• Sublime Core Feed
High Severity

Attachment: Malformed OLE file

Labels

Credential Phishing
Malware/Ransomware
Evasion
File analysis
YARA

Description

Attached OLE file (typically a Microsoft Office document) is malformed, possibly to evade traditional scanners and filters.

References

Sublime Security
Created Nov 25th, 2024 • Last updated Nov 25th, 2024
Feed Source
Sublime Core Feed
Source
GitHub
type.inbound
and any(attachments,
        .file_extension in $file_extensions_macros
        and any(file.explode(.),
                any(.scan.yara.matches, .name == "MALFORMED_OLE_HEADER")
        )
)
MQL Rule Console
DocsLearning Labs

Playground

Test against your own EMLs or sample data.

Share

Post about this on your socials.

Get Started. Today.

Managed or self-managed. No MX changes.

Get Started
Deploy and integrate a free Sublime instance in minutes.
Get Started