Detects any VBA macro attachment that scores above a medium confidence threshold in the Sublime Macro Classifier.

Recursively scans files and archives to detect documents that ask the user to enable macros, including if that text appears within an embedded image.

Attachment from an unsolicited sender contains a macro that will auto-execute when the file is opened.

Macros are a common phishing technique used to deploy malware.

Recursively scans files and archives to detect embedded VBA files with an auto open exec.

Potentially malicious attachment containing a VBA macro. Oletools categorizes the macro risk as 'high'.

Recursively scans files and archives to detect embedded VBA files with an encoded hex string referencing an exe.

This may be an attempt to heavily obfuscate an execution through Microsoft document.

Attachment contains a VBA macro from a sender your organization has never sent an email to.

Sender is using a display name that matches the display name of someone in your organization.

VBA macros are a common phishing technique used to deploy malware.