- Malware/Ransomware
Attack Type: Malware/Ransomware
Malware and Ransomware attacks are designed to infect your system through things like fake invoices, password-protected attachments, or files disguised as routine business documents. Once opened, they quietly install malicious software that can steal data, encrypt files, or open the door for more serious threats.
You might see things like macro-enabled Office documents, HTML attachments, or ZIP files that require a password. These are tricks to get around email filters and convince you to interact. Once the malware runs, it can connect to attacker-controlled servers, spread across your network, and even bring in more payloads.
Ransomware is especially damaging. It locks up your files and demands a payment—usually in cryptocurrency—to get them back. Some attackers also steal data and threaten to leak it if the ransom isn’t paid, a tactic known as double extortion. The impact can be severe, including downtime, lost data, financial loss, and reputational damage.
Blog Posts
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits
Detecting malicious AnonymousFox email messages sent from compromised sites
Abusing Discord to deliver Agent Tesla malware
Scripting Vector Grifts: SVG phishing with smuggled JS and adversary in the middle tactics
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques
QR Code Phishing: Decoding Hidden Threats
Detecting QakBot: WSF attachments, OneNote files, and generic attack surface reduction
Tactics & Techniques (11):
Detection Methods (14):
Rule Name & Severity | Last Updated | Author | Types, Tactics & Capabilities | |
|---|---|---|---|---|
Link: Direct Link to keap.app contact-us page | 5h ago May 23rd, 2025 | Sublime Security | /feeds/core/detection-rules/link-direct-link-to-keapapp-contact-us-page-a7a69267 | |
Vendor Compromise: GovDelivery Message With Suspicious Link | 8d ago May 15th, 2025 | Sublime Security | /feeds/core/detection-rules/vendor-compromise-govdelivery-message-with-suspicious-link-0d2d5172 | |
Link: ScreenConnect Installer With Suspicious Relay Domain | 21d ago May 2nd, 2025 | Sublime Security | /feeds/core/detection-rules/link-screenconnect-installer-with-suspicious-relay-domain-37d21eef | |
Link: Direct Link to gamma.app Presentation in Present Mode | 23d ago Apr 30th, 2025 | Sublime Security | /feeds/core/detection-rules/link-direct-link-to-gammaapp-presentation-in-present-mode-080ab581 | |
Open Redirect: business.google.com website_shared URL Param | 25d ago Apr 28th, 2025 | Sublime Security | /feeds/core/detection-rules/open-redirect-businessgooglecom-websiteshared-url-param-f146be73 | |
Attachment: Web Files With Suspicious Comments | 25d ago Apr 28th, 2025 | Sublime Security | /feeds/core/detection-rules/attachment-web-files-with-suspicious-comments-93061d17 | |
Open Redirect: adnxs.com | 25d ago Apr 28th, 2025 | Sublime Security | /feeds/core/detection-rules/open-redirect-adnxscom-7fc92916 | |
Attachment: OLE external relationship containing file scheme link to executable filetype | 1mo ago Apr 17th, 2025 | Sublime Security | /feeds/core/detection-rules/attachment-ole-external-relationship-containing-file-scheme-link-to-executable-filetype-33bf6fd4 | |
Attachment: EML with Embedded Javascript in SVG File | 1mo ago Apr 17th, 2025 | Sublime Security | /feeds/core/detection-rules/attachment-eml-with-embedded-javascript-in-svg-file-dfafb78f | |
Attachment: Embedded Javascript in SVG file | 1mo ago Apr 17th, 2025 | Sublime Security | /feeds/core/detection-rules/attachment-embedded-javascript-in-svg-file-f70293bc | |
Open redirect: Linkedin | 1mo ago Apr 15th, 2025 | @xNymia | /feeds/core/detection-rules/open-redirect-linkedin-5ad2ffae | |
Attachment: Fake attachment image lure | 1mo ago Apr 11th, 2025 | Sublime Security | /feeds/core/detection-rules/attachment-fake-attachment-image-lure-96b8b285 | |
Brand Impersonation: Vanguard | 1mo ago Apr 11th, 2025 | Sublime Security | /feeds/core/detection-rules/brand-impersonation-vanguard-3bd048fe | |
Open Redirect: whitefox.pl | 1mo ago Apr 2nd, 2025 | Sublime Security | /feeds/core/detection-rules/open-redirect-whitefoxpl-18b74a2a | |
HTML smuggling containing recipient email address | 1mo ago Apr 1st, 2025 | Sublime Security | /feeds/core/detection-rules/html-smuggling-containing-recipient-email-address-af32ff2f | |
Attachment: EML file with HTML attachment (unsolicited) | 1mo ago Mar 28th, 2025 | Sublime Security | /feeds/core/detection-rules/attachment-eml-file-with-html-attachment-unsolicited-c24fd191 | |
Brand impersonation: Google Drive fake file share | 2mo ago Mar 21st, 2025 | Sublime Security | /feeds/core/detection-rules/brand-impersonation-google-drive-fake-file-share-b424a941 | |
Open Redirect: labcluster.com | 2mo ago Mar 20th, 2025 | Sublime Security | /feeds/core/detection-rules/open-redirect-labclustercom-d4a65b59 | |
Open Redirect: tkqlhce.com | 2mo ago Mar 20th, 2025 | Sublime Security | /feeds/core/detection-rules/open-redirect-tkqlhcecom-44eef073 | |
Open Redirect: eaoko.org | 2mo ago Mar 18th, 2025 | Sublime Security | /feeds/core/detection-rules/open-redirect-eaokoorg-f8fd9912 |