Sublime Security

Sublime Core Feed
File analysis
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
ICS Phishing
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Detection Method: File analysis
File analysis breaks down and inspects file contents, formats, and embedded elements to uncover hidden threats. This method goes beyond basic file attributes, deeply examining the inner structure of files to find potentially malicious content that looks legitimate on the surface.
File analysis helps detect:
Malicious macros in Office documents (Word, Excel, PowerPoint)
Obfuscated scripts hidden in PDFs or other document types
Executable code disguised in non-executable files
Hidden text content using encoding or steganography
Suspicious metadata or file properties suggesting tampering
Blog Posts
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Scripting Vector Grifts: SVG phishing with smuggled JS and adversary in the middle tactics · Blog · Sublime Security
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Detecting QakBot: WSF attachments, OneNote files, and generic attack surface reduction · Blog · Sublime Security
Attack Types (6):
Malware/Ransomware
Credential Phishing
Callback Phishing
BEC/Fraud
Extortion
Spam
Tactics & Techniques (25):
QR code
Image as content
Evasion
PDF
Impersonation: Brand
Lookalike domain
Social engineering
ICS Phishing
Free email provider
Encryption
Macros
Open redirect
Free file host
Spoofing
Scripting
HTML smuggling
Out of band pivot
Free subdomain host
Exploit
Impersonation: VIP
LNK
OneNote
Impersonation: Employee
IPFS
ISO
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Attachment: SVG files with evasion elements
1d ago
May 8th, 2026
Sublime Security
Malware/Ransomware
Credential Phishing
QR code
Image as content
Evasion
File analysis
XML analysis
QR code analysis
Sender analysis
Malware/Ransomware
Credential Phishing
QR code
Image as content
Evasion
File analysis
XML analysis
QR code analysis
Sender analysis
Attachment: Suspicious PDF created with headless browser
2d ago
May 7th, 2026
Sublime Security
Credential Phishing
Evasion
PDF
Content analysis
Exif analysis
File analysis
Optical Character Recognition
Credential Phishing
Evasion
PDF
Content analysis
Exif analysis
File analysis
Optical Character Recognition
Brand Impersonation: PayPal
2d ago
May 7th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Computer Vision
Content analysis
File analysis
Header analysis
Sender analysis
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Computer Vision
Content analysis
File analysis
Header analysis
Sender analysis
Callback phishing via calendar invite
3d ago
May 6th, 2026
Sublime Security
Callback Phishing
Social engineering
Evasion
ICS Phishing
File analysis
Header analysis
Natural Language Understanding
Sender analysis
Callback Phishing
Social engineering
Evasion
ICS Phishing
File analysis
Header analysis
Natural Language Understanding
Sender analysis
Callback phishing via Google Group abuse
5d ago
May 4th, 2026
Sublime Security
Callback Phishing
Free email provider
Impersonation: Brand
Social engineering
File analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
Callback Phishing
Free email provider
Impersonation: Brand
Social engineering
File analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
Callback phishing: AOL senders with suspicious HTML template or PDF attachment
5d ago
May 4th, 2026
Sublime Security
Callback Phishing
Free email provider
Social engineering
Content analysis
Header analysis
File analysis
HTML analysis
Exif analysis
Sender analysis
Callback Phishing
Free email provider
Social engineering
Content analysis
Header analysis
File analysis
HTML analysis
Exif analysis
Sender analysis
Brand impersonation: SharePoint PDF attachment with credential theft language
5d ago
May 4th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
PDF
Evasion
Computer Vision
File analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
Header analysis
Whois
Credential Phishing
Impersonation: Brand
Social engineering
PDF
Evasion
Computer Vision
File analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
