• OLE analysis

Detection Method: OLE analysis

OLE (Object Linking and Embedding) analysis examines embedded objects in Microsoft Office documents to detect potentially harmful content and behavior. This method focuses on the OLE2 container format used in many Office files, which can hide threats like malicious macros, executable code, or dangerous external links.
OLE analysis can help you detect:
  • Malicious VBA macros that run automatically when documents are opened
  • Hidden executable code or scripts embedded within document objects
  • External relationships linking to malicious or suspicious resources
  • Encryption used to hide malicious content
  • Flash objects that might contain exploitable vulnerabilities
  • Attempts to exploit known vulnerabilities in Office applications
For example, attackers might embed macros that execute as soon as you open the document, or include external links that download additional malware when clicked. OLE analysis helps catch these hidden threats early.
Attack Types (2):
Malware/Ransomware
Credential Phishing
Tactics & Techniques (6):
Evasion
Social engineering
Encryption
Macros
Scripting
Exploit
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Attachment: OLE external relationship containing file scheme link to executable filetype
2mo ago
Apr 17th, 2025 UTC
Sublime Security
Malware/Ransomware
Evasion
Archive analysis
Content analysis
OLE analysis
Sender analysis
/feeds/core/detection-rules/attachment-ole-external-relationship-containing-file-scheme-link-to-executable-filetype-33bf6fd4
Attachment: Office file contains OLE relationship to credential phishing page
6mo ago
Dec 18th, 2024 UTC
Sublime Security
Credential Phishing
Evasion
Social engineering
File analysis
HTML analysis
Natural Language Understanding
OLE analysis
URL analysis
/feeds/core/detection-rules/attachment-office-file-contains-ole-relationship-to-credential-phishing-page-d55793d0
Attachment: OLE external relationship containing file scheme link to IP address
1y ago
Apr 12th, 2024 UTC
Sublime Security
Malware/Ransomware
Evasion
Archive analysis
Content analysis
OLE analysis
Sender analysis
/feeds/core/detection-rules/attachment-ole-external-relationship-containing-file-scheme-link-to-ip-address-3aab998c
Attachment: Encrypted Microsoft Office file (unsolicited)
2y ago
Dec 19th, 2023 UTC
Sublime Security
Malware/Ransomware
Encryption
Macros
Scripting
Archive analysis
File analysis
OLE analysis
Sender analysis
/feeds/core/detection-rules/attachment-encrypted-microsoft-office-file-unsolicited-1e47e953
Attachment with auto-executing macro (unsolicited)
2y ago
Dec 19th, 2023 UTC
Sublime Security
Malware/Ransomware
Macros
Archive analysis
Header analysis
File analysis
Macro analysis
OLE analysis
Sender analysis
/feeds/core/detection-rules/attachment-with-auto-executing-macro-unsolicited-af6624c3
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability
2y ago
Dec 19th, 2023 UTC
Sublime Security
Malware/Ransomware
Exploit
Macros
Scripting
Archive analysis
Content analysis
File analysis
Macro analysis
OLE analysis
/feeds/core/detection-rules/attachment-cve-2021-40444-mshtml-remote-code-execution-vulnerability-8cefcf7f
Attachment with high risk VBA macro (unsolicited)
2y ago
Dec 19th, 2023 UTC
Sublime Security
Malware/Ransomware
Macros
File analysis
Macro analysis
OLE analysis
Sender analysis
/feeds/core/detection-rules/attachment-with-high-risk-vba-macro-unsolicited-a2b20e16