Sublime Security

Sublime Core Feed
File analysis
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Detection Method: File analysis
File analysis breaks down and inspects file contents, formats, and embedded elements to uncover hidden threats. This method goes beyond basic file attributes, deeply examining the inner structure of files to find potentially malicious content that looks legitimate on the surface.
File analysis helps detect:
Malicious macros in Office documents (Word, Excel, PowerPoint)
Obfuscated scripts hidden in PDFs or other document types
Executable code disguised in non-executable files
Hidden text content using encoding or steganography
Suspicious metadata or file properties suggesting tampering
Blog Posts
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Scripting Vector Grifts: SVG phishing with smuggled JS and adversary in the middle tactics · Blog · Sublime Security
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Detecting QakBot: WSF attachments, OneNote files, and generic attack surface reduction · Blog · Sublime Security
Attack Types (6):
Credential Phishing
BEC/Fraud
Malware/Ransomware
Extortion
Spam
Callback Phishing
Tactics & Techniques (24):
QR code
Social engineering
Evasion
Impersonation: Brand
PDF
Spoofing
Encryption
Open redirect
Image as content
Free file host
Lookalike domain
Free subdomain host
Out of band pivot
Exploit
HTML smuggling
Scripting
Macros
Impersonation: VIP
LNK
OneNote
Free email provider
Impersonation: Employee
IPFS
ISO
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Attachment: ICS calendar file with QR code containing recipient email address
2d ago
Apr 20th, 2026
Sublime Security
Credential Phishing
QR code
Social engineering
Evasion
File analysis
QR code analysis
URL analysis
Content analysis
Credential Phishing
QR code
Social engineering
Evasion
File analysis
QR code analysis
URL analysis
Content analysis
Attachment: ICS file with links to newly registered domains
2d ago
Apr 20th, 2026
Sublime Security
Credential Phishing
Social engineering
File analysis
URL analysis
Whois
Credential Phishing
Social engineering
File analysis
URL analysis
Whois
Attachment: ICS calendar file with recipient address in UID field
2d ago
Apr 20th, 2026
Sublime Security
Credential Phishing
Social engineering
File analysis
Content analysis
Credential Phishing
Social engineering
File analysis
Content analysis
Attachment: PDF With SAI Global ISO9001 Logo
7d ago
Apr 15th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
PDF
File analysis
YARA
Credential Phishing
Impersonation: Brand
PDF
File analysis
YARA
Attachment: PDF with split QR code
7d ago
Apr 15th, 2026
Sublime Security
Credential Phishing
Evasion
PDF
QR code
File analysis
YARA
QR code analysis
Credential Phishing
Evasion
PDF
QR code
File analysis
YARA
QR code analysis
Brand impersonation: Amazon with suspicious attachment
8d ago
Apr 14th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Computer Vision
File analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
Credential Phishing
Impersonation: Brand
Social engineering
Computer Vision
File analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
Attachment: Fake voicemail via PDF
8d ago
Apr 14th, 2026
Sublime Security
Credential Phishing
PDF
QR code
Social engineering
Computer Vision
Content analysis
File analysis
Optical Character Recognition
QR code analysis
URL analysis
Credential Phishing
PDF
QR code
Social engineering
Computer Vision
Content analysis
File analysis
Optical Character Recognition
QR code analysis
URL analysis
Attachment: Compensation review lure with QR code
8d ago
Apr 14th, 2026
Sublime Security
Credential Phishing
PDF
QR code
Social engineering
File analysis
Optical Character Recognition
QR code analysis
Natural Language Understanding
Sender analysis
Header analysis
Credential Phishing
PDF
QR code
Social engineering
File analysis
Optical Character Recognition
QR code analysis
Natural Language Understanding
Sender analysis
Header analysis
Attachment: PDF with a suspicious string and single URL
12d ago
Apr 10th, 2026
Sublime Security
Credential Phishing
PDF
Social engineering
Evasion
Content analysis
File analysis
URL analysis
Exif analysis
Credential Phishing
PDF
