Sublime Security

Sublime Core Feed
Free file host
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
ICS Phishing
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Tactic or Technique: Free file host
Phishing attacks often use trusted file-sharing platforms like Google Drive, OneDrive, or Dropbox to deliver malicious content. Instead of attaching malware directly to an email, they send a link to a hosted file that contains a phishing page, ransomware, or another type of malicious payload.
Because these services are widely used and trusted, the links don’t always look suspicious—and many security tools allow them by default. Encrypted connections make it harder to inspect the content, and the familiar branding gives the message an added layer of credibility.
This tactic is effective because it blends in with everyday workflows. A file share link feels normal, especially if it’s framed as a contract, invoice, or shared HR document. That’s why it often gets past both technical defenses and human intuition. Without cloud-aware security controls or strong user training, it’s easy for one click to lead to compromise.
Blog Posts
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Living Off the Land: Callback Phishing via Docusign comment · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Attack Types (6):
Credential Phishing
BEC/Fraud
Malware/Ransomware
Spam
Callback Phishing
Extortion
Detection Methods (16):
Content analysis
Header analysis
Sender analysis
Computer Vision
Optical Character Recognition
URL analysis
HTML analysis
File analysis
Exif analysis
Natural Language Understanding
Threat intelligence
QR code analysis
Whois
Archive analysis
URL screenshot
Javascript analysis
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Service abuse: DocSend share from an unsolicited reply-to address
5d ago
Jun 18th, 2026
Sublime Security
Credential Phishing
Evasion
Free file host
Social engineering
Content analysis
Header analysis
Sender analysis
Credential Phishing
Evasion
Free file host
Social engineering
Content analysis
Header analysis
Sender analysis
Brand impersonation: Fake Fax
6d ago
Jun 17th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Image as content
Free file host
Free subdomain host
Social engineering
Computer Vision
Content analysis
Optical Character Recognition
Sender analysis
URL analysis
Credential Phishing
Impersonation: Brand
Image as content
Free file host
Free subdomain host
Social engineering
Computer Vision
Content analysis
Optical Character Recognition
Sender analysis
URL analysis
Impersonation: Fake product discount promotion
7d ago
Jun 16th, 2026
Sublime Security
BEC/Fraud
Social engineering
Free file host
Content analysis
HTML analysis
URL analysis
BEC/Fraud
Social engineering
Free file host
Content analysis
HTML analysis
URL analysis
Link: Document sharing invitation template
11d ago
Jun 12th, 2026
Sublime Security
Credential Phishing
Social engineering
Free file host
Content analysis
Credential Phishing
Social engineering
Free file host
Content analysis
Attachment: PDF with self-service platform links with self sender or blank recipients
13d ago
Jun 10th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
PDF
Evasion
Free file host
File analysis
Exif analysis
URL analysis
Sender analysis
BEC/Fraud
Credential Phishing
PDF
Evasion
Free file host
File analysis
Exif analysis
URL analysis
Sender analysis
Brand impersonation: Microsoft with low reputation links
18d ago
Jun 5th, 2026
Sublime Security
Credential Phishing
Free file host
Image as content
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
File analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
Credential Phishing
Free file host
Image as content
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
File analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
Service abuse: Linode Objects HTML file hosting
18d ago
Jun 5th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Free file host
Evasion
URL analysis
Content analysis
Credential Phishing
Malware/Ransomware
Free file host
Evasion
URL analysis
Content analysis
Service abuse: Citrix ShareFile impersonation via Outlook plugin
18d ago
Jun 5th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Free file host
Social engineering
File analysis
Content analysis
BEC/Fraud
Credential Phishing
Free file host
Social engineering
File analysis
Content analysis
Service abuse: Google OAuth with suspicious redirect destination
27d ago
May 27th, 2026
Sublime Security
Credential Phishing
Evasion
Free file host
Free subdomain host
Open redirect
Social engineering
URL analysis
Threat intelligence
Credential Phishing
Evasion
Free file host
Free subdomain host
Open redirect
Social engineering
URL analysis
Threat intelligence
Service abuse: Square marketing with suspicious QR code
28d ago
May 26th, 2026
Sublime Security
Credential Phishing
QR code
Free file host
Computer Vision
QR code analysis
Sender analysis
URL analysis
Credential Phishing
QR code
Free file host
Computer Vision
QR code analysis
Sender analysis
URL analysis
Link: Google Cloud Storage with suspicious URL pattern
28d ago
May 26th, 2026
Sublime Security
Credential Phishing
Free file host
Evasion
URL analysis
Credential Phishing
Free file host
Evasion
URL analysis
Link: Google Cloud Storage impersonating with googledrive in URL path
28d ago
May 26th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Free file host
URL analysis
Credential Phishing
Impersonation: Brand
Free file host
URL analysis
Cloud storage impersonation with credential theft indicators
1mo ago
May 12th, 2026
Sublime Security
Credential Phishing
Free file host
Image as content
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
Credential Phishing
Free file host
Image as content
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
Service abuse: Dropbox Paper with copy-paste instructions
1mo ago
May 7th, 2026
Sublime Security
Credential Phishing
Social engineering
Free file host
Evasion
Content analysis
URL analysis
Credential Phishing
Social engineering
Free file host
Evasion
Content analysis
URL analysis
Link: Google Calendar invite linking to an open redirect from an untrusted freemail sender
1mo ago
Apr 28th, 2026
Sublime Security
Spam
