Detection Method: File analysis

File analysis breaks down and inspects file contents, formats, and embedded elements to uncover hidden threats. This method goes beyond basic file attributes, deeply examining the inner structure of files to find potentially malicious content that looks legitimate on the surface.
File analysis helps detect:
  • Malicious macros in Office documents (Word, Excel, PowerPoint)
  • Obfuscated scripts hidden in PDFs or other document types
  • Executable code disguised in non-executable files
  • Hidden text content using encoding or steganography
  • Suspicious metadata or file properties suggesting tampering
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Link: Microsoft Protected Message with Matching Sender and Recipient Addresses
11h ago
Jul 2nd, 2025 UTC
Sublime Security
/feeds/core/detection-rules/link-microsoft-protected-message-with-matching-sender-and-recipient-addresses-a5a2f75d
Attachment: Suspicious PDF Created With Headless Browser
3d ago
Jun 30th, 2025 UTC
Sublime Security
/feeds/core/detection-rules/attachment-suspicious-pdf-created-with-headless-browser-8f3108d7
Attachment: Callback Phishing solicitation via text-based file
7d ago
Jun 26th, 2025 UTC
Sublime Security
/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-text-based-file-ca39c83a
Attachment: Fake attachment image lure
8d ago
Jun 25th, 2025 UTC
Sublime Security
/feeds/core/detection-rules/attachment-fake-attachment-image-lure-96b8b285
Attachment: Soda PDF Producer with Encryption Themes
14d ago
Jun 19th, 2025 UTC
Sublime Security
/feeds/core/detection-rules/attachment-soda-pdf-producer-with-encryption-themes-af8eeca4
Attachment: Callback Phishing solicitation via pdf file
15d ago
Jun 18th, 2025 UTC
Sublime Security
/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097
Callback Phishing solicitation in message body
17d ago
Jun 16th, 2025 UTC
Sublime Security
/feeds/core/detection-rules/callback-phishing-solicitation-in-message-body-10a3a446
Suspicious invoice reference with missing or image-only attachments
17d ago
Jun 16th, 2025 UTC
Sublime Security
/feeds/core/detection-rules/suspicious-invoice-reference-with-missing-or-image-only-attachments-466c1680
Brand impersonation: Microsoft quarantine release notification in body
17d ago
Jun 16th, 2025 UTC
Sublime Security
/feeds/core/detection-rules/brand-impersonation-microsoft-quarantine-release-notification-in-body-6d19527c
Attachment: Macro Files Containing MHT Content
21d ago
Jun 12th, 2025 UTC
Sublime Security
/feeds/core/detection-rules/attachment-macro-files-containing-mht-content-4d54e40b
Brand impersonation: Sharepoint
21d ago
Jun 12th, 2025 UTC
Sublime Security
/feeds/core/detection-rules/brand-impersonation-sharepoint-284b1b70
Attachment: Legal Themed Message with PDF Containing Suspicious Link
27d ago
Jun 6th, 2025 UTC
Sublime Security
/feeds/core/detection-rules/attachment-legal-themed-message-with-pdf-containing-suspicious-link-19133301
Brand Impersonation: PayPal
29d ago
Jun 4th, 2025 UTC
Sublime Security
/feeds/core/detection-rules/brand-impersonation-paypal-a6b2ceee
Encrypted Microsoft Office Files From Untrusted Senders
29d ago
Jun 4th, 2025 UTC
Sublime Security
/feeds/core/detection-rules/encrypted-microsoft-office-files-from-untrusted-senders-eb7b26e7
Callback Phishing: AOL Senders with Suspicious HTML Template or PDF Attachment
30d ago
Jun 3rd, 2025 UTC
Sublime Security
/feeds/core/detection-rules/callback-phishing-aol-senders-with-suspicious-html-template-or-pdf-attachment-f6044eed
Attachment: HTML smuggling with eval and atob via calendar invite
30d ago
Jun 3rd, 2025 UTC
Sublime Security
/feeds/core/detection-rules/attachment-html-smuggling-with-eval-and-atob-via-calendar-invite-597c2edd
Attachment: HTML smuggling with atob and high entropy via calendar invite
30d ago
Jun 3rd, 2025 UTC
Sublime Security
/feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-via-calendar-invite-94d84614
Attachment: EML with Suspicious Indicators
1mo ago
Jun 2nd, 2025 UTC
Sublime Security
/feeds/core/detection-rules/attachment-eml-with-suspicious-indicators-deb5d08d
Suspicious attachment with unscannable Cloudflare link
1mo ago
Jun 2nd, 2025 UTC
Sublime Security
/feeds/core/detection-rules/suspicious-attachment-with-unscannable-cloudflare-link-00f92b6f
Attachment: Embedded Javascript in SVG file
1mo ago
Jun 2nd, 2025 UTC
Sublime Security
/feeds/core/detection-rules/attachment-embedded-javascript-in-svg-file-f70293bc