Sublime Security

Sublime Core Feed
Free file host
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Tactic or Technique: Free file host
Phishing attacks often use trusted file-sharing platforms like Google Drive, OneDrive, or Dropbox to deliver malicious content. Instead of attaching malware directly to an email, they send a link to a hosted file that contains a phishing page, ransomware, or another type of malicious payload.
Because these services are widely used and trusted, the links don’t always look suspicious—and many security tools allow them by default. Encrypted connections make it harder to inspect the content, and the familiar branding gives the message an added layer of credibility.
This tactic is effective because it blends in with everyday workflows. A file share link feels normal, especially if it’s framed as a contract, invoice, or shared HR document. That’s why it often gets past both technical defenses and human intuition. Without cloud-aware security controls or strong user training, it’s easy for one click to lead to compromise.
Blog Posts
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Living Off the Land: Callback Phishing via Docusign comment · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Attack Types (6):
BEC/Fraud
Credential Phishing
Malware/Ransomware
Callback Phishing
Spam
Extortion
Detection Methods (15):
Content analysis
URL analysis
Whois
Computer Vision
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
File analysis
Exif analysis
Threat intelligence
Archive analysis
URL screenshot
HTML analysis
Javascript analysis
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Link: Tax document lure Portuguese/Spanish with suspicious domains
6d ago
Apr 14th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Malware/Ransomware
Free file host
Free subdomain host
Social engineering
Content analysis
URL analysis
Whois
BEC/Fraud
Credential Phishing
Malware/Ransomware
Free file host
Free subdomain host
Social engineering
Content analysis
URL analysis
Whois
Cloud storage impersonation with credential theft indicators
11d ago
Apr 9th, 2026
Sublime Security
Credential Phishing
Free file host
Image as content
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
Credential Phishing
Free file host
Image as content
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
Service abuse: GitHub notification with excessive mentions and suspicious links
13d ago
Apr 7th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Free file host
Free subdomain host
Social engineering
Header analysis
URL analysis
Sender analysis
Whois
Credential Phishing
Malware/Ransomware
Free file host
Free subdomain host
Social engineering
Header analysis
URL analysis
Sender analysis
Whois
Link: Personalized URL with recipient address on commonly abused web service
19d ago
Apr 1st, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Free file host
Social engineering
URL analysis
Header analysis
Credential Phishing
Malware/Ransomware
Free file host
Social engineering
URL analysis
Header analysis
Attachment: ICS file with AWS Lambda URL
19d ago
Apr 1st, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Free file host
Content analysis
File analysis
URL analysis
Credential Phishing
Malware/Ransomware
Evasion
Free file host
Content analysis
File analysis
URL analysis
Service abuse: Behance document sharing with suspicious language
24d ago
Mar 27th, 2026
Sublime Security
Credential Phishing
Free file host
Social engineering
Content analysis
URL analysis
Credential Phishing
Free file host
Social engineering
Content analysis
URL analysis
Attachment: PDF bid/proposal lure with credential theft indicators
24d ago
Mar 27th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
PDF
Social engineering
Free file host
Free subdomain host
File analysis
Content analysis
Optical Character Recognition
Natural Language Understanding
URL analysis
Exif analysis
BEC/Fraud
Credential Phishing
PDF
Social engineering
Free file host
Free subdomain host
File analysis
Content analysis
Optical Character Recognition
Natural Language Understanding
URL analysis
Exif analysis
Link: Financial account issue with suspicious indicators
27d ago
Mar 24th, 2026
Sublime Security
Credential Phishing
Free file host
Free subdomain host
