Sublime Security

Sublime Core Feed
Content analysis
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Detection Method: Content analysis
Content analysis looks at the language and structure of a message to identify signs of phishing, social engineering, and other malicious intent. Instead of scanning for keywords, this method uses natural language understanding (NLU) to detect meaning, intent, and tone across the message.
Content analysis helps detect:
BEC attempts with urgent messages from executive impersonators
Credential phishing disguised as login or document notifications
Callback scams posing as account renewals or fake support
Extortion threats or blackmail messages
Financial or personal data requests in suspicious contexts
Fake job offers targeting employees
Invoice fraud, payroll fraud, and more
For example, a phishing email may impersonate a CFO asking for a wire transfer. Content analysis can flag the urgent tone, financial context, and impersonation attempt.
Blog Posts
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Callback phishing via invoice abuse and distribution list relays · Blog · Sublime Security
Hidden credential phishing within EML attachments · Blog · Sublime Security
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Living Off the Land: Callback Phishing via Docusign comment · Blog · Sublime Security
Adversarial ML: Extortion via LLM Manipulation Tactics · Blog · Sublime Security
Fake invoice used to conduct $16,800 BEC attempt · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Detecting QakBot: WSF attachments, OneNote files, and generic attack surface reduction · Blog · Sublime Security
Attack Types (7):
Credential Phishing
Malware/Ransomware
Callback Phishing
BEC/Fraud
Spam
Reconnaissance
Extortion
Tactics & Techniques (26):
PDF
Social engineering
Evasion
Impersonation: Brand
Out of band pivot
Exploit
Spoofing
Impersonation: Employee
Free email provider
Image as content
Free file host
Free subdomain host
Impersonation: VIP
Macros
Lookalike domain
Credential Phishing
Encryption
Open redirect
Scripting
HTML injection
QR code
HTML smuggling
LNK
OneNote
IPFS
ISO
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Attachment: Self-sender PDF with minimal content and view prompt
5h ago
Feb 12th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
PDF
Social engineering
Evasion
Content analysis
File analysis
Sender analysis
Credential Phishing
Malware/Ransomware
PDF
Social engineering
Evasion
Content analysis
File analysis
Sender analysis
/feeds/core/detection-rules/attachment-self-sender-pdf-with-minimal-content-and-view-prompt-07670a8c
Brand impersonation: Dropbox
6h ago
Feb 12th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
File analysis
Header analysis
Sender analysis
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
File analysis
Header analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-dropbox-61f11d12
Brand impersonation: TikTok
6h ago
Feb 12th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
Credential Phishing
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/brand-impersonation-tiktok-aaacc8b7
Link: PDF filename impersonation with credential theft language
6h ago
Feb 12th, 2026
Sublime Security
Credential Phishing
Social engineering
Evasion
PDF
Content analysis
Natural Language Understanding
Header analysis
Sender analysis
URL analysis
Credential Phishing
Social engineering
Evasion
PDF
Content analysis
Natural Language Understanding
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/link-pdf-filename-impersonation-with-credential-theft-language-05931513
Brand impersonation: Google Meet with malicious link
7h ago
Feb 12th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
URL analysis
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
URL analysis
/feeds/core/detection-rules/brand-impersonation-google-meet-with-malicious-link-d488d85a
Callback Phishing via Zoom comment
1d ago
Feb 11th, 2026
Sublime Security
Callback Phishing
Out of band pivot
Social engineering
Impersonation: Brand
Computer Vision
Content analysis
Header analysis
Sender analysis
Callback Phishing
Out of band pivot
Social engineering
Impersonation: Brand
Computer Vision
Content analysis
Header analysis
Sender analysis
/feeds/core/detection-rules/callback-phishing-via-zoom-comment-8ec30881
PayPal invoice abuse
1d ago
Feb 11th, 2026
Sublime Security
BEC/Fraud
Callback Phishing
Evasion
Social engineering
Content analysis
Header analysis
Sender analysis
BEC/Fraud
Callback Phishing
Evasion
Social engineering
Content analysis
Header analysis
Sender analysis
/feeds/core/detection-rules/paypal-invoice-abuse-0ff7a0d4
Anthropic Magic String in HTML
3d ago
Feb 9th, 2026
Sublime Security
Malware/Ransomware
Exploit
Content analysis
Malware/Ransomware
Exploit
Content analysis
/feeds/core/detection-rules/anthropic-magic-string-in-html-d860c6a8
Brand impersonation: Navan
3d ago
Feb 9th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Spoofing
Sender analysis
