Tactic or Technique: Scripting

Attackers use scripting languages like JavaScript, VBScript, and PowerShell to run malicious code delivered through phishing emails or compromised websites. These scripts can load hidden content, redirect you to phishing pages, or silently steal data in the background.
To avoid detection, attackers often scramble the code using encryption, compression, or multiple layers of encoding. This makes it harder for both security tools and analysts to understand what the script is doing.
Scripting is flexible and often used to fingerprint your browser, deliver customized payloads, or create a connection to an attacker-controlled server. Once that connection is active, the script can pull down more malware, collect sensitive information, or give an attacker continued access to your device.
Blog Posts
Scripting Vector Grifts: SVG phishing with smuggled JS and adversary in the middle tactics · Blog · Sublime Security
Scripting Vector Grifts: SVG phishing with smuggled JS and adversary in the middle tactics · Blog · Sublime Security
Detecting QakBot: WSF attachments, OneNote files, and generic attack surface reduction · Blog · Sublime Security
Detecting QakBot: WSF attachments, OneNote files, and generic attack surface reduction · Blog · Sublime Security
Attack Types (4):
Malware/Ransomware
Credential Phishing
BEC/Fraud
Spam
Detection Methods (18):
Archive analysis
File analysis
HTML analysis
Computer Vision
Header analysis
Natural Language Understanding
Sender analysis
Content analysis
Javascript analysis
URL analysis
Threat intelligence
OLE analysis
Exif analysis
Macro analysis
YARA
XML analysis
URL screenshot
Whois
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Attachment: Embedded VBScript in MHT file
16d ago
May 14th, 2026
Sublime Security
Malware/Ransomware
Evasion
Scripting
Archive analysis
File analysis
HTML analysis
Attachment: Microsoft impersonation via PDF with link and suspicious language
16d ago
May 14th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Image as content
Impersonation: Brand
PDF
Scripting
Social engineering
Computer Vision
File analysis
Header analysis
Natural Language Understanding
Sender analysis
Suspected cross-site scripting (XSS) found in subject
26d ago
May 4th, 2026
Sublime Security
Credential Phishing
Evasion
Scripting
Content analysis
Sender analysis
Attachment: HTML smuggling with atob and high entropy via calendar invite
1mo ago
Apr 28th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
ICS Phishing
Scripting
File analysis
HTML analysis
Javascript analysis
Sender analysis
Attachment: HTML smuggling with eval and atob via calendar invite
1mo ago
Apr 28th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
ICS Phishing
Scripting
File analysis
HTML analysis
Javascript analysis
Attachment: ICS with embedded Javascript in SVG file
1mo ago
Apr 28th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Scripting
Evasion
ICS Phishing
File analysis
Javascript analysis
Sender analysis
CVE-2023-5631 - Roundcube Webmail XSS via crafted SVG
1mo ago
Apr 27th, 2026
Sublime Security
Malware/Ransomware
Evasion
Exploit
HTML smuggling
Scripting
Content analysis
HTML analysis
Sender analysis
Attachment: File execution via Javascript
1mo ago
Apr 27th, 2026
Sublime Security
Malware/Ransomware
Evasion
Scripting
Archive analysis
File analysis
Javascript analysis
Sender analysis
Attachment: Double base64-encoded zip file in HTML smuggling attachment
1mo ago
Apr 27th, 2026
@ajpc500
Malware/Ransomware
Credential Phishing
Evasion
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
Sender analysis
Link: Landing page with search-ms protocol redirect
1mo ago
Apr 7th, 2026
Sublime Security
Malware/Ransomware
Evasion
Scripting
URL analysis
Threat intelligence
Link: JavaScript obfuscation with Telegram bot integration
3mo ago
Feb 25th, 2026
Sublime Security
Credential Phishing
Evasion
Scripting
Content analysis
Javascript analysis
URL analysis
Attachment: cmd file extension
3mo ago
Feb 9th, 2026
Sublime Security
Malware/Ransomware
Scripting
Archive analysis
File analysis
Attachment: HTML attachment with login portal indicators
4mo ago
Jan 12th, 2026
@ajpc500
Credential Phishing
HTML smuggling
Scripting
Archive analysis
File analysis
HTML analysis
Javascript analysis
Sender analysis
Attachment: EML containing a base64 encoded script
4mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Evasion
HTML smuggling
Scripting
Social engineering
File analysis
HTML analysis
Sender analysis
Attachment: Encrypted Microsoft Office file (unsolicited)
4mo ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Encryption
Macros
Scripting
Archive analysis
File analysis
OLE analysis
Sender analysis
Attachment: HTML file contains exclusively Javascript
4mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
Scripting
Archive analysis
File analysis
Attachment: HTML smuggling with atob and high entropy
4mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
Javascript analysis
Sender analysis
URL analysis
Attachment: HTML smuggling with auto-downloaded file
4mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
Javascript analysis
Sender analysis
URL analysis
Attachment: HTML smuggling 'body onload' linking to suspicious destination
4mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
URL analysis
Attachment: HTML smuggling with concatenation obfuscation
4mo ago
Jan 12th, 2026
@vector_sec
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
Page 1 of 4