Header analysis
Whois
Brand impersonation: Sharepoint
5d ago
May 4th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
File analysis
Natural Language Understanding
Sender analysis
Credential Phishing
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
File analysis
Natural Language Understanding
Sender analysis
Attachment: PDF with suspicious HeadlessChrome metadata
8d ago
May 1st, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
PDF
File analysis
Exif analysis
Credential Phishing
Malware/Ransomware
Evasion
PDF
File analysis
Exif analysis
Attachment with unscannable encrypted zip
9d ago
Apr 30th, 2026
Sublime Security
Malware/Ransomware
Encryption
Evasion
Archive analysis
File analysis
YARA
Malware/Ransomware
Encryption
Evasion
Archive analysis
File analysis
YARA
Attachment: QR code with userinfo portion
9d ago
Apr 30th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Image as content
PDF
QR code
QR code analysis
File analysis
Sender analysis
Credential Phishing
Malware/Ransomware
Evasion
Image as content
PDF
QR code
QR code analysis
File analysis
Sender analysis
Attachment: Fake voicemail via PDF
9d ago
Apr 30th, 2026
Sublime Security
Credential Phishing
PDF
QR code
Social engineering
Computer Vision
Content analysis
File analysis
Optical Character Recognition
QR code analysis
URL analysis
Credential Phishing
PDF
QR code
Social engineering
Computer Vision
Content analysis
File analysis
Optical Character Recognition
QR code analysis
URL analysis
Adobe branded PDF file linking to a password-protected file from untrusted sender
10d ago
Apr 29th, 2026
Sublime Security
Malware/Ransomware
Encryption
Evasion
Impersonation: Brand
PDF
Archive analysis
File analysis
Natural Language Understanding
Optical Character Recognition
Malware/Ransomware
Encryption
Evasion
Impersonation: Brand
PDF
Archive analysis
File analysis
Natural Language Understanding
Optical Character Recognition
Attachment: Decoy PDF author (Julie P.)
10d ago
Apr 29th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
PDF
File analysis
Content analysis
Credential Phishing
Impersonation: Brand
PDF
File analysis
Content analysis
Attachment: QR code link with base64-encoded recipient address
10d ago
Apr 29th, 2026
Sublime Security
Credential Phishing
QR code
Image as content
Social engineering
Evasion
PDF
Macros
Computer Vision
File analysis
Natural Language Understanding
QR code analysis
Sender analysis
Credential Phishing
QR code
Image as content
Social engineering
Evasion
PDF
Macros
Computer Vision
File analysis
Natural Language Understanding
QR code analysis
Sender analysis
MalwareBazaar: Malicious attachment hash in archive (trusted reporters)
10d ago
Apr 29th, 2026
Sublime Security
Malware/Ransomware
Evasion
Archive analysis
File analysis
Sender analysis
Threat intelligence
Malware/Ransomware
Evasion
Archive analysis
File analysis
Sender analysis
Threat intelligence
Attachment: Link to Doubleclick.net open redirect
10d ago
Apr 29th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Evasion
Open redirect
Social engineering
Content analysis
File analysis
URL analysis
BEC/Fraud
Credential Phishing
Evasion
Open redirect
Social engineering
Content analysis
File analysis
URL analysis
Attachment: ICS file with AWS Lambda URL
11d ago
Apr 28th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Free file host
ICS Phishing
Content analysis
File analysis
URL analysis
Credential Phishing
Malware/Ransomware
Evasion
Free file host
ICS Phishing
Content analysis
File analysis
URL analysis
Non-RFC compliant calendar files from unsolicited sender
11d ago
Apr 28th, 2026
Sublime Security
Evasion
ICS Phishing
Social engineering
Archive analysis
Content analysis
File analysis
Sender analysis
Evasion
ICS Phishing
Social engineering
Archive analysis
Content analysis
File analysis
Sender analysis
Attachment: ICS with embedded document
11d ago
Apr 28th, 2026
Sublime Security
Malware/Ransomware
Evasion
ICS Phishing
File analysis
Malware/Ransomware
Evasion
ICS Phishing
File analysis
Page 1 of 14

