Detection Method: XML analysis

XML analysis inspects XML files, which are often used for data exchange and configuration, to identify embedded malicious elements that could pose security risks. This method looks at the structure, content, and relationships within XML documents to spot potentially dangerous components.
XML analysis can detect:
  • Malicious scripts hidden inside XML structures
  • Suspicious URLs or external references embedded in XML attributes or elements
  • XML external entity (XXE) injection attempts
  • Data exfiltration methods disguised as legitimate XML
  • Obfuscated commands or code snippets hidden in XML fields
For example, attackers might use XML files, such as Microsoft Office's Open XML formats (.docx, .xlsx), to hide malicious macros or scripts. But with XML analysis, you can parse these structures and uncover the threats within.
Blog Post
Scripting Vector Grifts: SVG phishing with smuggled JS and adversary in the middle tactics · Blog · Sublime Security
Scripting Vector Grifts: SVG phishing with smuggled JS and adversary in the middle tactics · Blog · Sublime Security
Embedding malicious JS code within SVGs to deliver adversary in the middle credential phishing attacks.
Attack Types (2):
Malware/Ransomware
Credential Phishing
Tactics & Techniques (5):
Scripting
Evasion
Social engineering
QR code
Image as content
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Attachment: Embedded Javascript in SVG file
2mo ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Scripting
Archive analysis
File analysis
Sender analysis
XML analysis
Attachment: DOCX with hyperlink targeting recipient address
3mo ago
Dec 17th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Social engineering
File analysis
Archive analysis
XML analysis
Attachment: SVG files with evasion elements
7mo ago
Aug 8th, 2025
Sublime Security
Malware/Ransomware
Credential Phishing
QR code
Image as content
Evasion
File analysis
XML analysis
QR code analysis
Sender analysis