Free email provider
Free file host
ICS Phishing
Open redirect
Social engineering
Content analysis
Sender analysis
URL analysis
Spam
Free email provider
Free file host
ICS Phishing
Open redirect
Social engineering
Content analysis
Sender analysis
URL analysis
Attachment: ICS file with AWS Lambda URL
1mo ago
Apr 28th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Free file host
ICS Phishing
Content analysis
File analysis
URL analysis
Credential Phishing
Malware/Ransomware
Evasion
Free file host
ICS Phishing
Content analysis
File analysis
URL analysis
Attachment: Calendar invite with suspicious link leading to an open redirect
1mo ago
Apr 28th, 2026
Sublime Security
Spam
Free email provider
Free file host
Free subdomain host
ICS Phishing
Open redirect
Content analysis
URL analysis
Spam
Free email provider
Free file host
Free subdomain host
ICS Phishing
Open redirect
Content analysis
URL analysis
Link: Tax document lure Portuguese/Spanish with suspicious domains
2mo ago
Apr 14th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Malware/Ransomware
Free file host
Free subdomain host
Social engineering
Content analysis
URL analysis
Whois
BEC/Fraud
Credential Phishing
Malware/Ransomware
Free file host
Free subdomain host
Social engineering
Content analysis
URL analysis
Whois
Service abuse: GitHub notification with excessive mentions and suspicious links
2mo ago
Apr 7th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Free file host
Free subdomain host
Social engineering
Header analysis
URL analysis
Sender analysis
Whois
Credential Phishing
Malware/Ransomware
Free file host
Free subdomain host
Social engineering
Header analysis
URL analysis
Sender analysis
Whois
Link: Personalized URL with recipient address on commonly abused web service
2mo ago
Apr 1st, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Free file host
Social engineering
URL analysis
Header analysis
Credential Phishing
Malware/Ransomware
Free file host
Social engineering
URL analysis
Header analysis
Page 1 of 5

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Service abuse: DocSend share from an unsolicited reply-to address	5d ago Jun 18th, 2026	Sublime Security	Credential Phishing Evasion Free file host Social engineering Content analysis Header analysis Sender analysis
Brand impersonation: Fake Fax	6d ago Jun 17th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Image as content Free file host Free subdomain host Social engineering Computer Vision Content analysis Optical Character Recognition Sender analysis URL analysis
Impersonation: Fake product discount promotion	7d ago Jun 16th, 2026	Sublime Security	BEC/Fraud Social engineering Free file host Content analysis HTML analysis URL analysis
Link: Document sharing invitation template	11d ago Jun 12th, 2026	Sublime Security	Credential Phishing Social engineering Free file host Content analysis
Attachment: PDF with self-service platform links with self sender or blank recipients	13d ago Jun 10th, 2026	Sublime Security	BEC/Fraud Credential Phishing PDF Evasion Free file host File analysis Exif analysis URL analysis Sender analysis
Brand impersonation: Microsoft with low reputation links	18d ago Jun 5th, 2026	Sublime Security	Credential Phishing Free file host Image as content Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis
Service abuse: Linode Objects HTML file hosting	18d ago Jun 5th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Free file host Evasion URL analysis Content analysis
Service abuse: Citrix ShareFile impersonation via Outlook plugin	18d ago Jun 5th, 2026	Sublime Security	BEC/Fraud Credential Phishing Free file host Social engineering File analysis Content analysis
Service abuse: Google OAuth with suspicious redirect destination	27d ago May 27th, 2026	Sublime Security	Credential Phishing Evasion Free file host Free subdomain host Open redirect Social engineering URL analysis Threat intelligence
Service abuse: Square marketing with suspicious QR code	28d ago May 26th, 2026	Sublime Security	Credential Phishing QR code Free file host Computer Vision QR code analysis Sender analysis URL analysis
Link: Google Cloud Storage with suspicious URL pattern	28d ago May 26th, 2026	Sublime Security	Credential Phishing Free file host Evasion URL analysis
Link: Google Cloud Storage impersonating with googledrive in URL path	28d ago May 26th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Free file host URL analysis
Cloud storage impersonation with credential theft indicators	1mo ago May 12th, 2026	Sublime Security	Credential Phishing Free file host Image as content Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis
Service abuse: Dropbox Paper with copy-paste instructions	1mo ago May 7th, 2026	Sublime Security	Credential Phishing Social engineering Free file host Evasion Content analysis URL analysis
Link: Google Calendar invite linking to an open redirect from an untrusted freemail sender	1mo ago Apr 28th, 2026	Sublime Security	Spam Free email provider Free file host ICS Phishing Open redirect Social engineering Content analysis Sender analysis URL analysis
Attachment: ICS file with AWS Lambda URL	1mo ago Apr 28th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Evasion Free file host ICS Phishing Content analysis File analysis URL analysis
Attachment: Calendar invite with suspicious link leading to an open redirect	1mo ago Apr 28th, 2026	Sublime Security	Spam Free email provider Free file host Free subdomain host ICS Phishing Open redirect Content analysis URL analysis
Link: Tax document lure Portuguese/Spanish with suspicious domains	2mo ago Apr 14th, 2026	Sublime Security	BEC/Fraud Credential Phishing Malware/Ransomware Free file host Free subdomain host Social engineering Content analysis URL analysis Whois
Service abuse: GitHub notification with excessive mentions and suspicious links	2mo ago Apr 7th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Free file host Free subdomain host Social engineering Header analysis URL analysis Sender analysis Whois
Link: Personalized URL with recipient address on commonly abused web service	2mo ago Apr 1st, 2026	Sublime Security	Credential Phishing Malware/Ransomware Free file host Social engineering URL analysis Header analysis