Sublime Security

Sublime Core Feed
File analysis
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Detection Method: File analysis
File analysis breaks down and inspects file contents, formats, and embedded elements to uncover hidden threats. This method goes beyond basic file attributes, deeply examining the inner structure of files to find potentially malicious content that looks legitimate on the surface.
File analysis helps detect:
Malicious macros in Office documents (Word, Excel, PowerPoint)
Obfuscated scripts hidden in PDFs or other document types
Executable code disguised in non-executable files
Hidden text content using encoding or steganography
Suspicious metadata or file properties suggesting tampering
Blog Posts
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Scripting Vector Grifts: SVG phishing with smuggled JS and adversary in the middle tactics · Blog · Sublime Security
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Detecting QakBot: WSF attachments, OneNote files, and generic attack surface reduction · Blog · Sublime Security
Attack Types (6):
BEC/Fraud
Credential Phishing
Callback Phishing
Malware/Ransomware
Extortion
Spam
Tactics & Techniques (24):
PDF
Social engineering
Free file host
Free subdomain host
Out of band pivot
Exploit
Evasion
HTML smuggling
QR code
Encryption
Image as content
Impersonation: Brand
Lookalike domain
Scripting
Open redirect
Macros
Impersonation: VIP
LNK
OneNote
Free email provider
Impersonation: Employee
IPFS
Spoofing
ISO
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Attachment: PDF bid/proposal lure with credential theft indicators
3d ago
Mar 27th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
PDF
Social engineering
Free file host
Free subdomain host
File analysis
Content analysis
Optical Character Recognition
Natural Language Understanding
URL analysis
Exif analysis
BEC/Fraud
Credential Phishing
PDF
Social engineering
Free file host
Free subdomain host
File analysis
Content analysis
Optical Character Recognition
Natural Language Understanding
URL analysis
Exif analysis
Callback phishing in body or attachment (untrusted sender)
3d ago
Mar 27th, 2026
Sublime Security
Callback Phishing
Out of band pivot
Social engineering
Content analysis
File analysis
Optical Character Recognition
Natural Language Understanding
Sender analysis
Callback Phishing
Out of band pivot
Social engineering
Content analysis
File analysis
Optical Character Recognition
Natural Language Understanding
Sender analysis
MalwareBazaar: Malicious attachment hash (trusted reporters)
4d ago
Mar 26th, 2026
Sublime Security
Malware/Ransomware
File analysis
Sender analysis
Threat intelligence
Malware/Ransomware
File analysis
Sender analysis
Threat intelligence
Attachment: ZIP file with CVE-2026-0866 exploit
10d ago
Mar 20th, 2026
Sublime Security
Malware/Ransomware
Exploit
Evasion
Archive analysis
File analysis
YARA
Malware/Ransomware
Exploit
Evasion
Archive analysis
File analysis
YARA
Attachment: PDF contains W9 or invoice YARA signatures
12d ago
Mar 18th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
PDF
Social engineering
File analysis
YARA
BEC/Fraud
Credential Phishing
PDF
Social engineering
File analysis
YARA
Attachment: PDF with a suspicious string and single URL
13d ago
Mar 17th, 2026
Sublime Security
Credential Phishing
PDF
Social engineering
Evasion
Content analysis
File analysis
URL analysis
Exif analysis
Credential Phishing
PDF
Social engineering
Evasion
Content analysis
File analysis
URL analysis
Exif analysis
Attachment: PDF proposal with credential theft indicators
13d ago
Mar 17th, 2026
Sublime Security
Credential Phishing
PDF
Social engineering
Evasion
File analysis
Natural Language Understanding
Optical Character Recognition
URL analysis
Credential Phishing
PDF
Social engineering
Evasion
File analysis
Natural Language Understanding
Optical Character Recognition
URL analysis
Attachment: Archive containing HTML file with file scheme link
13d ago
Mar 17th, 2026
Sublime Security
