Sublime Security

Sublime Core Feed
File analysis
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
ICS Phishing
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Detection Method: File analysis
File analysis breaks down and inspects file contents, formats, and embedded elements to uncover hidden threats. This method goes beyond basic file attributes, deeply examining the inner structure of files to find potentially malicious content that looks legitimate on the surface.
File analysis helps detect:
Malicious macros in Office documents (Word, Excel, PowerPoint)
Obfuscated scripts hidden in PDFs or other document types
Executable code disguised in non-executable files
Hidden text content using encoding or steganography
Suspicious metadata or file properties suggesting tampering
Blog Posts
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Scripting Vector Grifts: SVG phishing with smuggled JS and adversary in the middle tactics · Blog · Sublime Security
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Detecting QakBot: WSF attachments, OneNote files, and generic attack surface reduction · Blog · Sublime Security
Attack Types (6):
Credential Phishing
Malware/Ransomware
Callback Phishing
BEC/Fraud
Extortion
Spam
Tactics & Techniques (25):
Impersonation: Brand
Evasion
PDF
Open redirect
Social engineering
Lookalike domain
ICS Phishing
QR code
Image as content
HTML smuggling
Scripting
Free email provider
Encryption
Macros
Spoofing
Free file host
Out of band pivot
Free subdomain host
Exploit
Impersonation: VIP
LNK
OneNote
Impersonation: Employee
IPFS
ISO
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Attachment: Microsoft OAuth credential harvesting via EML with embedded malicious links
12h ago
Jun 1st, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Evasion
PDF
File analysis
URL analysis
Content analysis
Credential Phishing
Impersonation: Brand
Evasion
PDF
File analysis
URL analysis
Content analysis
Open redirect: Hakumonkai.org
13h ago
Jun 1st, 2026
Sublime Security
Credential Phishing
Open redirect
URL analysis
File analysis
Credential Phishing
Open redirect
URL analysis
File analysis
Brand impersonation: Sharepoint
14h ago
Jun 1st, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
File analysis
Natural Language Understanding
Sender analysis
Credential Phishing
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
File analysis
Natural Language Understanding
Sender analysis
Brand impersonation: Adobe Acrobat Sign PDF phishing file format template
14h ago
Jun 1st, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
PDF
Computer Vision
Optical Character Recognition
File analysis
Credential Phishing
Impersonation: Brand
PDF
Computer Vision
Optical Character Recognition
File analysis
Attachment: PDF with specific author metadata
20h ago
Jun 1st, 2026
Sublime Security
Credential Phishing
PDF
Exif analysis
File analysis
Credential Phishing
PDF
Exif analysis
File analysis
Brand Impersonation: PayPal
21h ago
Jun 1st, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Computer Vision
Content analysis
File analysis
Header analysis
Sender analysis
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Computer Vision
Content analysis
File analysis
Header analysis
Sender analysis
Attachment: ICS calendar file with suspicious product identifier
4d ago
May 29th, 2026
Sublime Security
Credential Phishing
Evasion
Social engineering
ICS Phishing
File analysis
Content analysis
Credential Phishing
Evasion
Social engineering
ICS Phishing
File analysis
Content analysis
Attachment: Compensation-themed DOCX with QR code credential theft
4d ago
May 29th, 2026
Sublime Security
Credential Phishing
QR code
Social engineering
Impersonation: Brand
File analysis
Optical Character Recognition
QR code analysis
Natural Language Understanding
Exif analysis
Content analysis
Credential Phishing
QR code
Social engineering
Impersonation: Brand
File analysis
Optical Character Recognition
QR code analysis
Natural Language Understanding
Exif analysis
Content analysis
Attachment: SVG file with hyperlinks and cursor styling
