• Threat intelligence

Detection Method: Threat intelligence

Threat intelligence uses data feeds and insights about known and emerging phishing threats to give you proactive protection against attackers. This method taps into massive databases of indicators of compromise (IoCs), helping your security systems recognize patterns, techniques, and infrastructure that have been seen in past attacks.
Threat intelligence can help you identify:
  • Domains and URLs linked to previous phishing campaigns
  • File hashes associated with known malware samples
  • IP addresses connected to command and control servers
  • Email patterns that match identified threat actors
  • Emerging threats based on recently observed attack tactics
For example, when a new phishing campaign targeting a specific industry is discovered, threat intelligence feeds can share the indicators of that campaign, so you can block similar attempts before they even reach your users.
Blog Post
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques
A brief background of PikaBot with a focus on recently observed attack techniques and email detection methods.
Attack Types (2):
Malware/Ransomware
Credential Phishing
Tactics & Techniques (4):
Evasion
PDF
Impersonation: Brand
Social engineering
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
MalwareBazaar: Malicious attachment hash in archive (trusted reporters)
2d ago
Jul 16th, 2025 UTC
Sublime Security
Malware/Ransomware
Evasion
Archive analysis
File analysis
Sender analysis
Threat intelligence
/feeds/core/detection-rules/malwarebazaar-malicious-attachment-hash-in-archive-trusted-reporters-9d734281
MalwareBazaar: Malicious attachment hash (trusted reporters)
2d ago
Jul 16th, 2025 UTC
Sublime Security
Malware/Ransomware
File analysis
Sender analysis
Threat intelligence
/feeds/core/detection-rules/malwarebazaar-malicious-attachment-hash-trusted-reporters-5b5c9c3e
Malware: Pikabot delivery via URL auto-download
1y ago
Apr 25th, 2024 UTC
Sublime Security
Malware/Ransomware
Evasion
Archive analysis
File analysis
Threat intelligence
URL analysis
/feeds/core/detection-rules/malware-pikabot-delivery-via-url-auto-download-f4be4572
URLhaus: Malicious domain in message body or pdf attachment (trusted reporters)
2y ago
Nov 18th, 2023 UTC
Sublime Security
Credential Phishing
Malware/Ransomware
PDF
File analysis
Threat intelligence
URL analysis
/feeds/core/detection-rules/urlhaus-malicious-domain-in-message-body-or-pdf-attachment-trusted-reporters-cfca2986
Brand impersonation: ukr[.]net
2y ago
Aug 21st, 2023 UTC
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Sender analysis
Threat intelligence
/feeds/core/detection-rules/brand-impersonation-ukrnet-3cb4015f