Credential Phishing
Evasion
Exploit
HTML smuggling
Social engineering
Archive analysis
File analysis
HTML analysis
Credential Phishing
Evasion
Exploit
HTML smuggling
Social engineering
Archive analysis
File analysis
HTML analysis
Attachment: ICS file with excessive custom properties
13d ago
Mar 17th, 2026
Sublime Security
Malware/Ransomware
Evasion
File analysis
Content analysis
Malware/Ransomware
Evasion
File analysis
Content analysis
Attachment: ICS with employee policy review lure
14d ago
Mar 16th, 2026
Sublime Security
Credential Phishing
BEC/Fraud
Evasion
Social engineering
File analysis
Content analysis
Credential Phishing
BEC/Fraud
Evasion
Social engineering
File analysis
Content analysis
Service abuse: Monday.com infrastructure with phishing intent
21d ago
Mar 9th, 2026
Sublime Security
Credential Phishing
Evasion
Social engineering
QR code
Content analysis
File analysis
Header analysis
QR code analysis
Sender analysis
URL analysis
Credential Phishing
Evasion
Social engineering
QR code
Content analysis
File analysis
Header analysis
QR code analysis
Sender analysis
URL analysis
Attachment: PDF with suspicious link and action-oriented language
24d ago
Mar 6th, 2026
Sublime Security
Credential Phishing
PDF
Social engineering
Evasion
File analysis
URL analysis
Content analysis
URL screenshot
Credential Phishing
PDF
Social engineering
Evasion
File analysis
URL analysis
Content analysis
URL screenshot
Attachment: PDF with recipient email in link
27d ago
Mar 3rd, 2026
Sublime Security
Credential Phishing
PDF
QR code
Encryption
Social engineering
File analysis
QR code analysis
URL analysis
Credential Phishing
PDF
QR code
Encryption
Social engineering
File analysis
QR code analysis
URL analysis
Attachment: PDF Object Hash - Encrypted PDFs with fake payment notification
28d ago
Mar 2nd, 2026
Sublime Security
Malware/Ransomware
PDF
Evasion
File analysis
Threat intelligence
Malware/Ransomware
PDF
Evasion
File analysis
Threat intelligence
Attachment: Finance themed PDF with observed phishing template
28d ago
Mar 2nd, 2026
Sublime Security
Credential Phishing
PDF
Evasion
File analysis
Content analysis
Credential Phishing
PDF
Evasion
File analysis
Content analysis
Attachment: PDF with multistage landing - ClickUp abuse
1mo ago
Feb 27th, 2026
Sublime Security
Credential Phishing
Evasion
Free file host
Free subdomain host
PDF
Social engineering
File analysis
URL analysis
Whois
Credential Phishing
Evasion
Free file host
Free subdomain host
PDF
Social engineering
File analysis
URL analysis
Whois
Attachment: PDF with ReportLab library and default metadata
1mo ago
Feb 27th, 2026
Sublime Security
Credential Phishing
PDF
Evasion
File analysis
Exif analysis
Credential Phishing
PDF
Evasion
File analysis
Exif analysis
Attachment: Encrypted PDF with credential theft body
1mo ago
Feb 26th, 2026
Sublime Security
Credential Phishing
Encryption
Evasion
PDF
Social engineering
Content analysis
Exif analysis
File analysis
Natural Language Understanding
Sender analysis
Credential Phishing
Encryption
Evasion
PDF
Social engineering
Content analysis
Exif analysis
File analysis
Natural Language Understanding
Sender analysis
Attachment: QR code with recipient targeting and special characters
1mo ago
Feb 21st, 2026
Sublime Security
Credential Phishing
QR code
Social engineering
Evasion
File analysis
QR code analysis
URL analysis
Computer Vision
Credential Phishing
QR code
Social engineering
Evasion
File analysis
QR code analysis
URL analysis
Computer Vision
Attachment: QR code with suspicious URL patterns in EML file
1mo ago
Feb 21st, 2026
Sublime Security
Credential Phishing
QR code
Evasion
Social engineering
Archive analysis
File analysis
QR code analysis
URL analysis
Credential Phishing
QR code
Evasion
Social engineering
Archive analysis
File analysis
QR code analysis
URL analysis
Page 1 of 13

