Sublime Security

Sublime Core Feed
Macros
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Tactic or Technique: Macros
Attackers use malicious macros hidden inside Microsoft Office files to run code on your device when you open the document. These files often appear as routine business attachments, and when opened, they prompt you to "Enable Content." Clicking that button runs the macro, which can silently install malware, steal data, or give the attacker remote access.
Filenames often follow familiar patterns like “Invoice_March2025.xlsm” or “Contract_Review.docm,” and the message usually includes urgent or convincing language that encourages you to trust the file and enable macros.
Even with stronger security settings from Microsoft, this technique still works because it relies on familiarity. Office files are common in day-to-day work, and macros are a built-in feature. But enabling them in a file you weren’t expecting can result in ransomware, stolen credentials, or long-term access to your environment.
Attack Types (3):
Credential Phishing
Malware/Ransomware
BEC/Fraud
Detection Methods (13):
File analysis
Macro analysis
Content analysis
Exif analysis
Archive analysis
OLE analysis
Sender analysis
Computer Vision
Natural Language Understanding
QR code analysis
Optical Character Recognition
Header analysis
YARA
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Attachment: Excel file with document sharing lure created by Go Excelize
1mo ago
Jan 29th, 2026
Sublime Security
Credential Phishing
Macros
Social engineering
File analysis
Macro analysis
Content analysis
Exif analysis
Credential Phishing
Macros
Social engineering
File analysis
Macro analysis
Content analysis
Exif analysis
Attachment: Encrypted Microsoft Office file (unsolicited)
2mo ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Encryption
Macros
Scripting
Archive analysis
File analysis
OLE analysis
Sender analysis
Malware/Ransomware
Encryption
Macros
Scripting
Archive analysis
File analysis
OLE analysis
Sender analysis
Attachment: Macro files containing MHT content
2mo ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Credential Phishing
Evasion
Macros
Scripting
Archive analysis
File analysis
Macro analysis
Malware/Ransomware
Credential Phishing
Evasion
Macros
Scripting
Archive analysis
File analysis
Macro analysis
Attachment: Potential sandbox evasion in Office file
2mo ago
Jan 12th, 2026
Malware/Ransomware
Evasion
Macros
File analysis
Macro analysis
Malware/Ransomware
Evasion
Macros
File analysis
Macro analysis
Attachment: QR code link with base64-encoded recipient address
2mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
QR code
Image as content
Social engineering
Evasion
PDF
Macros
Computer Vision
File analysis
Natural Language Understanding
QR code analysis
Sender analysis
Credential Phishing
QR code
Image as content
Social engineering
Evasion
PDF
Macros
Computer Vision
File analysis
Natural Language Understanding
QR code analysis
Sender analysis
Attachment: Macro with suspected use of COM ShellBrowserWindow object for process creation
2mo ago
Jan 12th, 2026
Malware/Ransomware
Macros
Scripting
Content analysis
File analysis
Macro analysis
Malware/Ransomware
Macros
Scripting
Content analysis
File analysis
Macro analysis
Attachment soliciting user to enable macros
2mo ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Macros
Archive analysis
File analysis
Macro analysis
Optical Character Recognition
Sender analysis
Malware/Ransomware
Macros
Archive analysis
File analysis
Macro analysis
Optical Character Recognition
Sender analysis
Suspicious VBA macros from untrusted sender
2mo ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Macros
File analysis
Macro analysis
Sender analysis
Malware/Ransomware
Macros
File analysis
Macro analysis
Sender analysis
Attachment with auto-executing macro (unsolicited)
2mo ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Macros
Archive analysis
Header analysis
File analysis
Macro analysis
OLE analysis
Sender analysis
Malware/Ransomware
Macros
Archive analysis
Header analysis
File analysis
Macro analysis
OLE analysis
Sender analysis
Attachment with auto-opening VBA macro (unsolicited)
2mo ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Macros
Archive analysis
File analysis
Macro analysis
Sender analysis
Malware/Ransomware
Macros
Archive analysis
File analysis
Macro analysis
Sender analysis
Attachment with macro calling executable
2mo ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Evasion
Macros
Archive analysis
File analysis
Malware/Ransomware
Evasion
Macros
Archive analysis
File analysis
Attachment with VBA macros from employee impersonation (unsolicited)
2mo ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Impersonation: Employee
Macros
Social engineering
Archive analysis
File analysis
Macro analysis
Sender analysis
Malware/Ransomware
Impersonation: Employee
Macros
Social engineering
Archive analysis
File analysis
Macro analysis
Sender analysis
Attachment with high risk VBA macro (unsolicited)
2mo ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Macros
File analysis
Macro analysis
OLE analysis
Sender analysis
Malware/Ransomware
Macros
File analysis
Macro analysis
OLE analysis
Sender analysis
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability
2mo ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Exploit
Macros
