- Javascript analysis
Detection Method: Javascript analysis
JavaScript analysis inspects JavaScript code found in email messages, HTML attachments, and linked web pages to identify potential malicious behavior or suspicious patterns. It uses specialized techniques to spot obfuscated scripts, malicious functions, and known attack strategies.
JavaScript analysis can help you detect:
- Obfuscated code designed to hide malicious intent
- DOM manipulation attempts that lead to phishing or data theft
- Event handlers that trigger actions when content is viewed
- Suspicious API calls like
document.write()oreval()that generate malicious content - Encoded strings that decode to payloads during runtime
For example, attackers often use obfuscated JavaScript to redirect you to phishing sites or to download malware. JavaScript analysis can uncover these threats even when the code is intentionally hidden.
Blog Post
Attack Types (2):
Tactics & Techniques (10):
Rule Name & Severity | Last Updated | Author | Types, Tactics & Capabilities | |
|---|---|---|---|---|
Attachment: File execution via Javascript | 2d ago Jul 16th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/attachment-file-execution-via-javascript-627ae0b1 | |
Attachment: HTML With Emoji-to-Character Map | 2d ago Jul 16th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/attachment-html-with-emoji-to-character-map-3119d086 | |
Attachment: HTML Smuggling Microsoft Sign In | 2d ago Jul 16th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/attachment-html-smuggling-microsoft-sign-in-878d6385 | |
Low reputation link to auto-downloaded HTML file with smuggling indicators | 2d ago Jul 16th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/low-reputation-link-to-auto-downloaded-html-file-with-smuggling-indicators-339676c6 | |
Attachment: HTML Attachment with Login Portal Indicators | 2d ago Jul 16th, 2025 UTC | @ajpc500 | /feeds/core/detection-rules/attachment-html-attachment-with-login-portal-indicators-3aabf4a7 | |
Link: Multistage Landing - JotForm Abuse | 9d ago Jul 9th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/link-multistage-landing-jotform-abuse-5b64326f | |
Link: chatbot.page Platform Abuse | 24d ago Jun 24th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/link-chatbotpage-platform-abuse-bfd6a076 | |
Attachment: HTML smuggling with atob and high entropy via calendar invite | 1mo ago Jun 3rd, 2025 UTC | Sublime Security | /feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-via-calendar-invite-94d84614 | |
Attachment: HTML smuggling with eval and atob via calendar invite | 1mo ago Jun 3rd, 2025 UTC | Sublime Security | /feeds/core/detection-rules/attachment-html-smuggling-with-eval-and-atob-via-calendar-invite-597c2edd | |
Attachment: EML with Embedded Javascript in SVG File | 3mo ago Apr 17th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/attachment-eml-with-embedded-javascript-in-svg-file-dfafb78f | |
Attachment: HTML with obfuscation and recipient's email in JavaScript strings | 3mo ago Apr 10th, 2025 UTC | Sublime Security | /feeds/core/detection-rules/attachment-html-with-obfuscation-and-recipients-email-in-javascript-strings-1aff486b | |
Attachment: HTML smuggling with atob and high entropy | 10mo ago Aug 29th, 2024 UTC | Sublime Security | /feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-03fcac11 | |
Attachment: HTML smuggling with excessive string concatenation and suspicious patterns | 10mo ago Aug 27th, 2024 UTC | Sublime Security | /feeds/core/detection-rules/attachment-html-smuggling-with-excessive-string-concatenation-and-suspicious-patterns-e34fce8d | |
Attachment: HTML with JavaScript Functions for HTTP requests | 1y ago Jul 3rd, 2024 UTC | Sublime Security | /feeds/core/detection-rules/attachment-html-with-javascript-functions-for-http-requests-01e679fd | |
Attachment: HTML file with reference to recipient and suspicious patterns | 1y ago May 3rd, 2024 UTC | Sublime Security | /feeds/core/detection-rules/attachment-html-file-with-reference-to-recipient-and-suspicious-patterns-5333493d | |
Attachment: EML file contains HTML attachment with login portal indicators | 2y ago Oct 19th, 2023 UTC | Sublime Security | /feeds/core/detection-rules/attachment-eml-file-contains-html-attachment-with-login-portal-indicators-6e4df158 | |
Attachment: HTML smuggling with unescape | 2y ago Sep 22nd, 2023 UTC | Sublime Security | /feeds/core/detection-rules/attachment-html-smuggling-with-unescape-0b0fed36 | |
Attachment: HTML smuggling with excessive line break obfuscation | 2y ago Sep 8th, 2023 UTC | Sublime Security | /feeds/core/detection-rules/attachment-html-smuggling-with-excessive-line-break-obfuscation-7e901440 | |
Attachment: HTML smuggling with base64 encoded JavaScript function | 2y ago Aug 27th, 2023 UTC | Sublime Security | /feeds/core/detection-rules/attachment-html-smuggling-with-base64-encoded-javascript-function-4e8a12ec | |
Request for Quote or Purchase (RFQ|RFP) with HTML smuggling attachment | 2y ago Aug 24th, 2023 UTC | Sublime Security | /feeds/core/detection-rules/request-for-quote-or-purchase-rfqorrfp-with-html-smuggling-attachment-a47a5755 |
Page 1 of 2