Sublime Security

Sublime Core Feed
Exif analysis
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Detection Method: Exif analysis
Exif analysis looks at embedded metadata in files to uncover suspicious details that could indicate malicious activity. By extracting and analyzing Exif data from images, documents, PDFs, and other attachments, this method can help spot hidden threats that would normally go undetected.
Exif analysis can detect:
Document timestamps that don’t match the claimed origin
Authorship info that conflicts with the sender’s identity
Signs of image or document manipulation
Suspicious tools used to create the file
Geographical data that’s inconsistent with the expected origin
For example, a phishing email claiming to be an invoice might have metadata showing it was created with unauthorized tools, edited recently, or authored by someone outside the company it’s pretending to be from.
Attack Types (5):
Credential Phishing
BEC/Fraud
Spam
Callback Phishing
Malware/Ransomware
Tactics & Techniques (12):
Encryption
Evasion
PDF
Social engineering
Macros
Free email provider
Impersonation: Brand
Image as content
Out of band pivot
Scripting
Exploit
LNK
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Attachment: Encrypted PDF with credential theft body
4d ago
Nov 8th, 2025
Sublime Security
Credential Phishing
Encryption
Evasion
PDF
Social engineering
Content analysis
Exif analysis
File analysis
Natural Language Understanding
Sender analysis
Credential Phishing
Encryption
Evasion
PDF
Social engineering
Content analysis
Exif analysis
File analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/attachment-encrypted-pdf-with-credential-theft-body-c9596c9a
Attachment: Excel file with suspicious template identifier
1mo ago
Sep 17th, 2025
Sublime Security
Credential Phishing
Evasion
Macros
Exif analysis
File analysis
Credential Phishing
Evasion
Macros
Exif analysis
File analysis
/feeds/core/detection-rules/attachment-excel-file-with-suspicious-template-identifier-40f84b4b
Attachment: Suspicious PDF created with headless browser
1mo ago
Sep 17th, 2025
Sublime Security
Credential Phishing
Evasion
PDF
Content analysis
Exif analysis
File analysis
Optical Character Recognition
Credential Phishing
Evasion
PDF
Content analysis
Exif analysis
File analysis
Optical Character Recognition
/feeds/core/detection-rules/attachment-suspicious-pdf-created-with-headless-browser-8f3108d7
Attachment: XLSX file with suspicious print titles metadata
1mo ago
Sep 16th, 2025
Sublime Security
Credential Phishing
Evasion
Macros
File analysis
Exif analysis
Credential Phishing
Evasion
Macros
File analysis
Exif analysis
/feeds/core/detection-rules/attachment-xlsx-file-with-suspicious-print-titles-metadata-4c265cbe
Attachment: Fictitious invoice using LinkedIn's address
2mo ago
Sep 3rd, 2025
Sublime Security
BEC/Fraud
PDF
Social engineering
File analysis
Optical Character Recognition
Natural Language Understanding
Content analysis
Exif analysis
BEC/Fraud
PDF
Social engineering
File analysis
Optical Character Recognition
Natural Language Understanding
Content analysis
Exif analysis
/feeds/core/detection-rules/attachment-fictitious-invoice-using-linkedins-address-aeee3d9f
Attachment: PDF file with link to fake Bitcoin exchange
3mo ago
Aug 5th, 2025
Sublime Security
BEC/Fraud
Free email provider
Impersonation: Brand
PDF
Social engineering
Exif analysis
File analysis
Sender analysis
URL analysis
BEC/Fraud
Free email provider
Impersonation: Brand
PDF
Social engineering
Exif analysis
File analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/attachment-pdf-file-with-link-to-fake-bitcoin-exchange-47601cb7
Spam: Item giveaway spam template
3mo ago
Aug 5th, 2025
Sublime Security
Spam
Image as content
Content analysis
HTML analysis
Sender analysis
Exif analysis
Spam
Image as content
Content analysis
HTML analysis
Sender analysis
Exif analysis
/feeds/core/detection-rules/spam-item-giveaway-spam-template-06a5f93b
Callback phishing: Social Security Administration fraud
3mo ago
Aug 5th, 2025
Sublime Security
Callback Phishing
Evasion
Free email provider
Out of band pivot
PDF
Social engineering
Exif analysis
File analysis
Optical Character Recognition
Sender analysis
Callback Phishing
Evasion
Free email provider
Out of band pivot
PDF
Social engineering
Exif analysis
File analysis
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/callback-phishing-social-security-administration-fraud-a9049d52
Callback phishing: AOL senders with suspicious HTML template or PDF attachment
3mo ago
Aug 5th, 2025
Sublime Security
Callback Phishing
Free email provider
Social engineering
Content analysis
Header analysis
File analysis
HTML analysis
Exif analysis
Sender analysis
Callback Phishing
Free email provider
Social engineering
Content analysis
Header analysis
File analysis
HTML analysis
Exif analysis
Sender analysis
/feeds/core/detection-rules/callback-phishing-aol-senders-with-suspicious-html-template-or-pdf-attachment-f6044eed
Attachment: Callback phishing solicitation via pdf file
3mo ago
Aug 5th, 2025
Sublime Security
Callback Phishing
Evasion
Free email provider
Out of band pivot
PDF
Social engineering
Exif analysis
File analysis
Optical Character Recognition
Sender analysis
Callback Phishing
Evasion
Free email provider
Out of band pivot
PDF
Social engineering
Exif analysis
File analysis
