Sublime Security

Sublime Core Feed
File analysis
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
ICS Phishing
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Detection Method: File analysis
File analysis breaks down and inspects file contents, formats, and embedded elements to uncover hidden threats. This method goes beyond basic file attributes, deeply examining the inner structure of files to find potentially malicious content that looks legitimate on the surface.
File analysis helps detect:
Malicious macros in Office documents (Word, Excel, PowerPoint)
Obfuscated scripts hidden in PDFs or other document types
Executable code disguised in non-executable files
Hidden text content using encoding or steganography
Suspicious metadata or file properties suggesting tampering
Blog Posts
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Scripting Vector Grifts: SVG phishing with smuggled JS and adversary in the middle tactics · Blog · Sublime Security
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Detecting QakBot: WSF attachments, OneNote files, and generic attack surface reduction · Blog · Sublime Security
Attack Types (6):
Credential Phishing
Malware/Ransomware
BEC/Fraud
Callback Phishing
Extortion
Spam
Tactics & Techniques (25):
PDF
Social engineering
Evasion
Encryption
QR code
Free file host
Free email provider
HTML smuggling
Macros
Open redirect
Out of band pivot
Image as content
Impersonation: Brand
Free subdomain host
ICS Phishing
Lookalike domain
Scripting
Spoofing
Exploit
Impersonation: VIP
Impersonation: Employee
LNK
OneNote
IPFS
ISO
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Attachment: PDF with a suspicious string and single URL
6d ago
Jun 17th, 2026
Sublime Security
Credential Phishing
PDF
Social engineering
Evasion
Content analysis
File analysis
URL analysis
Exif analysis
Credential Phishing
PDF
Social engineering
Evasion
Content analysis
File analysis
URL analysis
Exif analysis
Attachment: PDF Object Hash associated with fake Canada Revenue Agency documents
6d ago
Jun 17th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
PDF
Evasion
File analysis
Threat intelligence
Credential Phishing
Malware/Ransomware
PDF
Evasion
File analysis
Threat intelligence
Attachment: Encrypted PDF with credential theft body
6d ago
Jun 17th, 2026
Sublime Security
Credential Phishing
Encryption
Evasion
PDF
Social engineering
Content analysis
Exif analysis
File analysis
Natural Language Understanding
Sender analysis
Credential Phishing
Encryption
Evasion
PDF
Social engineering
Content analysis
Exif analysis
File analysis
Natural Language Understanding
Sender analysis
Attachment: PDF file with recipient domain and ATT eCheckRun pattern
7d ago
Jun 16th, 2026
Sublime Security
BEC/Fraud
PDF
Social engineering
File analysis
Content analysis
BEC/Fraud
PDF
Social engineering
File analysis
Content analysis
Attachment: Fake PDF Invoices Yara
7d ago
Jun 16th, 2026
Sublime Security
Malware/Ransomware
Credential Phishing
PDF
Social engineering
Content analysis
File analysis
YARA
Malware/Ransomware
Credential Phishing
PDF
Social engineering
Content analysis
File analysis
YARA
Attachment: JPEG with gd-jpeg creator and suspicious file name
11d ago
Jun 12th, 2026
Sublime Security
Credential Phishing
Evasion
File analysis
Exif analysis
Credential Phishing
Evasion
File analysis
Exif analysis
Attachment: MS OOXML file created by Administrator with zero edit time
11d ago
Jun 12th, 2026
Sublime Security
Malware/Ransomware
Evasion
Exif analysis
File analysis
Malware/Ransomware
Evasion
Exif analysis
File analysis
Attachment: PDF with recipient email in link
13d ago
Jun 10th, 2026
Sublime Security
Credential Phishing
PDF
QR code
Encryption
Social engineering
File analysis
QR code analysis
URL analysis
Credential Phishing
PDF
QR code
Encryption
Social engineering
File analysis
QR code analysis
URL analysis
Attachment: PDF with self-service platform links with self sender or blank recipients
13d ago
Jun 10th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
PDF
Evasion
Free file host
File analysis
Exif analysis
URL analysis
Sender analysis
BEC/Fraud
Credential Phishing
PDF
Evasion
Free file host
File analysis
Exif analysis
URL analysis
Sender analysis
Attachment: PDF with QR code containing recipient-specific credential theft content
13d ago
Jun 10th, 2026
Sublime Security
Credential Phishing
PDF
QR code
Social engineering
File analysis
Natural Language Understanding
QR code analysis
Content analysis
Credential Phishing
PDF
QR code
Social engineering
File analysis
Natural Language Understanding
QR code analysis
Content analysis
Attachment: PDF with fake invoice using suspicious font sizing
14d ago
Jun 9th, 2026
Sublime Security
BEC/Fraud
Callback Phishing
PDF
Social engineering
File analysis
YARA
Content analysis
BEC/Fraud
Callback Phishing
PDF
Social engineering
File analysis
YARA
Content analysis
Attachment: Encrypted PDF With Credential Harvesting Indicators
18d ago
Jun 5th, 2026
Sublime Security
Credential Phishing
Encryption
Evasion
PDF
File analysis
YARA
Credential Phishing
Encryption
Evasion
PDF
File analysis
YARA
Attachment: PDF with blurry lure image
18d ago
Jun 5th, 2026
Sublime Security
Credential Phishing
PDF
File analysis
YARA
Credential Phishing
PDF
File analysis
YARA
Attachment: Canva PDF with susupicious author metadata
18d ago
Jun 5th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Free email provider
PDF
Exif analysis
File analysis
BEC/Fraud
Credential Phishing
Free email provider
PDF
Exif analysis
File analysis
Attachment: PDF with eCheckRun lures