Social engineering
Evasion
Content analysis
File analysis
URL analysis
Exif analysis
Attachment: PDF with credential theft language and invalid reply-to domain
12d ago
Apr 10th, 2026
Sublime Security
Credential Phishing
PDF
Social engineering
Spoofing
File analysis
Header analysis
Natural Language Understanding
Content analysis
Credential Phishing
PDF
Social engineering
Spoofing
File analysis
Header analysis
Natural Language Understanding
Content analysis
Attachment: Encrypted PDF with credential theft body
13d ago
Apr 9th, 2026
Sublime Security
Credential Phishing
Encryption
Evasion
PDF
Social engineering
Content analysis
Exif analysis
File analysis
Natural Language Understanding
Sender analysis
Credential Phishing
Encryption
Evasion
PDF
Social engineering
Content analysis
Exif analysis
File analysis
Natural Language Understanding
Sender analysis
Attachment: Calendar invite with Google redirect and invoice request
14d ago
Apr 8th, 2026
Sublime Security
Credential Phishing
BEC/Fraud
Open redirect
Social engineering
File analysis
Natural Language Understanding
URL analysis
Credential Phishing
BEC/Fraud
Open redirect
Social engineering
File analysis
Natural Language Understanding
URL analysis
Attachment: Encrypted ZIP containing VHDX file
19d ago
Apr 3rd, 2026
Sublime Security
Malware/Ransomware
Encryption
Evasion
Archive analysis
File analysis
Malware/Ransomware
Encryption
Evasion
Archive analysis
File analysis
Attachment: Legal themed message or PDF with suspicious indicators
19d ago
Apr 3rd, 2026
Sublime Security
Credential Phishing
Extortion
BEC/Fraud
Evasion
PDF
Social engineering
Content analysis
File analysis
Natural Language Understanding
Optical Character Recognition
URL analysis
Whois
Header analysis
Exif analysis
Credential Phishing
Extortion
BEC/Fraud
Evasion
PDF
Social engineering
Content analysis
File analysis
Natural Language Understanding
Optical Character Recognition
URL analysis
Whois
Header analysis
Exif analysis
Attachment: Cold outreach with invitation subject and not attachment
19d ago
Apr 3rd, 2026
Sublime Security
Spam
Social engineering
Image as content
Content analysis
Natural Language Understanding
File analysis
Spam
Social engineering
Image as content
Content analysis
Natural Language Understanding
File analysis
Attachment: ICS file with AWS Lambda URL
21d ago
Apr 1st, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Free file host
Content analysis
File analysis
URL analysis
Credential Phishing
Malware/Ransomware
Evasion
Free file host
Content analysis
File analysis
URL analysis
Attachment: EML with QR code redirecting to Cloudflare challenges
21d ago
Apr 1st, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
QR code
File analysis
QR code analysis
URL analysis
Archive analysis
Credential Phishing
Malware/Ransomware
Evasion
QR code
File analysis
QR code analysis
URL analysis
Archive analysis
Brand Impersonation: PayPal
23d ago
Mar 30th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Computer Vision
Content analysis
File analysis
Header analysis
Sender analysis
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Computer Vision
Content analysis
File analysis
Header analysis
Sender analysis
Attachment: PDF bid/proposal lure with credential theft indicators
26d ago
Mar 27th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
PDF
Social engineering
Free file host
Free subdomain host
File analysis
Content analysis
Optical Character Recognition
Natural Language Understanding
URL analysis
Exif analysis
BEC/Fraud
Credential Phishing
PDF
Social engineering
Free file host
Free subdomain host
File analysis
Content analysis
Optical Character Recognition
Natural Language Understanding
URL analysis
Exif analysis
Callback phishing in body or attachment (untrusted sender)
26d ago
Mar 27th, 2026
Sublime Security
Callback Phishing
Out of band pivot
Social engineering
Content analysis
File analysis
Optical Character Recognition
Natural Language Understanding
Sender analysis
Callback Phishing
Out of band pivot
Social engineering
Content analysis
File analysis
Optical Character Recognition
Natural Language Understanding
Sender analysis
Page 1 of 13

