- Malware/Ransomware
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Attack Type: Malware/Ransomware
Malware and Ransomware attacks are designed to infect your system through things like fake invoices, password-protected attachments, or files disguised as routine business documents. Once opened, they quietly install malicious software that can steal data, encrypt files, or open the door for more serious threats.
You might see things like macro-enabled Office documents, HTML attachments, or ZIP files that require a password. These are tricks to get around email filters and convince you to interact. Once the malware runs, it can connect to attacker-controlled servers, spread across your network, and even bring in more payloads.
Ransomware is especially damaging. It locks up your files and demands a payment—usually in cryptocurrency—to get them back. Some attackers also steal data and threaten to leak it if the ransom isn’t paid, a tactic known as double extortion. The impact can be severe, including downtime, lost data, financial loss, and reputational damage.
Blog Posts
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Detecting malicious AnonymousFox email messages sent from compromised sites · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Scripting Vector Grifts: SVG phishing with smuggled JS and adversary in the middle tactics · Blog · Sublime Security
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
Detecting QakBot: WSF attachments, OneNote files, and generic attack surface reduction · Blog · Sublime Security
Tactics & Techniques (24):
Detection Methods (20):
File analysis
YARA
Exif analysis
URL analysis
Content analysis
Sender analysis
Header analysis
Computer Vision
Archive analysis
Javascript analysis
HTML analysis
QR code analysis
Threat intelligence
OLE analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
XML analysis
Whois
URL screenshot
Rule Name & Severity | Last Updated | Author | Types, Tactics & Capabilities | |
|---|---|---|---|---|
Attachment: Password-protected PDF with fake document indicators | 2d ago Jan 21st, 2026 | Sublime Security | /feeds/core/detection-rules/attachment-password-protected-pdf-with-fake-document-indicators-b45e4440 | |
Link: Excessive URL rewrite encoders | 2d ago Jan 21st, 2026 | Sublime Security | /feeds/core/detection-rules/link-excessive-url-rewrite-encoders-b88e53a7 | |
Link to Google Apps Script macro via comment tagging | 11d ago Jan 12th, 2026 | Sublime Security | /feeds/core/detection-rules/link-to-google-apps-script-macro-via-comment-tagging-66fecd30 | |
Suspicious Links to Cloudflare R2 and Edge Services | 11d ago Jan 12th, 2026 | Sublime Security | /feeds/core/detection-rules/suspicious-links-to-cloudflare-r2-and-edge-services-5dd3e5c8 | |
Open redirect: tkqlhce.com | 11d ago Jan 12th, 2026 | Sublime Security | /feeds/core/detection-rules/open-redirect-tkqlhcecom-44eef073 | |
Brand impersonation: Sharepoint fake file share | 11d ago Jan 12th, 2026 | Sublime Security | /feeds/core/detection-rules/brand-impersonation-sharepoint-fake-file-share-ff8b296b | |
Open redirect: Medium | 11d ago Jan 12th, 2026 | Sublime Security | /feeds/core/detection-rules/open-redirect-medium-18c6aa1b | |
Open redirect: Nested Doubleclick.net | 11d ago Jan 12th, 2026 | Sublime Security | /feeds/core/detection-rules/open-redirect-nested-doubleclicknet-bbed5cc6 | |
Open redirect: obunsha.co.jp | 11d ago Jan 12th, 2026 | Sublime Security | /feeds/core/detection-rules/open-redirect-obunshacojp-e972dacf | |
Open redirect: Panera Bread | 11d ago Jan 12th, 2026 | Sublime Security | /feeds/core/detection-rules/open-redirect-panera-bread-91a726a2 | |
Open redirect: phoenixartstudio.net | 11d ago Jan 12th, 2026 | Sublime Security | /feeds/core/detection-rules/open-redirect-phoenixartstudionet-7b83c3ab | |
Open redirect: PremierBet | 11d ago Jan 12th, 2026 | Sublime Security | /feeds/core/detection-rules/open-redirect-premierbet-0ad17224 | |
Open redirect: qrxtech.com | 11d ago Jan 12th, 2026 | Sublime Security | /feeds/core/detection-rules/open-redirect-qrxtechcom-b790552a | |
Open redirect: radiopublic.com | 11d ago Jan 12th, 2026 | Sublime Security | /feeds/core/detection-rules/open-redirect-radiopubliccom-2cb3f7a0 | |
Open redirect: retailrocket.net | 11d ago Jan 12th, 2026 | Sublime Security | /feeds/core/detection-rules/open-redirect-retailrocketnet-0e00e7cb | |
Open redirect: ringaraja.net | 11d ago Jan 12th, 2026 | Sublime Security | /feeds/core/detection-rules/open-redirect-ringarajanet-4d9594f4 | |
Open redirect: sciencebuddies.org | 11d ago Jan 12th, 2026 | Sublime Security | /feeds/core/detection-rules/open-redirect-sciencebuddiesorg-019317d4 | |
Open redirect: secondstreetapp.com | 11d ago Jan 12th, 2026 | Sublime Security | /feeds/core/detection-rules/open-redirect-secondstreetappcom-6767888d | |
Open redirect: shoppermeet.net | 11d ago Jan 12th, 2026 | Sublime Security | /feeds/core/detection-rules/open-redirect-shoppermeetnet-fe105c91 | |
Open redirect: Slack | 11d ago Jan 12th, 2026 | Sublime Security | /feeds/core/detection-rules/open-redirect-slack-1b15f4a3 |
Page 1 of 14