Sublime Security

Sublime Core Feed
XML analysis
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
ICS Phishing
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Detection Method: XML analysis
XML analysis inspects XML files, which are often used for data exchange and configuration, to identify embedded malicious elements that could pose security risks. This method looks at the structure, content, and relationships within XML documents to spot potentially dangerous components.
XML analysis can detect:
Malicious scripts hidden inside XML structures
Suspicious URLs or external references embedded in XML attributes or elements
XML external entity (XXE) injection attempts
Data exfiltration methods disguised as legitimate XML
Obfuscated commands or code snippets hidden in XML fields
For example, attackers might use XML files, such as Microsoft Office's Open XML formats (.docx, .xlsx), to hide malicious macros or scripts. But with XML analysis, you can parse these structures and uncover the threats within.
Blog Post
Scripting Vector Grifts: SVG phishing with smuggled JS and adversary in the middle tactics · Blog · Sublime Security
Embedding malicious JS code within SVGs to deliver adversary in the middle credential phishing attacks.
Attack Types (2):
Malware/Ransomware
Credential Phishing
Tactics & Techniques (5):
QR code
Image as content
Evasion
Scripting
Social engineering
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Attachment: SVG files with evasion elements
2d ago
May 8th, 2026
Sublime Security
Malware/Ransomware
Credential Phishing
QR code
Image as content
Evasion
File analysis
XML analysis
QR code analysis
Sender analysis
Malware/Ransomware
Credential Phishing
QR code
Image as content
Evasion
File analysis
XML analysis
QR code analysis
Sender analysis
Attachment: Embedded Javascript in SVG file
3mo ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Scripting
Archive analysis
File analysis
Sender analysis
XML analysis
Malware/Ransomware
Scripting
Archive analysis
File analysis
Sender analysis
XML analysis
Attachment: DOCX with hyperlink targeting recipient address
4mo ago
Dec 17th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Social engineering
File analysis
Archive analysis
XML analysis
Credential Phishing
Malware/Ransomware
Evasion
Social engineering
File analysis
Archive analysis
XML analysis

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Attachment: SVG files with evasion elements	2d ago May 8th, 2026	Sublime Security	Malware/Ransomware Credential Phishing QR code Image as content Evasion File analysis XML analysis QR code analysis Sender analysis
Attachment: Embedded Javascript in SVG file	3mo ago Jan 12th, 2026	Sublime Security	Malware/Ransomware Scripting Archive analysis File analysis Sender analysis XML analysis
Attachment: DOCX with hyperlink targeting recipient address	4mo ago Dec 17th, 2025	Sublime Security	Credential Phishing Malware/Ransomware Evasion Social engineering File analysis Archive analysis XML analysis