The Reveal Platform
Intel Name: Html file opened from download folder
Date of Scan: December 17, 2025
Impact: Low
Summary: Detects instances where a web browser process opens an HTML file from a user’s Downloads folder. This behavior may be indicative of phishing activity, in which threat actors distribute HTML attachments to users. Opening such attachments can result in the execution of malicious scripts or the delivery of malware. During investigation, analysts should review the HTML file for embedded scripts or malicious links, examine any subsequent downloads or process activity, and identify the source of the email or message that delivered the attachment.