Natural Language Understanding
URL analysis
Content analysis
Credential Phishing
Impersonation: Brand
Social engineering
Spoofing
Sender analysis
Natural Language Understanding
URL analysis
Content analysis
/feeds/core/detection-rules/brand-impersonation-navan-3573e9a8
Link: Suspicious go.php redirect with document lure
6d ago
Feb 6th, 2026
Sublime Security
Credential Phishing
Evasion
Social engineering
Content analysis
URL analysis
Credential Phishing
Evasion
Social engineering
Content analysis
URL analysis
/feeds/core/detection-rules/link-suspicious-gophp-redirect-with-document-lure-f3d8c227
Brand Impersonation: Disney
6d ago
Feb 6th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Computer Vision
Natural Language Understanding
Content analysis
Header analysis
Sender analysis
Credential Phishing
Impersonation: Brand
Social engineering
Computer Vision
Natural Language Understanding
Content analysis
Header analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-disney-bf90b8fb
Link: URL shortener with copy-paste instructions and credential theft language
6d ago
Feb 6th, 2026
Sublime Security
Credential Phishing
Evasion
Social engineering
Content analysis
Natural Language Understanding
URL analysis
Credential Phishing
Evasion
Social engineering
Content analysis
Natural Language Understanding
URL analysis
/feeds/core/detection-rules/link-url-shortener-with-copy-paste-instructions-and-credential-theft-language-a0a2c573
Link: SharePoint filename matches org name
6d ago
Feb 6th, 2026
Sublime Security
Credential Phishing
Impersonation: Employee
Social engineering
Content analysis
URL analysis
Credential Phishing
Impersonation: Employee
Social engineering
Content analysis
URL analysis
/feeds/core/detection-rules/link-sharepoint-filename-matches-org-name-cb954726
Brand impersonation: Microsoft Teams invitation
6d ago
Feb 6th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
Header analysis
HTML analysis
URL analysis
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
Header analysis
HTML analysis
URL analysis
/feeds/core/detection-rules/brand-impersonation-microsoft-teams-invitation-46410ad8
Service abuse: Apple TestFlight with suspicious developer reference
6d ago
Feb 6th, 2026
Sublime Security
Spam
Social engineering
Content analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
Spam
Social engineering
Content analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
/feeds/core/detection-rules/service-abuse-apple-testflight-with-suspicious-developer-reference-e7ea0ee0
Canva infrastructure abuse
6d ago
Feb 6th, 2026
Sublime Security
BEC/Fraud
Callback Phishing
Social engineering
Impersonation: Brand
Impersonation: Employee
Free email provider
Natural Language Understanding
Sender analysis
Content analysis
BEC/Fraud
Callback Phishing
Social engineering
Impersonation: Brand
Impersonation: Employee
Free email provider
Natural Language Understanding
Sender analysis
Content analysis
/feeds/core/detection-rules/canva-infrastructure-abuse-b69fdb5c
Brand impersonation: Microsoft Planner with suspicious link
6d ago
Feb 6th, 2026
Sublime Security
Credential Phishing
Evasion
Image as content
Impersonation: Brand
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Credential Phishing
Evasion
Image as content
Impersonation: Brand
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
/feeds/core/detection-rules/brand-impersonation-microsoft-planner-with-suspicious-link-ea363c08
Brand impersonation: Fake Fax
7d ago
Feb 5th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Image as content
Free file host
Free subdomain host
Social engineering
Computer Vision
Content analysis
Optical Character Recognition
Sender analysis
URL analysis
Credential Phishing
Impersonation: Brand
Image as content
Free file host
Free subdomain host
Social engineering
Computer Vision
Content analysis
Optical Character Recognition
Sender analysis
URL analysis
/feeds/core/detection-rules/brand-impersonation-fake-fax-2a96b90a
Credential phishing: Generic document sharing
7d ago
Feb 5th, 2026
Sublime Security
Credential Phishing
BEC/Fraud
Social engineering
Evasion
Impersonation: Employee
Content analysis
Natural Language Understanding
URL analysis
Sender analysis
Credential Phishing
BEC/Fraud
Social engineering
Evasion
Impersonation: Employee
Content analysis
Natural Language Understanding
URL analysis
Sender analysis
/feeds/core/detection-rules/credential-phishing-generic-document-sharing-9f0e1d2c
Reconnaissance: All recipients cc/bcc'd or undisclosed
7d ago
Feb 5th, 2026
Sublime Security
Reconnaissance
Content analysis
Header analysis
Sender analysis
Reconnaissance
Content analysis
Header analysis
Sender analysis
/feeds/core/detection-rules/reconnaissance-all-recipients-ccbccd-or-undisclosed-420f60d3
Page 1 of 23

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Attachment: Self-sender PDF with minimal content and view prompt	5h ago Feb 12th, 2026	Sublime Security	Credential Phishing Malware/Ransomware PDF Social engineering Evasion Content analysis File analysis Sender analysis	/feeds/core/detection-rules/attachment-self-sender-pdf-with-minimal-content-and-view-prompt-07670a8c