13d ago
May 20th, 2026
Sublime Security
Credential Phishing
Evasion
Image as content
File analysis
XML analysis
Content analysis
Credential Phishing
Evasion
Image as content
File analysis
XML analysis
Content analysis
Attachment: SVG file with HTML entity encoded href attributes
13d ago
May 20th, 2026
Sublime Security
Malware/Ransomware
Credential Phishing
Evasion
HTML smuggling
File analysis
Content analysis
Malware/Ransomware
Credential Phishing
Evasion
HTML smuggling
File analysis
Content analysis
Attachment: PDF with suspicious link and action-oriented language
15d ago
May 18th, 2026
Sublime Security
Credential Phishing
PDF
Social engineering
Evasion
File analysis
URL analysis
Content analysis
URL screenshot
Credential Phishing
PDF
Social engineering
Evasion
File analysis
URL analysis
Content analysis
URL screenshot
X (Twitter) impersonation with credential phishing motives
18d ago
May 15th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Computer Vision
File analysis
Header analysis
Optical Character Recognition
Natural Language Understanding
Sender analysis
Credential Phishing
Impersonation: Brand
Social engineering
Computer Vision
File analysis
Header analysis
Optical Character Recognition
Natural Language Understanding
Sender analysis
Attachment: Small text file with link containing recipient email address
19d ago
May 14th, 2026
Sublime Security
Credential Phishing
Evasion
Social engineering
File analysis
URL analysis
Credential Phishing
Evasion
Social engineering
File analysis
URL analysis
Attachment: Embedded VBScript in MHT file
19d ago
May 14th, 2026
Sublime Security
Malware/Ransomware
Evasion
Scripting
Archive analysis
File analysis
HTML analysis
Malware/Ransomware
Evasion
Scripting
Archive analysis
File analysis
HTML analysis
Attachment: Microsoft impersonation via PDF with link and suspicious language
19d ago
May 14th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Image as content
Impersonation: Brand
PDF
Scripting
Social engineering
Computer Vision
File analysis
Header analysis
Natural Language Understanding
Sender analysis
Credential Phishing
Malware/Ransomware
Image as content
Impersonation: Brand
PDF
Scripting
Social engineering
Computer Vision
File analysis
Header analysis
Natural Language Understanding
Sender analysis
Attachment: PDF with a suspicious string and single URL
20d ago
May 13th, 2026
Sublime Security
Credential Phishing
PDF
Social engineering
Evasion
Content analysis
File analysis
URL analysis
Exif analysis
Credential Phishing
PDF
Social engineering
Evasion
Content analysis
File analysis
URL analysis
Exif analysis
Callback phishing via calendar invite
21d ago
May 12th, 2026
Sublime Security
Callback Phishing
Social engineering
Evasion
ICS Phishing
File analysis
Header analysis
Natural Language Understanding
Sender analysis
Callback Phishing
Social engineering
Evasion
ICS Phishing
File analysis
Header analysis
Natural Language Understanding
Sender analysis
Attachment: ICS calendar file with base64 encoded recipient address in URL parameters
21d ago
May 12th, 2026
Sublime Security
Credential Phishing
Evasion
Social engineering
ICS Phishing
File analysis
URL analysis
Content analysis
Credential Phishing
Evasion
Social engineering
ICS Phishing
File analysis
URL analysis
Content analysis
Attachment: SVG files with evasion elements
25d ago
May 8th, 2026
Sublime Security
Malware/Ransomware
Credential Phishing
QR code
Image as content
Evasion
File analysis
XML analysis
QR code analysis
Sender analysis
Malware/Ransomware
Credential Phishing
QR code
Image as content
Evasion
File analysis
XML analysis
QR code analysis
Sender analysis
Attachment: Suspicious PDF created with headless browser
26d ago
May 7th, 2026
Sublime Security
Credential Phishing
Evasion
PDF
Content analysis
Exif analysis
File analysis
Optical Character Recognition
Credential Phishing
Evasion
PDF
Content analysis
Exif analysis
File analysis
Optical Character Recognition
Page 1 of 14

