-streamed-file-download-e04de4e2 | |
Attachment: HTML smuggling with eval and atob | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-eval-and-atob-9f521ca2 | |
Attachment: HTML smuggling with excessive line break obfuscation | Sublime Security | 2y ago Sep 8th, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-excessive-line-break-obfuscation-7e901440 | |
Attachment: HTML smuggling with excessive string concatenation and suspicious patterns | Sublime Security | 6mo ago Aug 27th, 2024 | /feeds/core/detection-rules/attachment-html-smuggling-with-excessive-string-concatenation-and-suspicious-patterns-e34fce8d | |
Attachment: HTML smuggling with fromCharCode and other signals | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-fromcharcode-and-other-signals-a68ce0ef | |
Attachment: HTML smuggling with high entropy and other signals | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-high-entropy-and-other-signals-be157288 | |
Attachment: HTML smuggling with RC4 decryption | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-rc4-decryption-3a46d765 | |
Attachment: HTML smuggling with ROT13 | @Kyle_Parrish_ | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-rot13-6eacc4cf | |
Attachment: HTML smuggling with setTimeout | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-settimeout-4e0b2c32 | |
Attachment: HTML smuggling with unescape | Sublime Security | 2y ago Sep 22nd, 2023 | /feeds/core/detection-rules/attachment-html-smuggling-with-unescape-0b0fed36 | |
Attachment: HTML With Emoji-to-Character Map | Sublime Security | 3mo ago Dec 2nd, 2024 | /feeds/core/detection-rules/attachment-html-with-emoji-to-character-map-3119d086 | |
Attachment: HTML with Hidden Body | Sublime Security | 9mo ago Jun 24th, 2024 | /feeds/core/detection-rules/attachment-html-with-hidden-body-b059a781 | |
Attachment: HTML with JavaScript Functions for HTTP requests | Sublime Security | 8mo ago Jul 3rd, 2024 | /feeds/core/detection-rules/attachment-html-with-javascript-functions-for-http-requests-01e679fd | |
Attachment: HTML with obfuscation and recipient's email in JavaScript strings | Sublime Security | 10d ago Mar 13th, 2025 | /feeds/core/detection-rules/attachment-html-with-obfuscation-and-recipients-email-in-javascript-strings-1aff486b | |
Attachment: JavaScript file with suspicious base64-encoded executable | Sublime Security | 11mo ago Apr 1st, 2024 | /feeds/core/detection-rules/attachment-javascript-file-with-suspicious-base64-encoded-executable-b8db0cf3 | |
Attachment: LNK with embedded content | @ajpc500 | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-lnk-with-embedded-content-41452f7a | |
Attachment: Macro with Suspected Use of COM ShellBrowserWindow Object for Process Creation | @ajpc500 | 2y ago Dec 19th, 2023 | /feeds/core/detection-rules/attachment-macro-with-suspected-use-of-com-shellbrowserwindow-object-for-process-creation-527fc7f0 | |
Attachment: Malicious OneNote Commands | @Kyle_Parrish_ | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-malicious-onenote-commands-7319f0eb | |
Attachment: Microsoft impersonation via PDF with link and suspicious language | Sublime Security | 10mo ago May 2nd, 2024 | /feeds/core/detection-rules/attachment-microsoft-impersonation-via-pdf-with-link-and-suspicious-language-70d41c7f | |
Attachment: Office Document with VSTO Add-in | @vector_sec | 1y ago Jan 11th, 2024 | /feeds/core/detection-rules/attachment-office-document-with-vsto-add-in-27afa730 | |
Attachment: Office file with suspicious function calls or downloaded file path | Sublime Security | 1y ago Feb 9th, 2024 | /feeds/core/detection-rules/attachment-office-file-with-suspicious-function-calls-or-downloaded-file-path-4c78b969 | |
Attachment: PowerPoint with suspicious hyperlink | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-powerpoint-with-suspicious-hyperlink-0a999fb1 | |
Attachment: PowerShell Content | @ajpc500 | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-powershell-content-c12566db | |
Attachment: SFX archive containing commands | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-sfx-archive-containing-commands-343e6c8c | |
Attachment: SVG file execution | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/attachment-svg-file-execution-084b0cde |