MalDoc: Static Analysis

In today's digital age, documents are among the most common ways to share information. They are used for various purposes, including reports, proposals, and contracts. Because of their prevalence, documents are also a common vector for cyber attacks. Malicious actors can use documents to deliver malware, steal sensitive information, or carry out phishing attacks.

Analyzing malicious documents is, therefore, an essential part of any cyber security strategy. Analysts can identify potential threats by analyzing the structure and content of a document and taking steps to mitigate them. This is particularly important today when more businesses rely on digital documents to share and store sensitive information.

Expected Outcome

The expected outcome of this room is to determine if a document is indeed malicious and then look for the following indicators:

• Presence of Malicious URLs
• References to File Names / API functions
  
• IP addresses
• Domains
• Malicious Script like Powershell, JavaScript, VBScript Macros, etc
  

In this room, we will understand the different variants of malicious documents, their structure, and how they are used in different phishing attacks. Then we will explore the tools and concepts required to analyze a malicious document.

Learning Objectives

In this room, the following learning objectives will be covered:

• Different document types like onenote, dotm, docx, xls, etc.
• Analyze complex JavaScript.
• Importance of Malicious Document Analysis.
• PDF structure and key components like objects, keywords, and filtering.