Skip to main content


Showing posts from April, 2018

Malicious document analysis Part - 1

Introduction  A basic and quick approach to analyse phishing documents to identify indicators of maliciousness. FYI this post doesn't cover complete & in depth analysis of malicious documents Tools  Didier Stevens Suite   sudo pip install oletools  Yara - A pattern matching Swiss knife  Analysis  All document samples are pulled from  Hybrid Analysis  - a free malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology.  Hash 1:  e07c84f98332b07ae40a22f15c32cbf794586e26576a7539def667881e15beae Download above mentioned sample and check the integrity Check the file properties using native Linux file command which gives quick idea about sample Download Didier Stevens Suite and check for yara rules. Run various rules against the sample document to identify any sort of maliciousness The below rule can identify an executable file embedded in OLE objects  Run above yara rule against the