Skip to main content


Showing posts from January, 2019

Maldoc external relatonship with type oleobject

Introduction  Phishing malicious documents can contain external relationship with type oleobject. A defender objective is to kill the attack at the early stage by blocking malicious domains at perimeter, this post levarages  Cyberchef   to extract payload urls quickly from malicious office documents CyberChef is an open source tool maintained by GCHQ . It provides a drag and drop interface via a web browser (Firefox & Chrome) to quickly perform a wide range of data manipulation functions called 'operations'. A sequence of operations is called a 'recipe'. As all the processing is client-side, CyberChef can be downloaded and used offline or in an air-gapped forensic network. CyberChef has operations useful for disk forensics, malware & network analysts, and even OSINT researchers. Tools  Cyberchef    Analysis  All document samples are pulled from Hybrid Analysis - a free malware analysis service for the community that detects and analyzes unknown t