Scripting
Archive analysis
Content analysis
File analysis
Macro analysis
OLE analysis
Malware/Ransomware
Exploit
Macros
Scripting
Archive analysis
Content analysis
File analysis
Macro analysis
OLE analysis
Attachment: Excel file with suspicious template identifier
2mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Evasion
Macros
Exif analysis
File analysis
Credential Phishing
Evasion
Macros
Exif analysis
File analysis
Attachment: XLSX file with suspicious print titles metadata
6mo ago
Sep 16th, 2025
Sublime Security
Credential Phishing
Evasion
Macros
File analysis
Exif analysis
Credential Phishing
Evasion
Macros
File analysis
Exif analysis
Attachment: USDA bid invitation impersonation
7mo ago
Aug 5th, 2025
Sublime Security
BEC/Fraud
Impersonation: Brand
PDF
Macros
Social engineering
Content analysis
File analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
BEC/Fraud
Impersonation: Brand
PDF
Macros
Social engineering
Content analysis
File analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
Attachment: CVE-2025-24071 - Microsoft Windows File Explorer Spoofing Vulnerability
1y ago
Mar 21st, 2025
Sublime Security
Credential Phishing
Scripting
Macros
Exploit
Archive analysis
Content analysis
File analysis
Credential Phishing
Scripting
Macros
Exploit
Archive analysis
Content analysis
File analysis
Attachment: Archive contains DLL-loading macro
3y ago
Dec 28th, 2023
Sublime Security
Malware/Ransomware
Exploit
LNK
Macros
Scripting
Archive analysis
File analysis
Macro analysis
YARA
Malware/Ransomware
Exploit
LNK
Macros
Scripting
Archive analysis
File analysis
Macro analysis
YARA

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Attachment: Excel file with document sharing lure created by Go Excelize	1mo ago Jan 29th, 2026	Sublime Security	Credential Phishing Macros Social engineering File analysis Macro analysis Content analysis Exif analysis
Attachment: Encrypted Microsoft Office file (unsolicited)	2mo ago Jan 12th, 2026	Sublime Security	Malware/Ransomware Encryption Macros Scripting Archive analysis File analysis OLE analysis Sender analysis
Attachment: Macro files containing MHT content	2mo ago Jan 12th, 2026	Sublime Security	Malware/Ransomware Credential Phishing Evasion Macros Scripting Archive analysis File analysis Macro analysis
Attachment: Potential sandbox evasion in Office file	2mo ago Jan 12th, 2026	@ajpc500	Malware/Ransomware Evasion Macros File analysis Macro analysis
Attachment: QR code link with base64-encoded recipient address	2mo ago Jan 12th, 2026	Sublime Security	Credential Phishing QR code Image as content Social engineering Evasion PDF Macros Computer Vision File analysis Natural Language Understanding QR code analysis Sender analysis
Attachment: Macro with suspected use of COM ShellBrowserWindow object for process creation	2mo ago Jan 12th, 2026	@ajpc500	Malware/Ransomware Macros Scripting Content analysis File analysis Macro analysis
Attachment soliciting user to enable macros	2mo ago Jan 12th, 2026	Sublime Security	Malware/Ransomware Macros Archive analysis File analysis Macro analysis Optical Character Recognition Sender analysis
Suspicious VBA macros from untrusted sender	2mo ago Jan 12th, 2026	Sublime Security	Malware/Ransomware Macros File analysis Macro analysis Sender analysis
Attachment with auto-executing macro (unsolicited)	2mo ago Jan 12th, 2026	Sublime Security	Malware/Ransomware Macros Archive analysis Header analysis File analysis Macro analysis OLE analysis Sender analysis
Attachment with auto-opening VBA macro (unsolicited)	2mo ago Jan 12th, 2026	Sublime Security	Malware/Ransomware Macros Archive analysis File analysis Macro analysis Sender analysis
Attachment with macro calling executable	2mo ago Jan 12th, 2026	Sublime Security	Malware/Ransomware Evasion Macros Archive analysis File analysis
Attachment with VBA macros from employee impersonation (unsolicited)	2mo ago Jan 12th, 2026	Sublime Security	Malware/Ransomware Impersonation: Employee Macros Social engineering Archive analysis File analysis Macro analysis Sender analysis
Attachment with high risk VBA macro (unsolicited)	2mo ago Jan 12th, 2026	Sublime Security	Malware/Ransomware Macros File analysis Macro analysis OLE analysis Sender analysis
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability	2mo ago Jan 12th, 2026	Sublime Security	Malware/Ransomware Exploit Macros Scripting Archive analysis Content analysis File analysis Macro analysis OLE analysis
Attachment: Excel file with suspicious template identifier	2mo ago Jan 12th, 2026	Sublime Security	Credential Phishing Evasion Macros Exif analysis File analysis
Attachment: XLSX file with suspicious print titles metadata	6mo ago Sep 16th, 2025	Sublime Security	Credential Phishing Evasion Macros File analysis Exif analysis
Attachment: USDA bid invitation impersonation	7mo ago Aug 5th, 2025	Sublime Security	BEC/Fraud Impersonation: Brand PDF Macros Social engineering Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis
Attachment: CVE-2025-24071 - Microsoft Windows File Explorer Spoofing Vulnerability	1y ago Mar 21st, 2025	Sublime Security	Credential Phishing Scripting Macros Exploit Archive analysis Content analysis File analysis
Attachment: Archive contains DLL-loading macro	3y ago Dec 28th, 2023	Sublime Security	Malware/Ransomware Exploit LNK Macros Scripting Archive analysis File analysis Macro analysis YARA