Detection Method: YARA

YARA detection scans email messages, attachments, and extracted content for known malware, phishing patterns, or suspicious code. This detection method uses the YARA pattern matching language, which lets your security team create specific signatures based on known malicious patterns, both textual and binary.
YARA detection can identify:
  • Known malware families based on their distinctive code patterns
  • Obfuscated scripts or executables using encoding techniques
  • Common phishing templates with structural similarities
  • Suspicious binary patterns that may indicate malicious functionality
  • Custom threats targeting specific organizations with tailored YARA rules
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Attachment: PDF with suspicious document view lure
2d ago
Jul 14th, 2026
Sublime Security
Attachment: PDF with quote lure
15d ago
Jul 1st, 2026
Sublime Security
Attachment: PDF with specific W-9 lure
15d ago
Jul 1st, 2026
Sublime Security
Attachment: PDF with W-9 form indicators
20d ago
Jun 26th, 2026
Sublime Security
Attachment: Malicious zip file matching zipline campaign
21d ago
Jun 25th, 2026
Sublime Security
Attachment: DOCX with malicious document template artifacts
21d ago
Jun 25th, 2026
Sublime Security
Attachment: Fake PDF Invoices Yara
30d ago
Jun 16th, 2026
Sublime Security
Attachment: PDF with fake invoice using suspicious font sizing
1mo ago
Jun 9th, 2026
Sublime Security
Attachment: PDF with blurry lure image
1mo ago
Jun 5th, 2026
Sublime Security
Attachment: Encrypted PDF With Credential Harvesting Indicators
1mo ago
Jun 5th, 2026
Sublime Security
Attachment: PDF with eCheckRun lures
1mo ago
Jun 5th, 2026
Sublime Security
Attachment: Adobe Sign lure PDF with embedded banner images
1mo ago
Jun 3rd, 2026
Sublime Security
Attachment with unscannable encrypted zip
2mo ago
Apr 30th, 2026
Sublime Security
Attachment: PDF with suspicious view document characteristics
2mo ago
Apr 23rd, 2026
Sublime Security
Attachment: PDF with CVE-2026-34621 lures
2mo ago
Apr 22nd, 2026
Sublime Security
Attachment: PDF with JSFck obfuscation
2mo ago
Apr 22nd, 2026
Sublime Security
Attachment: PDF with split QR code
3mo ago
Apr 15th, 2026
Sublime Security
Attachment: PDF With SAI Global ISO9001 Logo
3mo ago
Apr 15th, 2026
Sublime Security
Attachment: ZIP file with CVE-2026-0866 exploit
3mo ago
Mar 20th, 2026
Sublime Security
Attachment: PDF contains W9 or invoice YARA signatures
3mo ago
Mar 18th, 2026
Sublime Security