Detection Method: OLE analysis

OLE (Object Linking and Embedding) analysis examines embedded objects in Microsoft Office documents to detect potentially harmful content and behavior. This method focuses on the OLE2 container format used in many Office files, which can hide threats like malicious macros, executable code, or dangerous external links.
OLE analysis can help you detect:
  • Malicious VBA macros that run automatically when documents are opened
  • Hidden executable code or scripts embedded within document objects
  • External relationships linking to malicious or suspicious resources
  • Encryption used to hide malicious content
  • Flash objects that might contain exploitable vulnerabilities
  • Attempts to exploit known vulnerabilities in Office applications
For example, attackers might embed macros that execute as soon as you open the document, or include external links that download additional malware when clicked. OLE analysis helps catch these hidden threats early.
Attack Types (2):
Credential Phishing
Malware/Ransomware
Tactics & Techniques (6):
Evasion
Social engineering
Macros
Encryption
Scripting
Exploit
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Attachment: Office file contains OLE relationship to credential phishing page
3mo ago
Jul 16th, 2025
Sublime Security
Credential Phishing
Evasion
Social engineering
File analysis
HTML analysis
Natural Language Understanding
OLE analysis
URL analysis
/feeds/core/detection-rules/attachment-office-file-contains-ole-relationship-to-credential-phishing-page-d55793d0
Attachment with auto-executing macro (unsolicited)
3mo ago
Jul 16th, 2025
Sublime Security
Malware/Ransomware
Macros
Archive analysis
Header analysis
File analysis
Macro analysis
OLE analysis
Sender analysis
/feeds/core/detection-rules/attachment-with-auto-executing-macro-unsolicited-af6624c3
Attachment: OLE external relationship containing file scheme link to executable filetype
3mo ago
Jul 16th, 2025
Sublime Security
Malware/Ransomware
Evasion
Archive analysis
Content analysis
OLE analysis
Sender analysis
/feeds/core/detection-rules/attachment-ole-external-relationship-containing-file-scheme-link-to-executable-filetype-33bf6fd4
Attachment with high risk VBA macro (unsolicited)
3mo ago
Jul 16th, 2025
Sublime Security
Malware/Ransomware
Macros
File analysis
Macro analysis
OLE analysis
Sender analysis
/feeds/core/detection-rules/attachment-with-high-risk-vba-macro-unsolicited-a2b20e16
Attachment: OLE external relationship containing file scheme link to IP address
3mo ago
Jul 16th, 2025
Sublime Security
Malware/Ransomware
Evasion
Archive analysis
Content analysis
OLE analysis
Sender analysis
/feeds/core/detection-rules/attachment-ole-external-relationship-containing-file-scheme-link-to-ip-address-3aab998c
Attachment: Encrypted Microsoft Office file (unsolicited)
3mo ago
Jul 16th, 2025
Sublime Security
Malware/Ransomware
Encryption
Macros
Scripting
Archive analysis
File analysis
OLE analysis
Sender analysis
/feeds/core/detection-rules/attachment-encrypted-microsoft-office-file-unsolicited-1e47e953
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability
2y ago
Dec 19th, 2023
Sublime Security
Malware/Ransomware
Exploit
Macros
Scripting
Archive analysis
Content analysis
File analysis
Macro analysis
OLE analysis
/feeds/core/detection-rules/attachment-cve-2021-40444-mshtml-remote-code-execution-vulnerability-8cefcf7f