Social engineering
Content analysis
Natural Language Understanding
URL analysis
Whois
Credential Phishing
Free file host
Free subdomain host
Social engineering
Content analysis
Natural Language Understanding
URL analysis
Whois
Link: Free file hosting with undisclosed recipients
1mo ago
Mar 19th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Free file host
Free subdomain host
Evasion
Header analysis
URL analysis
Sender analysis
Natural Language Understanding
Credential Phishing
Malware/Ransomware
Free file host
Free subdomain host
Evasion
Header analysis
URL analysis
Sender analysis
Natural Language Understanding
Link: Suspicious SharePoint document name
1mo ago
Mar 17th, 2026
Sublime Security
Credential Phishing
Free file host
Evasion
Content analysis
Credential Phishing
Free file host
Evasion
Content analysis
Service abuse: Google OAuth with suspicious redirect destination
1mo ago
Mar 12th, 2026
Sublime Security
Credential Phishing
Evasion
Free file host
Free subdomain host
Open redirect
Social engineering
URL analysis
Threat intelligence
Credential Phishing
Evasion
Free file host
Free subdomain host
Open redirect
Social engineering
URL analysis
Threat intelligence
Link: Commonly Abused Web Service redirecting to ZIP file
1mo ago
Mar 10th, 2026
Sublime Security
Malware/Ransomware
Free file host
Free subdomain host
Open redirect
Evasion
URL analysis
Whois
Archive analysis
Malware/Ransomware
Free file host
Free subdomain host
Open redirect
Evasion
URL analysis
Whois
Archive analysis
Link: Figma design deck with credential theft language
1mo ago
Mar 4th, 2026
Sublime Security
Credential Phishing
Evasion
Free file host
Social engineering
Natural Language Understanding
Computer Vision
Optical Character Recognition
URL analysis
URL screenshot
Sender analysis
Credential Phishing
Evasion
Free file host
Social engineering
Natural Language Understanding
Computer Vision
Optical Character Recognition
URL analysis
URL screenshot
Sender analysis
Service abuse: DocSend share from an unsolicited reply-to address
1mo ago
Mar 4th, 2026
Sublime Security
Credential Phishing
Evasion
Free file host
Social engineering
Content analysis
Header analysis
Sender analysis
Credential Phishing
Evasion
Free file host
Social engineering
Content analysis
Header analysis
Sender analysis
Link: SharePoint OneNote or PDF link with self sender behavior
1mo ago
Feb 27th, 2026
Sublime Security
Credential Phishing
Evasion
Free file host
OneNote
PDF
Header analysis
URL analysis
Sender analysis
Credential Phishing
Evasion
Free file host
OneNote
PDF
Header analysis
URL analysis
Sender analysis
Link: Multistage landing - ClickUp abuse
1mo ago
Feb 27th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Free file host
Free subdomain host
Open redirect
URL analysis
Whois
Content analysis
Credential Phishing
Malware/Ransomware
Evasion
Free file host
Free subdomain host
Open redirect
URL analysis
Whois
Content analysis
Attachment: PDF with multistage landing - ClickUp abuse
1mo ago
Feb 27th, 2026
Sublime Security
Credential Phishing
Evasion
Free file host
Free subdomain host
PDF
Social engineering
File analysis
URL analysis
Whois
Credential Phishing
Evasion
Free file host
Free subdomain host
PDF
Social engineering
File analysis
URL analysis
Whois
Link: URL redirecting to blob URL
1mo ago
Feb 24th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Free file host
Open redirect
Sender analysis
URL analysis
Threat intelligence
Credential Phishing
Malware/Ransomware
Evasion
Free file host
Open redirect
Sender analysis
URL analysis
Threat intelligence
File sharing link with a suspicious subject
2mo ago
Feb 17th, 2026
Sublime Security
BEC/Fraud
Free file host
Social engineering
Header analysis
Sender analysis
URL analysis
BEC/Fraud
Free file host
Social engineering
Header analysis
Sender analysis
URL analysis
File sharing link from suspicious sender domain
2mo ago
Feb 13th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Free file host
Sender analysis
URL analysis
Credential Phishing
Malware/Ransomware
Free file host
Sender analysis
URL analysis
Page 1 of 5

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Link: Tax document lure Portuguese/Spanish with suspicious domains	6d ago Apr 14th, 2026	Sublime Security	BEC/Fraud Credential Phishing Malware/Ransomware Free file host Free subdomain host Social engineering Content analysis URL analysis Whois