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Attachment: Microsoft OAuth credential harvesting via EML with embedded malicious links	12h ago Jun 1st, 2026	Sublime Security	Credential Phishing Impersonation: Brand Evasion PDF File analysis URL analysis Content analysis
Open redirect: Hakumonkai.org	13h ago Jun 1st, 2026	Sublime Security	Credential Phishing Open redirect URL analysis File analysis
Brand impersonation: Sharepoint	14h ago Jun 1st, 2026	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Natural Language Understanding Sender analysis
Brand impersonation: Adobe Acrobat Sign PDF phishing file format template	14h ago Jun 1st, 2026	Sublime Security	Credential Phishing Impersonation: Brand PDF Computer Vision Optical Character Recognition File analysis
Attachment: PDF with specific author metadata	20h ago Jun 1st, 2026	Sublime Security	Credential Phishing PDF Exif analysis File analysis
Brand Impersonation: PayPal	21h ago Jun 1st, 2026	Sublime Security	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Computer Vision Content analysis File analysis Header analysis Sender analysis
Attachment: ICS calendar file with suspicious product identifier	4d ago May 29th, 2026	Sublime Security	Credential Phishing Evasion Social engineering ICS Phishing File analysis Content analysis
Attachment: Compensation-themed DOCX with QR code credential theft	4d ago May 29th, 2026	Sublime Security	Credential Phishing QR code Social engineering Impersonation: Brand File analysis Optical Character Recognition QR code analysis Natural Language Understanding Exif analysis Content analysis
Attachment: SVG file with hyperlinks and cursor styling	13d ago May 20th, 2026	Sublime Security	Credential Phishing Evasion Image as content File analysis XML analysis Content analysis
Attachment: SVG file with HTML entity encoded href attributes	13d ago May 20th, 2026	Sublime Security	Malware/Ransomware Credential Phishing Evasion HTML smuggling File analysis Content analysis
Attachment: PDF with suspicious link and action-oriented language	15d ago May 18th, 2026	Sublime Security	Credential Phishing PDF Social engineering Evasion File analysis URL analysis Content analysis URL screenshot
X (Twitter) impersonation with credential phishing motives	18d ago May 15th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Computer Vision File analysis Header analysis Optical Character Recognition Natural Language Understanding Sender analysis
Attachment: Small text file with link containing recipient email address	19d ago May 14th, 2026	Sublime Security	Credential Phishing Evasion Social engineering File analysis URL analysis
Attachment: Embedded VBScript in MHT file	19d ago May 14th, 2026	Sublime Security	Malware/Ransomware Evasion Scripting Archive analysis File analysis HTML analysis
Attachment: Microsoft impersonation via PDF with link and suspicious language	19d ago May 14th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Image as content Impersonation: Brand PDF Scripting Social engineering Computer Vision File analysis Header analysis Natural Language Understanding Sender analysis
Attachment: PDF with a suspicious string and single URL	20d ago May 13th, 2026	Sublime Security	Credential Phishing PDF Social engineering Evasion Content analysis File analysis URL analysis Exif analysis
Callback phishing via calendar invite	21d ago May 12th, 2026	Sublime Security	Callback Phishing Social engineering Evasion ICS Phishing File analysis Header analysis Natural Language Understanding Sender analysis
Attachment: ICS calendar file with base64 encoded recipient address in URL parameters	21d ago May 12th, 2026	Sublime Security	Credential Phishing Evasion Social engineering ICS Phishing File analysis URL analysis Content analysis
Attachment: SVG files with evasion elements	25d ago May 8th, 2026	Sublime Security	Malware/Ransomware Credential Phishing QR code Image as content Evasion File analysis XML analysis QR code analysis Sender analysis
Attachment: Suspicious PDF created with headless browser	26d ago May 7th, 2026	Sublime Security	Credential Phishing Evasion PDF Content analysis Exif analysis File analysis Optical Character Recognition