Tactic or Technique: Scripting

Attackers use scripting languages like JavaScript, VBScript, and PowerShell to run malicious code delivered through phishing emails or compromised websites. These scripts can load hidden content, redirect you to phishing pages, or silently steal data in the background.
To avoid detection, attackers often scramble the code using encryption, compression, or multiple layers of encoding. This makes it harder for both security tools and analysts to understand what the script is doing.
Scripting is flexible and often used to fingerprint your browser, deliver customized payloads, or create a connection to an attacker-controlled server. Once that connection is active, the script can pull down more malware, collect sensitive information, or give an attacker continued access to your device.
Blog Posts
Scripting Vector Grifts: SVG phishing with smuggled JS and adversary in the middle tactics · Blog · Sublime Security
Scripting Vector Grifts: SVG phishing with smuggled JS and adversary in the middle tactics · Blog · Sublime Security
Detecting QakBot: WSF attachments, OneNote files, and generic attack surface reduction · Blog · Sublime Security
Detecting QakBot: WSF attachments, OneNote files, and generic attack surface reduction · Blog · Sublime Security
Attack Types (4):
Credential Phishing
Malware/Ransomware
BEC/Fraud
Spam
Detection Methods (17):
Content analysis
Javascript analysis
URL analysis
Archive analysis
File analysis
Sender analysis
XML analysis
HTML analysis
Macro analysis
OLE analysis
YARA
Exif analysis
Header analysis
Natural Language Understanding
URL screenshot
Whois
Computer Vision
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Link: JavaScript obfuscation with Telegram bot integration
1mo ago
Feb 25th, 2026
Sublime Security
Credential Phishing
Evasion
Scripting
Content analysis
Javascript analysis
URL analysis
Attachment: cmd file extension
1mo ago
Feb 9th, 2026
Sublime Security
Malware/Ransomware
Scripting
Archive analysis
File analysis
Attachment: ICS with embedded Javascript in SVG file
1mo ago
Jan 29th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Scripting
Evasion
File analysis
Javascript analysis
Sender analysis
Attachment: Embedded Javascript in SVG file
2mo ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Scripting
Archive analysis
File analysis
Sender analysis
XML analysis
Attachment: HTML smuggling with ROT13
2mo ago
Jan 12th, 2026
@Kyle_Parrish_
Credential Phishing
Malware/Ransomware
Encryption
Evasion
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
Javascript analysis
HTML analysis
Attachment: Macro with suspected use of COM ShellBrowserWindow object for process creation
2mo ago
Jan 12th, 2026
@ajpc500
Malware/Ransomware
Macros
Scripting
Content analysis
File analysis
Macro analysis
Attachment: .csproj with suspicious commands
2mo ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Evasion
Scripting
File analysis
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability
2mo ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Exploit
Macros
Scripting
Archive analysis
Content analysis
File analysis
Macro analysis
OLE analysis
CVE-2023-5631 - Roundcube Webmail XSS via crafted SVG
2mo ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Evasion
Exploit
HTML smuggling
Scripting
Content analysis
HTML analysis
Sender analysis
Attachment: HTML smuggling with eval and atob via calendar invite
2mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
Scripting
File analysis
HTML analysis
Javascript analysis
Attachment: HTML smuggling with atob and high entropy via calendar invite
2mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
Scripting
File analysis
HTML analysis
Javascript analysis
Sender analysis
Attachment: EML containing a base64 encoded script
2mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Evasion
HTML smuggling
Scripting
Social engineering
File analysis
HTML analysis
Sender analysis
Attachment: Encrypted Microsoft Office file (unsolicited)
2mo ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Encryption
Macros
Scripting
Archive analysis
File analysis
OLE analysis
Sender analysis
Attachment: HTML file contains exclusively Javascript
2mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
Scripting
Archive analysis
File analysis
Attachment: HTML attachment with login portal indicators
2mo ago
Jan 12th, 2026
@ajpc500
Credential Phishing
HTML smuggling
Scripting
Archive analysis
File analysis
HTML analysis
Javascript analysis
Sender analysis
Attachment: HTML with hidden body
2mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Evasion
Scripting
Content analysis
HTML analysis
File analysis
Attachment: HTML file with reference to recipient and suspicious patterns
2mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
HTML smuggling
Scripting
Content analysis
File analysis
HTML analysis
Javascript analysis
YARA
Attachment: HTML smuggling with atob and high entropy
2mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
Javascript analysis
Sender analysis
URL analysis
Attachment: HTML smuggling with auto-downloaded file
2mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
Javascript analysis
Sender analysis
URL analysis
Attachment: HTML smuggling 'body onload' linking to suspicious destination
2mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
URL analysis
Page 1 of 4