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Attachment: PDF bid/proposal lure with credential theft indicators	3d ago Mar 27th, 2026	Sublime Security	BEC/Fraud Credential Phishing PDF Social engineering Free file host Free subdomain host File analysis Content analysis Optical Character Recognition Natural Language Understanding URL analysis Exif analysis
Callback phishing in body or attachment (untrusted sender)	3d ago Mar 27th, 2026	Sublime Security	Callback Phishing Out of band pivot Social engineering Content analysis File analysis Optical Character Recognition Natural Language Understanding Sender analysis
MalwareBazaar: Malicious attachment hash (trusted reporters)	4d ago Mar 26th, 2026	Sublime Security	Malware/Ransomware File analysis Sender analysis Threat intelligence
Attachment: ZIP file with CVE-2026-0866 exploit	10d ago Mar 20th, 2026	Sublime Security	Malware/Ransomware Exploit Evasion Archive analysis File analysis YARA
Attachment: PDF contains W9 or invoice YARA signatures	12d ago Mar 18th, 2026	Sublime Security	BEC/Fraud Credential Phishing PDF Social engineering File analysis YARA
Attachment: PDF with a suspicious string and single URL	13d ago Mar 17th, 2026	Sublime Security	Credential Phishing PDF Social engineering Evasion Content analysis File analysis URL analysis Exif analysis
Attachment: PDF proposal with credential theft indicators	13d ago Mar 17th, 2026	Sublime Security	Credential Phishing PDF Social engineering Evasion File analysis Natural Language Understanding Optical Character Recognition URL analysis
Attachment: Archive containing HTML file with file scheme link	13d ago Mar 17th, 2026	Sublime Security	Credential Phishing Evasion Exploit HTML smuggling Social engineering Archive analysis File analysis HTML analysis
Attachment: ICS file with excessive custom properties	13d ago Mar 17th, 2026	Sublime Security	Malware/Ransomware Evasion File analysis Content analysis
Attachment: ICS with employee policy review lure	14d ago Mar 16th, 2026	Sublime Security	Credential Phishing BEC/Fraud Evasion Social engineering File analysis Content analysis
Service abuse: Monday.com infrastructure with phishing intent	21d ago Mar 9th, 2026	Sublime Security	Credential Phishing Evasion Social engineering QR code Content analysis File analysis Header analysis QR code analysis Sender analysis URL analysis
Attachment: PDF with suspicious link and action-oriented language	24d ago Mar 6th, 2026	Sublime Security	Credential Phishing PDF Social engineering Evasion File analysis URL analysis Content analysis URL screenshot
Attachment: PDF with recipient email in link	27d ago Mar 3rd, 2026	Sublime Security	Credential Phishing PDF QR code Encryption Social engineering File analysis QR code analysis URL analysis
Attachment: PDF Object Hash - Encrypted PDFs with fake payment notification	28d ago Mar 2nd, 2026	Sublime Security	Malware/Ransomware PDF Evasion File analysis Threat intelligence
Attachment: Finance themed PDF with observed phishing template	28d ago Mar 2nd, 2026	Sublime Security	Credential Phishing PDF Evasion File analysis Content analysis
Attachment: PDF with multistage landing - ClickUp abuse	1mo ago Feb 27th, 2026	Sublime Security	Credential Phishing Evasion Free file host Free subdomain host PDF Social engineering File analysis URL analysis Whois
Attachment: PDF with ReportLab library and default metadata	1mo ago Feb 27th, 2026	Sublime Security	Credential Phishing PDF Evasion File analysis Exif analysis
Attachment: Encrypted PDF with credential theft body	1mo ago Feb 26th, 2026	Sublime Security	Credential Phishing Encryption Evasion PDF Social engineering Content analysis Exif analysis File analysis Natural Language Understanding Sender analysis
Attachment: QR code with recipient targeting and special characters	1mo ago Feb 21st, 2026	Sublime Security	Credential Phishing QR code Social engineering Evasion File analysis QR code analysis URL analysis Computer Vision
Attachment: QR code with suspicious URL patterns in EML file	1mo ago Feb 21st, 2026	Sublime Security	Credential Phishing QR code Evasion Social engineering Archive analysis File analysis QR code analysis URL analysis