18d ago
Jun 5th, 2026
Sublime Security
Credential Phishing
PDF
File analysis
YARA
Credential Phishing
PDF
File analysis
YARA
Attachment: PDF Object Hash with Blue File Icon
18d ago
Jun 5th, 2026
Sublime Security
Malware/Ransomware
PDF
Evasion
File analysis
Malware/Ransomware
PDF
Evasion
File analysis
Attachment: EML file contains HTML attachment with login portal indicators
18d ago
Jun 5th, 2026
Sublime Security
Credential Phishing
Evasion
HTML smuggling
Content analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Sender analysis
Credential Phishing
Evasion
HTML smuggling
Content analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Sender analysis
Attachment with auto-executing macro (unsolicited)
18d ago
Jun 5th, 2026
Sublime Security
Malware/Ransomware
Macros
Archive analysis
Header analysis
File analysis
Macro analysis
OLE analysis
Sender analysis
Malware/Ransomware
Macros
Archive analysis
Header analysis
File analysis
Macro analysis
OLE analysis
Sender analysis
Open Redirect: Google domain with /url path and suspicious indicators
18d ago
Jun 5th, 2026
Sublime Security
Credential Phishing
Evasion
Open redirect
Computer Vision
Content analysis
File analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
Credential Phishing
Evasion
Open redirect
Computer Vision
Content analysis
File analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
BEC/Fraud: Job scam fake thread or plaintext pivot to freemail
18d ago
Jun 5th, 2026
Sublime Security
BEC/Fraud
Free email provider
Out of band pivot
Content analysis
File analysis
Natural Language Understanding
BEC/Fraud
Free email provider
Out of band pivot
Content analysis
File analysis
Natural Language Understanding
Page 1 of 15

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Attachment: PDF with a suspicious string and single URL	6d ago Jun 17th, 2026	Sublime Security	Credential Phishing PDF Social engineering Evasion Content analysis File analysis URL analysis Exif analysis
Attachment: PDF Object Hash associated with fake Canada Revenue Agency documents	6d ago Jun 17th, 2026	Sublime Security	Credential Phishing Malware/Ransomware PDF Evasion File analysis Threat intelligence
Attachment: Encrypted PDF with credential theft body	6d ago Jun 17th, 2026	Sublime Security	Credential Phishing Encryption Evasion PDF Social engineering Content analysis Exif analysis File analysis Natural Language Understanding Sender analysis
Attachment: PDF file with recipient domain and ATT eCheckRun pattern	7d ago Jun 16th, 2026	Sublime Security	BEC/Fraud PDF Social engineering File analysis Content analysis
Attachment: Fake PDF Invoices Yara	7d ago Jun 16th, 2026	Sublime Security	Malware/Ransomware Credential Phishing PDF Social engineering Content analysis File analysis YARA
Attachment: JPEG with gd-jpeg creator and suspicious file name	11d ago Jun 12th, 2026	Sublime Security	Credential Phishing Evasion File analysis Exif analysis
Attachment: MS OOXML file created by Administrator with zero edit time	11d ago Jun 12th, 2026	Sublime Security	Malware/Ransomware Evasion Exif analysis File analysis
Attachment: PDF with recipient email in link	13d ago Jun 10th, 2026	Sublime Security	Credential Phishing PDF QR code Encryption Social engineering File analysis QR code analysis URL analysis
Attachment: PDF with self-service platform links with self sender or blank recipients	13d ago Jun 10th, 2026	Sublime Security	BEC/Fraud Credential Phishing PDF Evasion Free file host File analysis Exif analysis URL analysis Sender analysis
Attachment: PDF with QR code containing recipient-specific credential theft content	13d ago Jun 10th, 2026	Sublime Security	Credential Phishing PDF QR code Social engineering File analysis Natural Language Understanding QR code analysis Content analysis
Attachment: PDF with fake invoice using suspicious font sizing	14d ago Jun 9th, 2026	Sublime Security	BEC/Fraud Callback Phishing PDF Social engineering File analysis YARA Content analysis
Attachment: Encrypted PDF With Credential Harvesting Indicators	18d ago Jun 5th, 2026	Sublime Security	Credential Phishing Encryption Evasion PDF File analysis YARA
Attachment: PDF with blurry lure image	18d ago Jun 5th, 2026	Sublime Security	Credential Phishing PDF File analysis YARA
Attachment: Canva PDF with susupicious author metadata	18d ago Jun 5th, 2026	Sublime Security	BEC/Fraud Credential Phishing Free email provider PDF Exif analysis File analysis
Attachment: PDF with eCheckRun lures	18d ago Jun 5th, 2026	Sublime Security	Credential Phishing PDF File analysis YARA
Attachment: PDF Object Hash with Blue File Icon	18d ago Jun 5th, 2026	Sublime Security	Malware/Ransomware PDF Evasion File analysis
Attachment: EML file contains HTML attachment with login portal indicators	18d ago Jun 5th, 2026	Sublime Security	Credential Phishing Evasion HTML smuggling Content analysis File analysis Header analysis HTML analysis Javascript analysis Sender analysis
Attachment with auto-executing macro (unsolicited)	18d ago Jun 5th, 2026	Sublime Security	Malware/Ransomware Macros Archive analysis Header analysis File analysis Macro analysis OLE analysis Sender analysis
Open Redirect: Google domain with /url path and suspicious indicators	18d ago Jun 5th, 2026	Sublime Security	Credential Phishing Evasion Open redirect Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis
BEC/Fraud: Job scam fake thread or plaintext pivot to freemail	18d ago Jun 5th, 2026	Sublime Security	BEC/Fraud Free email provider Out of band pivot Content analysis File analysis Natural Language Understanding