Attack Type: Malware/Ransomware

Malware and Ransomware attacks are designed to infect your system through things like fake invoices, password-protected attachments, or files disguised as routine business documents. Once opened, they quietly install malicious software that can steal data, encrypt files, or open the door for more serious threats.
You might see things like macro-enabled Office documents, HTML attachments, or ZIP files that require a password. These are tricks to get around email filters and convince you to interact. Once the malware runs, it can connect to attacker-controlled servers, spread across your network, and even bring in more payloads.
Ransomware is especially damaging. It locks up your files and demands a payment—usually in cryptocurrency—to get them back. Some attackers also steal data and threaten to leak it if the ransom isn’t paid, a tactic known as double extortion. The impact can be severe, including downtime, lost data, financial loss, and reputational damage.
Blog Posts
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Detecting malicious AnonymousFox email messages sent from compromised sites · Blog · Sublime Security
Detecting malicious AnonymousFox email messages sent from compromised sites · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Scripting Vector Grifts: SVG phishing with smuggled JS and adversary in the middle tactics · Blog · Sublime Security
Scripting Vector Grifts: SVG phishing with smuggled JS and adversary in the middle tactics · Blog · Sublime Security
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques · Blog · Sublime Security
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
Detecting QakBot: WSF attachments, OneNote files, and generic attack surface reduction · Blog · Sublime Security
Detecting QakBot: WSF attachments, OneNote files, and generic attack surface reduction · Blog · Sublime Security
Tactics & Techniques (24):
Impersonation: Brand
Social engineering
Encryption
Evasion
HTML smuggling
Scripting
LNK
Free email provider
Impersonation: Employee
Spoofing
Open redirect
Image as content
Free file host
Free subdomain host
Exploit
QR code
Macros
PDF
Out of band pivot
IPFS
OneNote
Lookalike domain
Punycode
ISO
Detection Methods (20):
Content analysis
Header analysis
URL analysis
Computer Vision
Archive analysis
File analysis
Javascript analysis
HTML analysis
OLE analysis
Sender analysis
YARA
Natural Language Understanding
QR code analysis
Optical Character Recognition
URL screenshot
XML analysis
Macro analysis
Whois
Exif analysis
Threat intelligence
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Brand impersonation: Google Drive fake file share
6h ago
Dec 4th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Impersonation: Brand
Social engineering
Content analysis
Header analysis
URL analysis
Computer Vision
/feeds/core/detection-rules/brand-impersonation-google-drive-fake-file-share-b424a941
Attachment: HTML smuggling with ROT13
3d ago
Dec 2nd, 2025
@Kyle_Parrish_
Credential Phishing
Malware/Ransomware
Encryption
Evasion
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
Javascript analysis
HTML analysis
/feeds/core/detection-rules/attachment-html-smuggling-with-rot13-6eacc4cf
Brand impersonation: Sharepoint fake file share
3d ago
Dec 2nd, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Impersonation: Brand
Social engineering
Content analysis
Header analysis
URL analysis
Computer Vision
/feeds/core/detection-rules/brand-impersonation-sharepoint-fake-file-share-ff8b296b
Attachment: Encrypted zip file with payment-related lure
10d ago
Nov 25th, 2025
Sublime Security
BEC/Fraud
Malware/Ransomware
Encryption
Evasion
Social engineering
Archive analysis
Content analysis
File analysis
/feeds/core/detection-rules/attachment-encrypted-zip-file-with-payment-related-lure-5d1eb7af
Attachment: OLE external relationship containing file scheme link to executable filetype
11d ago
Nov 24th, 2025
Sublime Security
Malware/Ransomware
Evasion
Archive analysis
Content analysis
OLE analysis
Sender analysis
