• File analysis

Detection Method: File analysis

File analysis breaks down and inspects file contents, formats, and embedded elements to uncover hidden threats. This method goes beyond basic file attributes, deeply examining the inner structure of files to find potentially malicious content that looks legitimate on the surface.
File analysis helps detect:
  • Malicious macros in Office documents (Word, Excel, PowerPoint)
  • Obfuscated scripts hidden in PDFs or other document types
  • Executable code disguised in non-executable files
  • Hidden text content using encoding or steganography
  • Suspicious metadata or file properties suggesting tampering
Tactics & Techniques (14):
Impersonation: Brand
Social engineering
Free file host
Image as content
Evasion
Out of band pivot
PDF
QR code
Free email provider
HTML smuggling
Scripting
Lookalike domain
Macros
Exploit
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Brand impersonation: Amazon with suspicious attachment
9d ago
May 14th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Computer Vision
File analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/brand-impersonation-amazon-with-suspicious-attachment-5751dcb9
Brand impersonation: Microsoft with low reputation links
16d ago
May 7th, 2025
Sublime Security
Credential Phishing
Free file host
Image as content
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
File analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
/feeds/core/detection-rules/brand-impersonation-microsoft-with-low-reputation-links-b59201b6
Link: Direct POWR.io Form Builder with Suspicious Patterns
18d ago
May 5th, 2025
Sublime Security
Credential Phishing
Callback Phishing
Social engineering
File analysis
URL analysis
Content analysis
/feeds/core/detection-rules/link-direct-powrio-form-builder-with-suspicious-patterns-fd37cc93
Link: ScreenConnect Installer With Suspicious Relay Domain
21d ago
May 2nd, 2025
Sublime Security
Malware/Ransomware
Evasion
Out of band pivot
Social engineering
URL analysis
File analysis
Content analysis
/feeds/core/detection-rules/link-screenconnect-installer-with-suspicious-relay-domain-37d21eef
Attachment: Fake Voicemail via PDF
23d ago
Apr 30th, 2025
Sublime Security
Credential Phishing
PDF
QR code
Social engineering
Computer Vision
Content analysis
File analysis
Optical Character Recognition
QR code analysis
URL analysis
/feeds/core/detection-rules/attachment-fake-voicemail-via-pdf-d3587209
Callback Phishing: AOL Senders with Suspicious HTML Template or PDF Attachment
25d ago
Apr 28th, 2025
Sublime Security
Callback Phishing
Free email provider
Social engineering
Content analysis
Header analysis
File analysis
HTML analysis
Exif analysis
Sender analysis
/feeds/core/detection-rules/callback-phishing-aol-senders-with-suspicious-html-template-or-pdf-attachment-f6044eed
Attachment: Web Files With Suspicious Comments
25d ago
Apr 28th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
HTML smuggling
Evasion
File analysis
HTML analysis
Content analysis
/feeds/core/detection-rules/attachment-web-files-with-suspicious-comments-93061d17
Attachment: EML with Suspicious Indicators
1mo ago
Apr 18th, 2025
Sublime Security
Credential Phishing
Evasion
HTML smuggling
Social engineering
Content analysis
File analysis
/feeds/core/detection-rules/attachment-eml-with-suspicious-indicators-deb5d08d
Attachment: EML with Embedded Javascript in SVG File
1mo ago
Apr 17th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Scripting
Evasion
File analysis
Javascript analysis
Sender analysis
/feeds/core/detection-rules/attachment-eml-with-embedded-javascript-in-svg-file-dfafb78f
Attachment: Embedded Javascript in SVG file
1mo ago
Apr 17th, 2025
Sublime Security
Malware/Ransomware
Scripting
Archive analysis
File analysis
Sender analysis
XML analysis
/feeds/core/detection-rules/attachment-embedded-javascript-in-svg-file-f70293bc
Callback Phishing via Calendar Invite
1mo ago
Apr 14th, 2025
Sublime Security
Callback Phishing
Social engineering
Evasion
File analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/callback-phishing-via-calendar-invite-95c84360
Attachment: Fake attachment image lure
1mo ago
Apr 11th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Image as content
Social engineering
File analysis
Natural Language Understanding
Optical Character Recognition
/feeds/core/detection-rules/attachment-fake-attachment-image-lure-96b8b285
Attachment: HTML with obfuscation and recipient's email in JavaScript strings
1mo ago
Apr 10th, 2025
Sublime Security
Credential Phishing
HTML smuggling
Scripting
Archive analysis
File analysis
HTML analysis
Javascript analysis
/feeds/core/detection-rules/attachment-html-with-obfuscation-and-recipients-email-in-javascript-strings-1aff486b
Brand Impersonation: PayPal
1mo ago
Apr 10th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Computer Vision
Content analysis
File analysis
Header analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-paypal-a6b2ceee
HTML smuggling containing recipient email address
1mo ago
Apr 1st, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
Scripting
Archive analysis
File analysis
Sender analysis
/feeds/core/detection-rules/html-smuggling-containing-recipient-email-address-af32ff2f
Attachment: Suspicious Employee Policy Update Document Lure
1mo ago
Mar 31st, 2025
Sublime Security
Credential Phishing
PDF
Social engineering
Evasion
Content analysis
File analysis
Sender analysis
/feeds/core/detection-rules/attachment-suspicious-employee-policy-update-document-lure-a8bf1fd1
Attachment: EML file with HTML attachment (unsolicited)
1mo ago
Mar 28th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
Content analysis
File analysis
Header analysis
HTML analysis
Sender analysis
/feeds/core/detection-rules/attachment-eml-file-with-html-attachment-unsolicited-c24fd191
Attachment: Callback Phishing solicitation via pdf file
1mo ago
Mar 27th, 2025
Sublime Security
Callback Phishing
Evasion
Free email provider
Out of band pivot
PDF
Social engineering
Exif analysis
File analysis
Optical Character Recognition
Sender analysis
/feeds/core/detection-rules/attachment-callback-phishing-solicitation-via-pdf-file-ac33f097
Attachment: QR Code Link With Base64-Encoded Recipient Address
1mo ago
Mar 27th, 2025
Sublime Security
Credential Phishing
QR code
Image as content
Social engineering
Evasion
PDF
Macros
Computer Vision
File analysis
Natural Language Understanding
QR code analysis
Sender analysis
/feeds/core/detection-rules/attachment-qr-code-link-with-base64-encoded-recipient-address-927a0c1a
Attachment: CVE-2025-24071 - Microsoft Windows File Explorer Spoofing Vulnerability
2mo ago
Mar 21st, 2025
Sublime Security
Credential Phishing
Scripting
Macros
Exploit
Archive analysis
Content analysis
File analysis
/feeds/core/detection-rules/attachment-cve-2025-24071-microsoft-windows-file-explorer-spoofing-vulnerability-2e69fa0b