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Attachment: SVG files with evasion elements	1d ago May 8th, 2026	Sublime Security	Malware/Ransomware Credential Phishing QR code Image as content Evasion File analysis XML analysis QR code analysis Sender analysis
Attachment: Suspicious PDF created with headless browser	2d ago May 7th, 2026	Sublime Security	Credential Phishing Evasion PDF Content analysis Exif analysis File analysis Optical Character Recognition
Brand Impersonation: PayPal	2d ago May 7th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Content analysis File analysis Header analysis Sender analysis
Callback phishing via calendar invite	3d ago May 6th, 2026	Sublime Security	Callback Phishing Social engineering Evasion ICS Phishing File analysis Header analysis Natural Language Understanding Sender analysis
Callback phishing via Google Group abuse	5d ago May 4th, 2026	Sublime Security	Callback Phishing Free email provider Impersonation: Brand Social engineering File analysis Natural Language Understanding Optical Character Recognition Sender analysis
Callback phishing: AOL senders with suspicious HTML template or PDF attachment	5d ago May 4th, 2026	Sublime Security	Callback Phishing Free email provider Social engineering Content analysis Header analysis File analysis HTML analysis Exif analysis Sender analysis
Brand impersonation: SharePoint PDF attachment with credential theft language	5d ago May 4th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Social engineering PDF Evasion Computer Vision File analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis Header analysis Whois
Brand impersonation: Sharepoint	5d ago May 4th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Natural Language Understanding Sender analysis
Attachment: PDF with suspicious HeadlessChrome metadata	8d ago May 1st, 2026	Sublime Security	Credential Phishing Malware/Ransomware Evasion PDF File analysis Exif analysis
Attachment with unscannable encrypted zip	9d ago Apr 30th, 2026	Sublime Security	Malware/Ransomware Encryption Evasion Archive analysis File analysis YARA
Attachment: QR code with userinfo portion	9d ago Apr 30th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Evasion Image as content PDF QR code QR code analysis File analysis Sender analysis
Attachment: Fake voicemail via PDF	9d ago Apr 30th, 2026	Sublime Security	Credential Phishing PDF QR code Social engineering Computer Vision Content analysis File analysis Optical Character Recognition QR code analysis URL analysis
Adobe branded PDF file linking to a password-protected file from untrusted sender	10d ago Apr 29th, 2026	Sublime Security	Malware/Ransomware Encryption Evasion Impersonation: Brand PDF Archive analysis File analysis Natural Language Understanding Optical Character Recognition
Attachment: Decoy PDF author (Julie P.)	10d ago Apr 29th, 2026	Sublime Security	Credential Phishing Impersonation: Brand PDF File analysis Content analysis
Attachment: QR code link with base64-encoded recipient address	10d ago Apr 29th, 2026	Sublime Security	Credential Phishing QR code Image as content Social engineering Evasion PDF Macros Computer Vision File analysis Natural Language Understanding QR code analysis Sender analysis
MalwareBazaar: Malicious attachment hash in archive (trusted reporters)	10d ago Apr 29th, 2026	Sublime Security	Malware/Ransomware Evasion Archive analysis File analysis Sender analysis Threat intelligence
Attachment: Link to Doubleclick.net open redirect	10d ago Apr 29th, 2026	Sublime Security	BEC/Fraud Credential Phishing Evasion Open redirect Social engineering Content analysis File analysis URL analysis
Attachment: ICS file with AWS Lambda URL	11d ago Apr 28th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Evasion Free file host ICS Phishing Content analysis File analysis URL analysis
Non-RFC compliant calendar files from unsolicited sender	11d ago Apr 28th, 2026	Sublime Security	Evasion ICS Phishing Social engineering Archive analysis Content analysis File analysis Sender analysis
Attachment: ICS with embedded document	11d ago Apr 28th, 2026	Sublime Security	Malware/Ransomware Evasion ICS Phishing File analysis