Sublime Security

Sublime Core Feed
PDF
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
ICS Phishing
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Tactic or Technique: PDF
Attackers use PDF files to deliver malicious content in a format that most people see as safe. These files often appear to be invoices, contracts, or notifications and can include embedded JavaScript, links, or QR codes that lead to phishing sites or malware downloads.
One common example is a fake DocuSign PDF that asks you to scan a QR code or click a link to view a document. The moment you interact, you're taken to a phishing site designed to steal your credentials or deliver malware.
Because PDFs are trusted and can difficult to inspect, they give attackers a way to hide dangerous content behind a familiar format. That trust, combined with limited scanning by some security tools, gives malicious PDFs a clear path into inboxes and environments.
Blog Posts
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Callback phishing via invoice abuse and distribution list relays · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Fake invoice used to conduct $16,800 BEC attempt · Blog · Sublime Security
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Detecting QakBot: WSF attachments, OneNote files, and generic attack surface reduction · Blog · Sublime Security
Attack Types (6):
Credential Phishing
Malware/Ransomware
BEC/Fraud
Callback Phishing
Extortion
Spam
Detection Methods (17):
Content analysis
File analysis
URL analysis
Exif analysis
Threat Intelligence
Natural Language Understanding
Sender analysis
YARA
QR code analysis
Optical Character Recognition
Computer Vision
URL screenshot
Header analysis
Whois
Archive analysis
HTML analysis
Threat intelligence
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Attachment: PDF with a suspicious string and single URL
6d ago
Jun 17th, 2026
Sublime Security
Credential Phishing
PDF
Social engineering
Evasion
Content analysis
File analysis
URL analysis
Exif analysis
Credential Phishing
PDF
Social engineering
Evasion
Content analysis
File analysis
URL analysis
Exif analysis
Attachment: PDF Object Hash associated with fake Canada Revenue Agency documents
6d ago
Jun 17th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
PDF
Evasion
File analysis
Threat intelligence
Credential Phishing
Malware/Ransomware
PDF
Evasion
File analysis
Threat intelligence
Attachment: Encrypted PDF with credential theft body
6d ago
Jun 17th, 2026
Sublime Security
Credential Phishing
Encryption
Evasion
PDF
Social engineering
Content analysis
Exif analysis
File analysis
Natural Language Understanding
Sender analysis
Credential Phishing
Encryption
Evasion
PDF
Social engineering
Content analysis
Exif analysis
File analysis
Natural Language Understanding
Sender analysis
Attachment: PDF file with recipient domain and ATT eCheckRun pattern
7d ago
Jun 16th, 2026
Sublime Security
BEC/Fraud
PDF
Social engineering
File analysis
Content analysis
BEC/Fraud
PDF
Social engineering
File analysis
Content analysis
Attachment: Fake PDF Invoices Yara
7d ago
Jun 16th, 2026
Sublime Security
Malware/Ransomware
Credential Phishing
PDF
Social engineering
Content analysis
File analysis
YARA
Malware/Ransomware
Credential Phishing
PDF
Social engineering
Content analysis
File analysis
YARA
Attachment: PDF with recipient email in link
13d ago
Jun 10th, 2026
Sublime Security
Credential Phishing
PDF
QR code
Encryption
Social engineering
File analysis
QR code analysis
URL analysis
Credential Phishing
PDF
QR code
Encryption
Social engineering
File analysis
QR code analysis
URL analysis
Attachment: PDF with QR code containing recipient-specific credential theft content
13d ago
Jun 10th, 2026
Sublime Security
Credential Phishing
PDF
QR code
Social engineering
File analysis
Natural Language Understanding
QR code analysis
Content analysis
Credential Phishing
PDF
QR code
Social engineering
File analysis
Natural Language Understanding
QR code analysis
Content analysis
Attachment: PDF with self-service platform links with self sender or blank recipients
13d ago
Jun 10th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
PDF
Evasion
Free file host
File analysis
Exif analysis
URL analysis
Sender analysis
BEC/Fraud
Credential Phishing
PDF
Evasion
Free file host
File analysis
Exif analysis
URL analysis
Sender analysis
Attachment: PDF with fake invoice using suspicious font sizing
14d ago
Jun 9th, 2026
Sublime Security
BEC/Fraud
Callback Phishing
PDF
Social engineering
File analysis
YARA
Content analysis
BEC/Fraud
Callback Phishing
PDF
Social engineering
File analysis
YARA
Content analysis
Attachment: Encrypted PDF With Credential Harvesting Indicators
18d ago
Jun 5th, 2026
Sublime Security
Credential Phishing
Encryption
Evasion
PDF
File analysis
YARA
Credential Phishing
Encryption
Evasion
PDF
File analysis
YARA
Attachment: PDF with blurry lure image
18d ago
Jun 5th, 2026
Sublime Security
Credential Phishing
PDF
File analysis
YARA
Credential Phishing
PDF
File analysis
YARA
Attachment: Canva PDF with susupicious author metadata
18d ago
Jun 5th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Free email provider
PDF
Exif analysis
File analysis
BEC/Fraud
Credential Phishing
Free email provider
PDF
Exif analysis
File analysis
Attachment: PDF with eCheckRun lures
18d ago
Jun 5th, 2026
Sublime Security
Credential Phishing
PDF
File analysis
YARA
Credential Phishing
PDF
File analysis
YARA
Attachment: PDF Object Hash with Blue File Icon
18d ago
Jun 5th, 2026
Sublime Security
Malware/Ransomware
PDF
Evasion
File analysis
Malware/Ransomware
PDF
Evasion
File analysis