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Attachment: ICS calendar file with QR code containing recipient email address	2d ago Apr 20th, 2026	Sublime Security	Credential Phishing QR code Social engineering Evasion File analysis QR code analysis URL analysis Content analysis
Attachment: ICS file with links to newly registered domains	2d ago Apr 20th, 2026	Sublime Security	Credential Phishing Social engineering File analysis URL analysis Whois
Attachment: ICS calendar file with recipient address in UID field	2d ago Apr 20th, 2026	Sublime Security	Credential Phishing Social engineering File analysis Content analysis
Attachment: PDF With SAI Global ISO9001 Logo	7d ago Apr 15th, 2026	Sublime Security	Credential Phishing Impersonation: Brand PDF File analysis YARA
Attachment: PDF with split QR code	7d ago Apr 15th, 2026	Sublime Security	Credential Phishing Evasion PDF QR code File analysis YARA QR code analysis
Brand impersonation: Amazon with suspicious attachment	8d ago Apr 14th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis
Attachment: Fake voicemail via PDF	8d ago Apr 14th, 2026	Sublime Security	Credential Phishing PDF QR code Social engineering Computer Vision Content analysis File analysis Optical Character Recognition QR code analysis URL analysis
Attachment: Compensation review lure with QR code	8d ago Apr 14th, 2026	Sublime Security	Credential Phishing PDF QR code Social engineering File analysis Optical Character Recognition QR code analysis Natural Language Understanding Sender analysis Header analysis
Attachment: PDF with a suspicious string and single URL	12d ago Apr 10th, 2026	Sublime Security	Credential Phishing PDF Social engineering Evasion Content analysis File analysis URL analysis Exif analysis
Attachment: PDF with credential theft language and invalid reply-to domain	12d ago Apr 10th, 2026	Sublime Security	Credential Phishing PDF Social engineering Spoofing File analysis Header analysis Natural Language Understanding Content analysis
Attachment: Encrypted PDF with credential theft body	13d ago Apr 9th, 2026	Sublime Security	Credential Phishing Encryption Evasion PDF Social engineering Content analysis Exif analysis File analysis Natural Language Understanding Sender analysis
Attachment: Calendar invite with Google redirect and invoice request	14d ago Apr 8th, 2026	Sublime Security	Credential Phishing BEC/Fraud Open redirect Social engineering File analysis Natural Language Understanding URL analysis
Attachment: Encrypted ZIP containing VHDX file	19d ago Apr 3rd, 2026	Sublime Security	Malware/Ransomware Encryption Evasion Archive analysis File analysis
Attachment: Legal themed message or PDF with suspicious indicators	19d ago Apr 3rd, 2026	Sublime Security	Credential Phishing Extortion BEC/Fraud Evasion PDF Social engineering Content analysis File analysis Natural Language Understanding Optical Character Recognition URL analysis Whois Header analysis Exif analysis
Attachment: Cold outreach with invitation subject and not attachment	19d ago Apr 3rd, 2026	Sublime Security	Spam Social engineering Image as content Content analysis Natural Language Understanding File analysis
Attachment: ICS file with AWS Lambda URL	21d ago Apr 1st, 2026	Sublime Security	Credential Phishing Malware/Ransomware Evasion Free file host Content analysis File analysis URL analysis
Attachment: EML with QR code redirecting to Cloudflare challenges	21d ago Apr 1st, 2026	Sublime Security	Credential Phishing Malware/Ransomware Evasion QR code File analysis QR code analysis URL analysis Archive analysis
Brand Impersonation: PayPal	23d ago Mar 30th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Content analysis File analysis Header analysis Sender analysis
Attachment: PDF bid/proposal lure with credential theft indicators	26d ago Mar 27th, 2026	Sublime Security	BEC/Fraud Credential Phishing PDF Social engineering Free file host Free subdomain host File analysis Content analysis Optical Character Recognition Natural Language Understanding URL analysis Exif analysis
Callback phishing in body or attachment (untrusted sender)	26d ago Mar 27th, 2026	Sublime Security	Callback Phishing Out of band pivot Social engineering Content analysis File analysis Optical Character Recognition Natural Language Understanding Sender analysis