Sublime Security

Sublime Core Feed
Encryption
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Tactic or Technique: Encryption
Attackers use encryption to hide malicious content, avoid detection, and control when and how their payloads are delivered. By encrypting files or obfuscating code, they can slip past email security tools that scan attachments and message content for known threats.
You might receive a password-protected ZIP or PDF that contains malware or a phishing link. Some attacks use encrypted HTML files that only show a fake login page after they're opened. Others use base64 or similar encoding to hide malicious code inside files that look harmless at first glance.
In many cases, the password to unlock the file is included in the email, sent in a follow-up message, or shared over another channel. Some attackers also encrypt stolen data before sending it out to avoid detection on the way out.
This tactic gives attackers more control and makes it harder for you—and your security tools—to see what’s really happening. It's often used in the early stages of malware delivery, data theft, or ransomware attacks.
Attack Types (6):
Credential Phishing
Malware/Ransomware
BEC/Fraud
Callback Phishing
Extortion
Spam
Detection Methods (14):
File analysis
QR code analysis
URL analysis
YARA
Exif analysis
Content analysis
Archive analysis
HTML analysis
Javascript analysis
Sender analysis
Header analysis
OLE analysis
Natural Language Understanding
Optical Character Recognition
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Attachment: PDF with recipient email in link
2d ago
Jan 21st, 2026
Sublime Security
Credential Phishing
PDF
QR code
Encryption
Social engineering
File analysis
QR code analysis
URL analysis
Credential Phishing
PDF
QR code
Encryption
Social engineering
File analysis
QR code analysis
URL analysis
/feeds/core/detection-rules/attachment-pdf-with-recipient-email-in-link-0399d08f
Attachment: Password-protected PDF with fake document indicators
2d ago
Jan 21st, 2026
Sublime Security
Malware/Ransomware
Credential Phishing
Encryption
Evasion
PDF
File analysis
YARA
Exif analysis
Malware/Ransomware
Credential Phishing
Encryption
Evasion
PDF
File analysis
YARA
Exif analysis
/feeds/core/detection-rules/attachment-password-protected-pdf-with-fake-document-indicators-b45e4440
Link: Excessive URL rewrite encoders
2d ago
Jan 21st, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Encryption
Evasion
URL analysis
Content analysis
Credential Phishing
Malware/Ransomware
Encryption
Evasion
URL analysis
Content analysis
/feeds/core/detection-rules/link-excessive-url-rewrite-encoders-b88e53a7
Attachment: HTML smuggling with excessive line break obfuscation
11d ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Encryption
Evasion
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
Javascript analysis
Credential Phishing
Malware/Ransomware
Encryption
Evasion
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
Javascript analysis
/feeds/core/detection-rules/attachment-html-smuggling-with-excessive-line-break-obfuscation-7e901440
Attachment: HTML smuggling with RC4 decryption
11d ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Encryption
Evasion
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
Javascript analysis
Credential Phishing
Malware/Ransomware
Encryption
Evasion
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
Javascript analysis
/feeds/core/detection-rules/attachment-html-smuggling-with-rc4-decryption-3a46d765
Link to auto-downloaded disk image in encrypted zip
11d ago
Jan 12th, 2026
Malware/Ransomware
Encryption
Evasion
Social engineering
Archive analysis
File analysis
Sender analysis
URL analysis
YARA
Malware/Ransomware
Encryption
Evasion
Social engineering
Archive analysis
File analysis
Sender analysis
URL analysis
YARA
/feeds/core/detection-rules/link-to-auto-downloaded-disk-image-in-encrypted-zip-b50f0cb1
Attachment: EML with Encrypted ZIP
11d ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Encryption
Evasion
Archive analysis
File analysis
YARA
Malware/Ransomware
Encryption
Evasion
Archive analysis
File analysis
YARA
/feeds/core/detection-rules/attachment-eml-with-encrypted-zip-6897a8f7
Attachment: HTML smuggling with ROT13
11d ago
Jan 12th, 2026
@Kyle_Parrish_
Credential Phishing
Malware/Ransomware
Encryption
Evasion
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
Javascript analysis
HTML analysis
Credential Phishing
Malware/Ransomware
Encryption
Evasion
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
Javascript analysis
HTML analysis
/feeds/core/detection-rules/attachment-html-smuggling-with-rot13-6eacc4cf
Link: Base64 encoded recipient address in URL fragment with subject hash
11d ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Encryption
Evasion
Social engineering
Content analysis
URL analysis
Header analysis
Credential Phishing
Encryption
Evasion
Social engineering
