Sublime Security

Sublime Core Feed
OLE analysis
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
ICS Phishing
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Detection Method: OLE analysis
OLE (Object Linking and Embedding) analysis examines embedded objects in Microsoft Office documents to detect potentially harmful content and behavior. This method focuses on the OLE2 container format used in many Office files, which can hide threats like malicious macros, executable code, or dangerous external links.
OLE analysis can help you detect:
Malicious VBA macros that run automatically when documents are opened
Hidden executable code or scripts embedded within document objects
External relationships linking to malicious or suspicious resources
Encryption used to hide malicious content
Flash objects that might contain exploitable vulnerabilities
Attempts to exploit known vulnerabilities in Office applications
For example, attackers might embed macros that execute as soon as you open the document, or include external links that download additional malware when clicked. OLE analysis helps catch these hidden threats early.
Attack Types (2):
Malware/Ransomware
Credential Phishing
Tactics & Techniques (6):
Macros
Evasion
Social engineering
Encryption
Scripting
Exploit
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Attachment with auto-executing macro (unsolicited)
18d ago
Jun 5th, 2026
Sublime Security
Malware/Ransomware
Macros
Archive analysis
Header analysis
File analysis
Macro analysis
OLE analysis
Sender analysis
Malware/Ransomware
Macros
Archive analysis
Header analysis
File analysis
Macro analysis
OLE analysis
Sender analysis
Attachment: OLE external relationship containing file scheme link to IP address
5mo ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Evasion
Archive analysis
Content analysis
OLE analysis
Sender analysis
Malware/Ransomware
Evasion
Archive analysis
Content analysis
OLE analysis
Sender analysis
Attachment: Office file contains OLE relationship to credential phishing page
5mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Evasion
Social engineering
File analysis
HTML analysis
Natural Language Understanding
OLE analysis
URL analysis
Credential Phishing
Evasion
Social engineering
File analysis
HTML analysis
Natural Language Understanding
OLE analysis
URL analysis
Attachment: Encrypted Microsoft Office file (unsolicited)
5mo ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Encryption
Macros
Scripting
Archive analysis
File analysis
OLE analysis
Sender analysis
Malware/Ransomware
Encryption
Macros
Scripting
Archive analysis
File analysis
OLE analysis
Sender analysis
Attachment with high risk VBA macro (unsolicited)
5mo ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Macros
File analysis
Macro analysis
OLE analysis
Sender analysis
Malware/Ransomware
Macros
File analysis
Macro analysis
OLE analysis
Sender analysis
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability
5mo ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Exploit
Macros
Scripting
Archive analysis
Content analysis
File analysis
Macro analysis
OLE analysis
Malware/Ransomware
Exploit
Macros
Scripting
Archive analysis
Content analysis
File analysis
Macro analysis
OLE analysis
Attachment: OLE external relationship containing file scheme link to executable filetype
7mo ago
Nov 24th, 2025
Sublime Security
Malware/Ransomware
Evasion
Archive analysis
Content analysis
OLE analysis
Sender analysis
Malware/Ransomware
Evasion
Archive analysis
Content analysis
OLE analysis
Sender analysis

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Attachment with auto-executing macro (unsolicited)	18d ago Jun 5th, 2026	Sublime Security	Malware/Ransomware Macros Archive analysis Header analysis File analysis Macro analysis OLE analysis Sender analysis
Attachment: OLE external relationship containing file scheme link to IP address	5mo ago Jan 12th, 2026	Sublime Security	Malware/Ransomware Evasion Archive analysis Content analysis OLE analysis Sender analysis
Attachment: Office file contains OLE relationship to credential phishing page	5mo ago Jan 12th, 2026	Sublime Security	Credential Phishing Evasion Social engineering File analysis HTML analysis Natural Language Understanding OLE analysis URL analysis
Attachment: Encrypted Microsoft Office file (unsolicited)	5mo ago Jan 12th, 2026	Sublime Security	Malware/Ransomware Encryption Macros Scripting Archive analysis File analysis OLE analysis Sender analysis
Attachment with high risk VBA macro (unsolicited)	5mo ago Jan 12th, 2026	Sublime Security	Malware/Ransomware Macros File analysis Macro analysis OLE analysis Sender analysis
Attachment: CVE-2021-40444 - MSHTML Remote Code Execution Vulnerability	5mo ago Jan 12th, 2026	Sublime Security	Malware/Ransomware Exploit Macros Scripting Archive analysis Content analysis File analysis Macro analysis OLE analysis
Attachment: OLE external relationship containing file scheme link to executable filetype	7mo ago Nov 24th, 2025	Sublime Security	Malware/Ransomware Evasion Archive analysis Content analysis OLE analysis Sender analysis