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097
Attachment: Office document with VSTO add-in
3mo ago
Aug 5th, 2025
@vector_sec
Malware/Ransomware
Scripting
Archive analysis
Content analysis
Exif analysis
File analysis
Sender analysis
URL analysis
Malware/Ransomware
Scripting
Archive analysis
Content analysis
Exif analysis
File analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/attachment-office-document-with-vsto-add-in-27afa730
Attachment: Emotet heavily padded doc in zip file
3mo ago
Jul 16th, 2025
Sublime Security
Malware/Ransomware
Evasion
Archive analysis
Content analysis
Exif analysis
File analysis
Sender analysis
Malware/Ransomware
Evasion
Archive analysis
Content analysis
Exif analysis
File analysis
Sender analysis
/feeds/core/detection-rules/attachment-emotet-heavily-padded-doc-in-zip-file-9a5332ed
Attachment: PowerPoint with suspicious hyperlink
2y ago
Aug 21st, 2023
Sublime Security
Malware/Ransomware
Evasion
Scripting
Exif analysis
File analysis
Malware/Ransomware
Evasion
Scripting
Exif analysis
File analysis
/feeds/core/detection-rules/attachment-powerpoint-with-suspicious-hyperlink-0a999fb1
Attachment: LNK with embedded content
2y ago
Aug 21st, 2023
Malware/Ransomware
Exploit
LNK
Scripting
Content analysis
Exif analysis
File analysis
Malware/Ransomware
Exploit
LNK
Scripting
Content analysis
Exif analysis
File analysis
/feeds/core/detection-rules/attachment-lnk-with-embedded-content-41452f7a

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Attachment: Encrypted PDF with credential theft body	4d ago Nov 8th, 2025	Sublime Security	Credential Phishing Encryption Evasion PDF Social engineering Content analysis Exif analysis File analysis Natural Language Understanding Sender analysis	/feeds/core/detection-rules/attachment-encrypted-pdf-with-credential-theft-body-c9596c9a
Attachment: Excel file with suspicious template identifier	1mo ago Sep 17th, 2025	Sublime Security	Credential Phishing Evasion Macros Exif analysis File analysis	/feeds/core/detection-rules/attachment-excel-file-with-suspicious-template-identifier-40f84b4b
Attachment: Suspicious PDF created with headless browser	1mo ago Sep 17th, 2025	Sublime Security	Credential Phishing Evasion PDF Content analysis Exif analysis File analysis Optical Character Recognition	/feeds/core/detection-rules/attachment-suspicious-pdf-created-with-headless-browser-8f3108d7
Attachment: XLSX file with suspicious print titles metadata	1mo ago Sep 16th, 2025	Sublime Security	Credential Phishing Evasion Macros File analysis Exif analysis	/feeds/core/detection-rules/attachment-xlsx-file-with-suspicious-print-titles-metadata-4c265cbe
Attachment: Fictitious invoice using LinkedIn's address	2mo ago Sep 3rd, 2025	Sublime Security	BEC/Fraud PDF Social engineering File analysis Optical Character Recognition Natural Language Understanding Content analysis Exif analysis	/feeds/core/detection-rules/attachment-fictitious-invoice-using-linkedins-address-aeee3d9f
Attachment: PDF file with link to fake Bitcoin exchange	3mo ago Aug 5th, 2025	Sublime Security	BEC/Fraud Free email provider Impersonation: Brand PDF Social engineering Exif analysis File analysis Sender analysis URL analysis	/feeds/core/detection-rules/attachment-pdf-file-with-link-to-fake-bitcoin-exchange-47601cb7
Spam: Item giveaway spam template	3mo ago Aug 5th, 2025	Sublime Security	Spam Image as content Content analysis HTML analysis Sender analysis Exif analysis	/feeds/core/detection-rules/spam-item-giveaway-spam-template-06a5f93b
Callback phishing: Social Security Administration fraud	3mo ago Aug 5th, 2025	Sublime Security	Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis	/feeds/core/detection-rules/callback-phishing-social-security-administration-fraud-a9049d52
Callback phishing: AOL senders with suspicious HTML template or PDF attachment	3mo ago Aug 5th, 2025	Sublime Security	Callback Phishing Free email provider Social engineering Content analysis Header analysis File analysis HTML analysis Exif analysis Sender analysis	/feeds/core/detection-rules/callback-phishing-aol-senders-with-suspicious-html-template-or-pdf-attachment-f6044eed
Attachment: Callback phishing solicitation via pdf file	3mo ago Aug 5th, 2025	Sublime Security	Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis	/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097
Attachment: Office document with VSTO add-in	3mo ago Aug 5th, 2025	@vector_sec	Malware/Ransomware Scripting Archive analysis Content analysis Exif analysis File analysis Sender analysis URL analysis	/feeds/core/detection-rules/attachment-office-document-with-vsto-add-in-27afa730
Attachment: Emotet heavily padded doc in zip file	3mo ago Jul 16th, 2025	Sublime Security	Malware/Ransomware Evasion Archive analysis Content analysis Exif analysis File analysis Sender analysis	/feeds/core/detection-rules/attachment-emotet-heavily-padded-doc-in-zip-file-9a5332ed
Attachment: PowerPoint with suspicious hyperlink	2y ago Aug 21st, 2023	Sublime Security	Malware/Ransomware Evasion Scripting Exif analysis File analysis	/feeds/core/detection-rules/attachment-powerpoint-with-suspicious-hyperlink-0a999fb1
Attachment: LNK with embedded content	2y ago Aug 21st, 2023	@ajpc500	Malware/Ransomware Exploit LNK Scripting Content analysis Exif analysis File analysis	/feeds/core/detection-rules/attachment-lnk-with-embedded-content-41452f7a