Content analysis
URL analysis
Header analysis
/feeds/core/detection-rules/link-base64-encoded-recipient-address-in-url-fragment-with-subject-hash-eb9694b8
Attachment: Encrypted Microsoft Office file (unsolicited)
11d ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Encryption
Macros
Scripting
Archive analysis
File analysis
OLE analysis
Sender analysis
Malware/Ransomware
Encryption
Macros
Scripting
Archive analysis
File analysis
OLE analysis
Sender analysis
/feeds/core/detection-rules/attachment-encrypted-microsoft-office-file-unsolicited-1e47e953
Link to auto-download of a suspicious file type (unsolicited)
11d ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Encryption
Evasion
LNK
Social engineering
Archive analysis
File analysis
Sender analysis
URL analysis
YARA
Malware/Ransomware
Encryption
Evasion
LNK
Social engineering
Archive analysis
File analysis
Sender analysis
URL analysis
YARA
/feeds/core/detection-rules/link-to-auto-download-of-a-suspicious-file-type-unsolicited-67ae2152
Attachment: Encrypted PDF with credential theft body
1mo ago
Dec 1st, 2025
Sublime Security
Credential Phishing
Encryption
Evasion
PDF
Social engineering
Content analysis
Exif analysis
File analysis
Natural Language Understanding
Sender analysis
Credential Phishing
Encryption
Evasion
PDF
Social engineering
Content analysis
Exif analysis
File analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/attachment-encrypted-pdf-with-credential-theft-body-c9596c9a
Attachment: Encrypted zip file with payment-related lure
1mo ago
Nov 25th, 2025
Sublime Security
BEC/Fraud
Malware/Ransomware
Encryption
Evasion
Social engineering
Archive analysis
Content analysis
File analysis
BEC/Fraud
Malware/Ransomware
Encryption
Evasion
Social engineering
Archive analysis
Content analysis
File analysis
/feeds/core/detection-rules/attachment-encrypted-zip-file-with-payment-related-lure-5d1eb7af
Attachment: Base64 encoded bash command in filename
4mo ago
Sep 5th, 2025
@vector_sec
Malware/Ransomware
Encryption
Evasion
Archive analysis
File analysis
Content analysis
Malware/Ransomware
Encryption
Evasion
Archive analysis
File analysis
Content analysis
/feeds/core/detection-rules/attachment-base64-encoded-bash-command-in-filename-819f69c8
Encrypted Microsoft Office files from untrusted sender
5mo ago
Aug 5th, 2025
Sublime Security
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Spam
Encryption
Evasion
File analysis
YARA
Sender analysis
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Spam
Encryption
Evasion
File analysis
YARA
Sender analysis
/feeds/core/detection-rules/encrypted-microsoft-office-files-from-untrusted-sender-eb7b26e7
Link to auto-downloaded DMG in encrypted zip
6mo ago
Jul 16th, 2025
Sublime Security
Malware/Ransomware
Encryption
Evasion
Social engineering
Archive analysis
File analysis
Sender analysis
URL analysis
YARA
Malware/Ransomware
Encryption
Evasion
Social engineering
Archive analysis
File analysis
Sender analysis
URL analysis
YARA
/feeds/core/detection-rules/link-to-auto-downloaded-dmg-in-encrypted-zip-43af98d3
Adobe branded PDF file linking to a password-protected file from untrusted sender
6mo ago
Jul 16th, 2025
Sublime Security
Malware/Ransomware
Encryption
Evasion
Impersonation: Brand
PDF
Archive analysis
File analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
Malware/Ransomware
Encryption
Evasion
Impersonation: Brand
PDF
Archive analysis
File analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/adobe-branded-pdf-file-linking-to-a-password-protected-file-from-untrusted-sender-5ea75469
Attachment with unscannable encrypted zip (unsolicited)
6mo ago
Jul 16th, 2025
Sublime Security
Malware/Ransomware
Encryption
Evasion
Archive analysis
File analysis
Sender analysis
YARA
Malware/Ransomware
Encryption
Evasion
Archive analysis
File analysis
Sender analysis
YARA
/feeds/core/detection-rules/attachment-with-unscannable-encrypted-zip-unsolicited-529d4a9a
Attachment with encrypted zip (unsolicited)
6mo ago
Jul 16th, 2025
Sublime Security
Malware/Ransomware
Evasion
Encryption
Archive analysis
File analysis
Sender analysis
Malware/Ransomware
Evasion
Encryption
Archive analysis
File analysis
Sender analysis
/feeds/core/detection-rules/attachment-with-encrypted-zip-unsolicited-697c87ae

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Attachment: PDF with recipient email in link	2d ago Jan 21st, 2026	Sublime Security	Credential Phishing PDF QR code Encryption Social engineering File analysis QR code analysis URL analysis	/feeds/core/detection-rules/attachment-pdf-with-recipient-email-in-link-0399d08f
Attachment: Password-protected PDF with fake document indicators	2d ago Jan 21st, 2026	Sublime Security	Malware/Ransomware Credential Phishing Encryption Evasion PDF File analysis YARA Exif analysis	/feeds/core/detection-rules/attachment-password-protected-pdf-with-fake-document-indicators-b45e4440