Brand impersonation: Dropbox	6h ago Feb 12th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Content analysis File analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-dropbox-61f11d12
Brand impersonation: TikTok	6h ago Feb 12th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/brand-impersonation-tiktok-aaacc8b7
Link: PDF filename impersonation with credential theft language	6h ago Feb 12th, 2026	Sublime Security	Credential Phishing Social engineering Evasion PDF Content analysis Natural Language Understanding Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/link-pdf-filename-impersonation-with-credential-theft-language-05931513
Brand impersonation: Google Meet with malicious link	7h ago Feb 12th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Content analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-google-meet-with-malicious-link-d488d85a
Callback Phishing via Zoom comment	1d ago Feb 11th, 2026	Sublime Security	Callback Phishing Out of band pivot Social engineering Impersonation: Brand Computer Vision Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/callback-phishing-via-zoom-comment-8ec30881
PayPal invoice abuse	1d ago Feb 11th, 2026	Sublime Security	BEC/Fraud Callback Phishing Evasion Social engineering Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/paypal-invoice-abuse-0ff7a0d4
Anthropic Magic String in HTML	3d ago Feb 9th, 2026	Sublime Security	Malware/Ransomware Exploit Content analysis	/feeds/core/detection-rules/anthropic-magic-string-in-html-d860c6a8
Brand impersonation: Navan	3d ago Feb 9th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Spoofing Sender analysis Natural Language Understanding URL analysis Content analysis	/feeds/core/detection-rules/brand-impersonation-navan-3573e9a8
Link: Suspicious go.php redirect with document lure	6d ago Feb 6th, 2026	Sublime Security	Credential Phishing Evasion Social engineering Content analysis URL analysis	/feeds/core/detection-rules/link-suspicious-gophp-redirect-with-document-lure-f3d8c227
Brand Impersonation: Disney	6d ago Feb 6th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Computer Vision Natural Language Understanding Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/brand-impersonation-disney-bf90b8fb
Link: URL shortener with copy-paste instructions and credential theft language	6d ago Feb 6th, 2026	Sublime Security	Credential Phishing Evasion Social engineering Content analysis Natural Language Understanding URL analysis	/feeds/core/detection-rules/link-url-shortener-with-copy-paste-instructions-and-credential-theft-language-a0a2c573
Link: SharePoint filename matches org name	6d ago Feb 6th, 2026	Sublime Security	Credential Phishing Impersonation: Employee Social engineering Content analysis URL analysis	/feeds/core/detection-rules/link-sharepoint-filename-matches-org-name-cb954726
Brand impersonation: Microsoft Teams invitation	6d ago Feb 6th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis HTML analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-teams-invitation-46410ad8
Service abuse: Apple TestFlight with suspicious developer reference	6d ago Feb 6th, 2026	Sublime Security	Spam Social engineering Content analysis HTML analysis Natural Language Understanding Sender analysis URL analysis	/feeds/core/detection-rules/service-abuse-apple-testflight-with-suspicious-developer-reference-e7ea0ee0
Canva infrastructure abuse	6d ago Feb 6th, 2026	Sublime Security	BEC/Fraud Callback Phishing Social engineering Impersonation: Brand Impersonation: Employee Free email provider Natural Language Understanding Sender analysis Content analysis	/feeds/core/detection-rules/canva-infrastructure-abuse-b69fdb5c
Brand impersonation: Microsoft Planner with suspicious link	6d ago Feb 6th, 2026	Sublime Security	Credential Phishing Evasion Image as content Impersonation: Brand Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-microsoft-planner-with-suspicious-link-ea363c08
Brand impersonation: Fake Fax	7d ago Feb 5th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Image as content Free file host Free subdomain host Social engineering Computer Vision Content analysis Optical Character Recognition Sender analysis URL analysis	/feeds/core/detection-rules/brand-impersonation-fake-fax-2a96b90a
Credential phishing: Generic document sharing	7d ago Feb 5th, 2026	Sublime Security	Credential Phishing BEC/Fraud Social engineering Evasion Impersonation: Employee Content analysis Natural Language Understanding URL analysis Sender analysis	/feeds/core/detection-rules/credential-phishing-generic-document-sharing-9f0e1d2c
Reconnaissance: All recipients cc/bcc'd or undisclosed	7d ago Feb 5th, 2026	Sublime Security	Reconnaissance Content analysis Header analysis Sender analysis	/feeds/core/detection-rules/reconnaissance-all-recipients-ccbccd-or-undisclosed-420f60d3