Cloud storage impersonation with credential theft indicators	11d ago Apr 9th, 2026	Sublime Security	Credential Phishing Free file host Image as content Impersonation: Brand Social engineering Computer Vision Content analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis
Service abuse: GitHub notification with excessive mentions and suspicious links	13d ago Apr 7th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Free file host Free subdomain host Social engineering Header analysis URL analysis Sender analysis Whois
Link: Personalized URL with recipient address on commonly abused web service	19d ago Apr 1st, 2026	Sublime Security	Credential Phishing Malware/Ransomware Free file host Social engineering URL analysis Header analysis
Attachment: ICS file with AWS Lambda URL	19d ago Apr 1st, 2026	Sublime Security	Credential Phishing Malware/Ransomware Evasion Free file host Content analysis File analysis URL analysis
Service abuse: Behance document sharing with suspicious language	24d ago Mar 27th, 2026	Sublime Security	Credential Phishing Free file host Social engineering Content analysis URL analysis
Attachment: PDF bid/proposal lure with credential theft indicators	24d ago Mar 27th, 2026	Sublime Security	BEC/Fraud Credential Phishing PDF Social engineering Free file host Free subdomain host File analysis Content analysis Optical Character Recognition Natural Language Understanding URL analysis Exif analysis
Link: Financial account issue with suspicious indicators	27d ago Mar 24th, 2026	Sublime Security	Credential Phishing Free file host Free subdomain host Social engineering Content analysis Natural Language Understanding URL analysis Whois
Link: Free file hosting with undisclosed recipients	1mo ago Mar 19th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Free file host Free subdomain host Evasion Header analysis URL analysis Sender analysis Natural Language Understanding
Link: Suspicious SharePoint document name	1mo ago Mar 17th, 2026	Sublime Security	Credential Phishing Free file host Evasion Content analysis
Service abuse: Google OAuth with suspicious redirect destination	1mo ago Mar 12th, 2026	Sublime Security	Credential Phishing Evasion Free file host Free subdomain host Open redirect Social engineering URL analysis Threat intelligence
Link: Commonly Abused Web Service redirecting to ZIP file	1mo ago Mar 10th, 2026	Sublime Security	Malware/Ransomware Free file host Free subdomain host Open redirect Evasion URL analysis Whois Archive analysis
Link: Figma design deck with credential theft language	1mo ago Mar 4th, 2026	Sublime Security	Credential Phishing Evasion Free file host Social engineering Natural Language Understanding Computer Vision Optical Character Recognition URL analysis URL screenshot Sender analysis
Service abuse: DocSend share from an unsolicited reply-to address	1mo ago Mar 4th, 2026	Sublime Security	Credential Phishing Evasion Free file host Social engineering Content analysis Header analysis Sender analysis
Link: SharePoint OneNote or PDF link with self sender behavior	1mo ago Feb 27th, 2026	Sublime Security	Credential Phishing Evasion Free file host OneNote PDF Header analysis URL analysis Sender analysis
Link: Multistage landing - ClickUp abuse	1mo ago Feb 27th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Evasion Free file host Free subdomain host Open redirect URL analysis Whois Content analysis
Attachment: PDF with multistage landing - ClickUp abuse	1mo ago Feb 27th, 2026	Sublime Security	Credential Phishing Evasion Free file host Free subdomain host PDF Social engineering File analysis URL analysis Whois
Link: URL redirecting to blob URL	1mo ago Feb 24th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Evasion Free file host Open redirect Sender analysis URL analysis Threat intelligence
File sharing link with a suspicious subject	2mo ago Feb 17th, 2026	Sublime Security	BEC/Fraud Free file host Social engineering Header analysis Sender analysis URL analysis
File sharing link from suspicious sender domain	2mo ago Feb 13th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Free file host Sender analysis URL analysis