Detection Method: XML analysis

XML analysis inspects XML files, which are often used for data exchange and configuration, to identify embedded malicious elements that could pose security risks. This method looks at the structure, content, and relationships within XML documents to spot potentially dangerous components.
XML analysis can detect:
  • Malicious scripts hidden inside XML structures
  • Suspicious URLs or external references embedded in XML attributes or elements
  • XML external entity (XXE) injection attempts
  • Data exfiltration methods disguised as legitimate XML
  • Obfuscated commands or code snippets hidden in XML fields
For example, attackers might use XML files, such as Microsoft Office's Open XML formats (.docx, .xlsx), to hide malicious macros or scripts. But with XML analysis, you can parse these structures and uncover the threats within.
Blog Post
Scripting Vector Grifts: SVG phishing with smuggled JS and adversary in the middle tactics · Blog · Sublime Security
Scripting Vector Grifts: SVG phishing with smuggled JS and adversary in the middle tactics · Blog · Sublime Security
Embedding malicious JS code within SVGs to deliver adversary in the middle credential phishing attacks.
Attack Types (2):
Malware/Ransomware
Credential Phishing
Tactics & Techniques (4):
QR code
Image as content
Evasion
Scripting
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Attachment: SVG files with evasion elements
3mo ago
Aug 8th, 2025
Sublime Security
Malware/Ransomware
Credential Phishing
QR code
Image as content
Evasion
File analysis
XML analysis
QR code analysis
Sender analysis
/feeds/core/detection-rules/attachment-svg-files-with-evasion-elements-5d2dbb60
Attachment: Embedded Javascript in SVG file
3mo ago
Aug 8th, 2025
Sublime Security
Malware/Ransomware
Scripting
Archive analysis
File analysis
Sender analysis
XML analysis
/feeds/core/detection-rules/attachment-embedded-javascript-in-svg-file-f70293bc