Attachment: Callback phishing solicitation via pdf file
18d ago
Jun 5th, 2026
Sublime Security
Callback Phishing
Evasion
Free email provider
Out of band pivot
PDF
Social engineering
Exif analysis
File analysis
Optical Character Recognition
Sender analysis
Callback Phishing
Evasion
Free email provider
Out of band pivot
PDF
Social engineering
Exif analysis
File analysis
Optical Character Recognition
Sender analysis
Link: PDF file disguised as HTML page
18d ago
Jun 5th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
PDF
URL analysis
Content analysis
Credential Phishing
Malware/Ransomware
Evasion
PDF
URL analysis
Content analysis
Attachment: PDF Attachment with links to workers.dev
19d ago
Jun 4th, 2026
Sublime Security
Credential Phishing
PDF
Free subdomain host
Evasion
File analysis
Exif analysis
URL analysis
Credential Phishing
PDF
Free subdomain host
Evasion
File analysis
Exif analysis
URL analysis
Attachment: Adobe Sign lure PDF with embedded banner images
20d ago
Jun 3rd, 2026
Sublime Security
Credential Phishing
PDF
Impersonation: Brand
File analysis
YARA
Credential Phishing
PDF
Impersonation: Brand
File analysis
YARA
Attachment: Microsoft OAuth credential harvesting via EML with embedded malicious links
22d ago
Jun 1st, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Evasion
PDF
File analysis
URL analysis
Content analysis
Credential Phishing
Impersonation: Brand
Evasion
PDF
File analysis
URL analysis
Content analysis
Brand impersonation: Adobe Acrobat Sign PDF phishing file format template
22d ago
Jun 1st, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
PDF
Computer Vision
Optical Character Recognition
File analysis
Credential Phishing
Impersonation: Brand
PDF
Computer Vision
Optical Character Recognition
File analysis
Page 1 of 5

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Attachment: PDF with a suspicious string and single URL	6d ago Jun 17th, 2026	Sublime Security	Credential Phishing PDF Social engineering Evasion Content analysis File analysis URL analysis Exif analysis
Attachment: PDF Object Hash associated with fake Canada Revenue Agency documents	6d ago Jun 17th, 2026	Sublime Security	Credential Phishing Malware/Ransomware PDF Evasion File analysis Threat intelligence
Attachment: Encrypted PDF with credential theft body	6d ago Jun 17th, 2026	Sublime Security	Credential Phishing Encryption Evasion PDF Social engineering Content analysis Exif analysis File analysis Natural Language Understanding Sender analysis
Attachment: PDF file with recipient domain and ATT eCheckRun pattern	7d ago Jun 16th, 2026	Sublime Security	BEC/Fraud PDF Social engineering File analysis Content analysis
Attachment: Fake PDF Invoices Yara	7d ago Jun 16th, 2026	Sublime Security	Malware/Ransomware Credential Phishing PDF Social engineering Content analysis File analysis YARA
Attachment: PDF with recipient email in link	13d ago Jun 10th, 2026	Sublime Security	Credential Phishing PDF QR code Encryption Social engineering File analysis QR code analysis URL analysis
Attachment: PDF with QR code containing recipient-specific credential theft content	13d ago Jun 10th, 2026	Sublime Security	Credential Phishing PDF QR code Social engineering File analysis Natural Language Understanding QR code analysis Content analysis
Attachment: PDF with self-service platform links with self sender or blank recipients	13d ago Jun 10th, 2026	Sublime Security	BEC/Fraud Credential Phishing PDF Evasion Free file host File analysis Exif analysis URL analysis Sender analysis
Attachment: PDF with fake invoice using suspicious font sizing	14d ago Jun 9th, 2026	Sublime Security	BEC/Fraud Callback Phishing PDF Social engineering File analysis YARA Content analysis
Attachment: Encrypted PDF With Credential Harvesting Indicators	18d ago Jun 5th, 2026	Sublime Security	Credential Phishing Encryption Evasion PDF File analysis YARA
Attachment: PDF with blurry lure image	18d ago Jun 5th, 2026	Sublime Security	Credential Phishing PDF File analysis YARA
Attachment: Canva PDF with susupicious author metadata	18d ago Jun 5th, 2026	Sublime Security	BEC/Fraud Credential Phishing Free email provider PDF Exif analysis File analysis
Attachment: PDF with eCheckRun lures	18d ago Jun 5th, 2026	Sublime Security	Credential Phishing PDF File analysis YARA
Attachment: PDF Object Hash with Blue File Icon	18d ago Jun 5th, 2026	Sublime Security	Malware/Ransomware PDF Evasion File analysis
Attachment: Callback phishing solicitation via pdf file	18d ago Jun 5th, 2026	Sublime Security	Callback Phishing Evasion Free email provider Out of band pivot PDF Social engineering Exif analysis File analysis Optical Character Recognition Sender analysis
Link: PDF file disguised as HTML page	18d ago Jun 5th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Evasion PDF URL analysis Content analysis
Attachment: PDF Attachment with links to workers.dev	19d ago Jun 4th, 2026	Sublime Security	Credential Phishing PDF Free subdomain host Evasion File analysis Exif analysis URL analysis
Attachment: Adobe Sign lure PDF with embedded banner images	20d ago Jun 3rd, 2026	Sublime Security	Credential Phishing PDF Impersonation: Brand File analysis YARA
Attachment: Microsoft OAuth credential harvesting via EML with embedded malicious links	22d ago Jun 1st, 2026	Sublime Security	Credential Phishing Impersonation: Brand Evasion PDF File analysis URL analysis Content analysis
Brand impersonation: Adobe Acrobat Sign PDF phishing file format template	22d ago Jun 1st, 2026	Sublime Security	Credential Phishing Impersonation: Brand PDF Computer Vision Optical Character Recognition File analysis