Introduction
Phishing malicious documents can contain external relationship with type oleobject. A defender objective is to kill the attack at the early stage by blocking malicious domains at perimeter, this post levarages Cyberchef to extract payload urls quickly from malicious office documents
CyberChef is an open source tool maintained by GCHQ. It provides a drag and drop interface via a web browser (Firefox & Chrome) to quickly perform a wide range of data manipulation functions called 'operations'. A sequence of operations is called a 'recipe'. As all the processing is client-side, CyberChef can be downloaded and used offline or in an air-gapped forensic network. CyberChef has operations useful for disk forensics, malware & network analysts, and even OSINT researchers.
Tools
Analysis
All document samples are pulled from Hybrid Analysis - a free malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
Phishing malicious documents can contain external relationship with type oleobject. A defender objective is to kill the attack at the early stage by blocking malicious domains at perimeter, this post levarages Cyberchef to extract payload urls quickly from malicious office documents
CyberChef is an open source tool maintained by GCHQ. It provides a drag and drop interface via a web browser (Firefox & Chrome) to quickly perform a wide range of data manipulation functions called 'operations'. A sequence of operations is called a 'recipe'. As all the processing is client-side, CyberChef can be downloaded and used offline or in an air-gapped forensic network. CyberChef has operations useful for disk forensics, malware & network analysts, and even OSINT researchers.
Tools
Analysis
All document samples are pulled from Hybrid Analysis - a free malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
0ddf7e87957932650679c99ff2e2380e2be8a203d1142f19a22ad602047f372e
7046db7a12910e4ceea386bd7ed83b4a2c478c85096b371bf9ea4850f9e2039a
98341b7c83f0f3b1e4ca16d6599c713218e08884126cc6777dec32a870c11ec3
Conclusion
Happy defending !
Comments
Post a Comment