Introduction A basic and quick approach to analyse phishing documents to identify indicators of maliciousness. FYI this post doesn't cover complete & in depth analysis of malicious documents Tools Didier Stevens Suite sudo pip install oletools Yara - A pattern matching Swiss knife Analysis All document samples are pulled from Hybrid Analysis - a free malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology. Hash 1: e07c84f98332b07ae40a22f15c32cbf794586e26576a7539def667881e15beae Download above mentioned sample and check the integrity Check the file properties using native Linux file command which gives quick idea about sample Download Didier Stevens Suite and check for yara rules. Run various rules against the sample document to identify any sort of maliciousness The below rule can identify an executable file embedded i...