Link: Excessive URL rewrite encoders	2d ago Jan 21st, 2026	Sublime Security	Credential Phishing Malware/Ransomware Encryption Evasion URL analysis Content analysis	/feeds/core/detection-rules/link-excessive-url-rewrite-encoders-b88e53a7
Attachment: HTML smuggling with excessive line break obfuscation	11d ago Jan 12th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Encryption Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-excessive-line-break-obfuscation-7e901440
Attachment: HTML smuggling with RC4 decryption	11d ago Jan 12th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Encryption Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis HTML analysis Javascript analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-rc4-decryption-3a46d765
Link to auto-downloaded disk image in encrypted zip	11d ago Jan 12th, 2026	@ajpc500	Malware/Ransomware Encryption Evasion Social engineering Archive analysis File analysis Sender analysis URL analysis YARA	/feeds/core/detection-rules/link-to-auto-downloaded-disk-image-in-encrypted-zip-b50f0cb1
Attachment: EML with Encrypted ZIP	11d ago Jan 12th, 2026	Sublime Security	Malware/Ransomware Encryption Evasion Archive analysis File analysis YARA	/feeds/core/detection-rules/attachment-eml-with-encrypted-zip-6897a8f7
Attachment: HTML smuggling with ROT13	11d ago Jan 12th, 2026	@Kyle_Parrish_	Credential Phishing Malware/Ransomware Encryption Evasion HTML smuggling Scripting Archive analysis Content analysis File analysis Javascript analysis HTML analysis	/feeds/core/detection-rules/attachment-html-smuggling-with-rot13-6eacc4cf
Link: Base64 encoded recipient address in URL fragment with subject hash	11d ago Jan 12th, 2026	Sublime Security	Credential Phishing Encryption Evasion Social engineering Content analysis URL analysis Header analysis	/feeds/core/detection-rules/link-base64-encoded-recipient-address-in-url-fragment-with-subject-hash-eb9694b8
Attachment: Encrypted Microsoft Office file (unsolicited)	11d ago Jan 12th, 2026	Sublime Security	Malware/Ransomware Encryption Macros Scripting Archive analysis File analysis OLE analysis Sender analysis	/feeds/core/detection-rules/attachment-encrypted-microsoft-office-file-unsolicited-1e47e953
Link to auto-download of a suspicious file type (unsolicited)	11d ago Jan 12th, 2026	Sublime Security	Malware/Ransomware Encryption Evasion LNK Social engineering Archive analysis File analysis Sender analysis URL analysis YARA	/feeds/core/detection-rules/link-to-auto-download-of-a-suspicious-file-type-unsolicited-67ae2152
Attachment: Encrypted PDF with credential theft body	1mo ago Dec 1st, 2025	Sublime Security	Credential Phishing Encryption Evasion PDF Social engineering Content analysis Exif analysis File analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/attachment-encrypted-pdf-with-credential-theft-body-c9596c9a
Attachment: Encrypted zip file with payment-related lure	1mo ago Nov 25th, 2025	Sublime Security	BEC/Fraud Malware/Ransomware Encryption Evasion Social engineering Archive analysis Content analysis File analysis	/feeds/core/detection-rules/attachment-encrypted-zip-file-with-payment-related-lure-5d1eb7af
Attachment: Base64 encoded bash command in filename	4mo ago Sep 5th, 2025	@vector_sec	Malware/Ransomware Encryption Evasion Archive analysis File analysis Content analysis	/feeds/core/detection-rules/attachment-base64-encoded-bash-command-in-filename-819f69c8
Encrypted Microsoft Office files from untrusted sender	5mo ago Aug 5th, 2025	Sublime Security	BEC/Fraud Callback Phishing Credential Phishing Extortion Malware/Ransomware Spam Encryption Evasion File analysis YARA Sender analysis	/feeds/core/detection-rules/encrypted-microsoft-office-files-from-untrusted-sender-eb7b26e7
Link to auto-downloaded DMG in encrypted zip	6mo ago Jul 16th, 2025	Sublime Security	Malware/Ransomware Encryption Evasion Social engineering Archive analysis File analysis Sender analysis URL analysis YARA	/feeds/core/detection-rules/link-to-auto-downloaded-dmg-in-encrypted-zip-43af98d3
Adobe branded PDF file linking to a password-protected file from untrusted sender	6mo ago Jul 16th, 2025	Sublime Security	Malware/Ransomware Encryption Evasion Impersonation: Brand PDF Archive analysis File analysis Natural Language Understanding Optical Character Recognition Sender analysis	/feeds/core/detection-rules/adobe-branded-pdf-file-linking-to-a-password-protected-file-from-untrusted-sender-5ea75469
Attachment with unscannable encrypted zip (unsolicited)	6mo ago Jul 16th, 2025	Sublime Security	Malware/Ransomware Encryption Evasion Archive analysis File analysis Sender analysis YARA	/feeds/core/detection-rules/attachment-with-unscannable-encrypted-zip-unsolicited-529d4a9a
Attachment with encrypted zip (unsolicited)	6mo ago Jul 16th, 2025	Sublime Security	Malware/Ransomware Evasion Encryption Archive analysis File analysis Sender analysis	/feeds/core/detection-rules/attachment-with-encrypted-zip-unsolicited-697c87ae