/feeds/core/detection-rules/attachment-ole-external-relationship-containing-file-scheme-link-to-executable-filetype-33bf6fd4
Attachment: HTML smuggling with base64 encoded ZIP file
15d ago
Nov 20th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
Javascript analysis
/feeds/core/detection-rules/attachment-html-smuggling-with-base64-encoded-zip-file-47e388de
Link to auto-download of a suspicious file type (unsolicited)
17d ago
Nov 18th, 2025
Sublime Security
Malware/Ransomware
Encryption
Evasion
LNK
Social engineering
Archive analysis
File analysis
Sender analysis
URL analysis
YARA
/feeds/core/detection-rules/link-to-auto-download-of-a-suspicious-file-type-unsolicited-67ae2152
Link: GoPhish default rid value
23d ago
Nov 12th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
URL analysis
/feeds/core/detection-rules/link-gophish-default-rid-value-6d2b9c8a
VIP Impersonation via Google Group relay with suspicious indicators
23d ago
Nov 12th, 2025
Sublime Security
BEC/Fraud
Credential Phishing
Malware/Ransomware
Evasion
Free email provider
Impersonation: Employee
Social engineering
Spoofing
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/vip-impersonation-via-google-group-relay-with-suspicious-indicators-57f9cd3b
Attachment: 7z Archive Containing RAR File
27d ago
Nov 8th, 2025
Sublime Security
Malware/Ransomware
Evasion
Archive analysis
File analysis
/feeds/core/detection-rules/attachment-7z-archive-containing-rar-file-1a629bb4
Brand impersonation: Paperless Post
29d ago
Nov 6th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Impersonation: Brand
Content analysis
Header analysis
HTML analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/brand-impersonation-paperless-post-e9ec5e09
Headers: Outlook Express mailer
29d ago
Nov 6th, 2025
Sublime Security
BEC/Fraud
Credential Phishing
Malware/Ransomware
Evasion
Spoofing
Header analysis
/feeds/core/detection-rules/headers-outlook-express-mailer-b7a698de
Attachment: EML with Encrypted ZIP
1mo ago
Nov 4th, 2025
Sublime Security
Malware/Ransomware
Encryption
Evasion
Archive analysis
File analysis
YARA
/feeds/core/detection-rules/attachment-eml-with-encrypted-zip-6897a8f7
Attachment: HTML smuggling with atob and high entropy
1mo ago
Nov 4th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
Javascript analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-03fcac11
HTML smuggling containing recipient email address
1mo ago
Nov 4th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
Scripting
Archive analysis
File analysis
Sender analysis
/feeds/core/detection-rules/html-smuggling-containing-recipient-email-address-af32ff2f
Attachment: HTML file with excessive 'const' declarations and abnormally long timeouts
1mo ago
Nov 3rd, 2025
Sublime Security
Malware/Ransomware
Credential Phishing
HTML smuggling
Scripting
Evasion
HTML analysis
File analysis
Content analysis
/feeds/core/detection-rules/attachment-html-file-with-excessive-const-declarations-and-abnormally-long-timeouts-66f8a07a
Link: Multiple HTTP protocols in single URL
1mo ago
Oct 30th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Content analysis
URL analysis
/feeds/core/detection-rules/link-multiple-http-protocols-in-single-url-92f9d241
Attachment: Any .sap file (unsolicited)
1mo ago
Oct 27th, 2025
Sublime Security
Malware/Ransomware
Evasion
Scripting
File analysis
Header analysis
Sender analysis
/feeds/core/detection-rules/attachment-any-sap-file-unsolicited-220ed3de
Link: Apple App Store malicious ad manager themed apps from free email provider
1mo ago
Oct 17th, 2025
Sublime Security
Credential Phishing
BEC/Fraud
Malware/Ransomware
Free email provider
Social engineering
Evasion
Content analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/link-apple-app-store-malicious-ad-manager-themed-apps-from-free-email-provider-9ce402c6
QR code to auto-download of a suspicious file type (unsolicited)
1mo ago
Oct 17th, 2025
Sublime Security
Malware/Ransomware
Evasion
LNK
Social engineering
Archive analysis
File analysis
Sender analysis
URL analysis
QR code analysis
/feeds/core/detection-rules/qr-code-to-auto-download-of-a-suspicious-file-type-unsolicited-eed87ea2
Page 1 of 13