🛡ī¸
./Malfav.asm
Linkedin
  • 👋./Malfav.asm
    • 🕸ī¸Malfav Agenda
  • 🕷ī¸Malware Introduction
    • 💡What is Malware
      • 🌠FIN Malware
      • đŸĻ˜Cyber Gang Malware
        • 🕷ī¸Spiders Malware
      • đŸ•ĩī¸â€â™€ī¸Cyber Espionage Malware
      • 🍘Cyber Sabotage Malware
      • 🛴Rootkit
        • đŸĢšBootkit
    • đŸĻĢNations State APT
      • đŸ—¯ī¸APT
      • 🇮🇷Iran APT
      • 🇷đŸ‡ēRussian APT
      • 🇨đŸ‡ŗChines APT
      • 🇮đŸ‡ŗIndia APT
      • đŸ‡ĩ🇰Pakistan APT
      • đŸ‡ģđŸ‡ŗVietnamese APT
      • 🇰đŸ‡ĩNorth Korean APT
    • đŸĨ‹Mobile Malware
      • 📲Android Malware
        • 💰Commerical Android Malware
          • Common Android Spyware
        • 🧧Common Android Exploits
          • 0ī¸Common Android 0day
      • 📱IPHONE Malware
        • 🐚Common IPHONE Spyware
        • đŸ’ĨCommerical IPHONE Malware
        • đŸ’ŖCommon IPHONE Exploits
    • 📃Malicious Documents
      • 📨Excel Spreadsheets
      • đŸ—ŧPowerPoint Presentations
      • đŸ¤ēMicrosoft Office Documents
      • 📑PDF
      • 📄Other Document Formats
      • đŸŠŧCommon Techniques Used in Malicious Documents
    • 🏞ī¸Advanced Persistence Threat - APT
      • đŸĨ APT Groups
        • 🇨đŸ‡ŗMustang Panda
        • 🛕Mustard Tempest
        • 🇨đŸ‡ŗNaikon
        • đŸĒĄNEODYMIUM
        • 🇷đŸ‡ēNomadic Octopus
        • 🇮🇷OilRig
        • 🍊Orangeworm
        • 🇮đŸ‡ŗPatchwork
        • 🇨đŸ‡ŗPittyTiger
        • 🌏PLATINUM
        • 🇱🇧POLONIUM
        • đŸ‡ĩ🇹Poseidon Group
        • 🇹🇲PROMETHIUM
        • 🇨đŸ‡ŗPutter Panda
        • đŸĻRancor
        • 🇨đŸ‡ŗRocke
        • đŸĸRTM
        • 🇷đŸ‡ēSandworm Team
        • 🃏Scarlet Mimic
        • đŸ‡Ŧ🇱Scattered Spider
        • đŸ‡ĩ🇰SideCopy
        • 🇮đŸ‡ŗSidewinder
        • 🔕Silence
        • 🇮🇷Silent Librarian
        • đŸ‡ŗđŸ‡ŦSilverTerrier
        • 🐞Sowbug
        • 🔱Strider
        • 🇨đŸ‡ŗSuckfly
        • đŸĨƒTA2541
        • 🇨đŸ‡ŗTA459
        • đŸ’ŧTA505
        • 💰TA551
        • ☁ī¸TeamTNT
        • 🇷đŸ‡ēTEMP.Veles
        • đŸĻŗThe White Company
        • đŸ’ŗThreat Group-1314
        • đŸĢ“Threat Group-3390
        • 🇨đŸ‡ŗThreat Group-3390
        • đŸĻThrip
        • 🐈ToddyCat
        • 🐙Tonto Team
        • đŸ‡ĩ🇰Transparent Tribe
        • 🐠Tropic Trooper
        • đŸĸTurla
        • 🇮🇷UNC788
        • 🇱🇧Volatile Cedar
        • 🇨đŸ‡ŗVolt Typhoon
        • 🕊ī¸Whitefly
        • 🔘Windigo
        • đŸĒŊWindshift
        • 🇨đŸ‡ŗWinnti Group
        • đŸĨ€WIRTE
        • 🇷đŸ‡ēWizard Spider
        • đŸŽĒZIRCONIUM
      • 🏹APT's Software
        • 🐀3PARA RAT
        • 🐀4H RAT
        • ⚱ī¸AADInternals
        • đŸ”ģABK
        • ⚗ī¸AbstractEmu
        • đŸĒąACAD/Medre.A
        • 🇲🇰AcidRain
        • đŸŦAction RAT
  • 🐁OS Internal's
    • 🍩Suspicious API's
      • đŸĒ¨Process Information API's
      • 🧩Registry API's
      • 🔒Encryption API's
      • đŸ“¯Restore Point API's
      • 👾Exfiltration API's
      • đŸĻ‰Data Wiping API's
      • 📨Shadow Copy API's
      • đŸĒŧWhat is Malicious API's Functions
      • đŸŒĒī¸System Information API's
      • 🌀Network Information API's
  • đŸĒŸWindows Internal
    • 📡Windows Internal
      • đŸĻWhy Windows Internal ?
        • đŸĩī¸Process
        • đŸ§ĩThread
        • đŸĒ­Handle
        • 🌐Memory
        • â˜ĸī¸Ram
        • 🤖ROM
  • 👁ī¸â€đŸ—¨ī¸Malware Technique
    • 📓Malware Technique
    • đŸ’ĸObfuscation
      • đŸĻžAnti-Debugging Techniques
      • 🏗ī¸Instruction Substitution
      • 📔Code Obfuscation
      • đŸ“ĻCode Packing
      • 💈Polymorphism
      • đŸŒŦī¸Control Flow Obfuscation
      • đŸĒ…Data Obfuscation
      • 💅Metadata Obfuscation
      • đŸŽŖMetamorphism
      • ⛲Runtime Obfuscation
    • 🛌Persistence Mechanism
      • 🔰Registry Persistence Mechanism
      • 🗑ī¸Task Sch Persistence Mechanism
      • 📂Startup Folder
      • 🎋AppData Folder
      • đŸĒšTemp Folder
  • ⚔ī¸Malware Resources
    • đŸ‘ģMalware Resources
    • 🎇Malware Sample Resources
      • 🌡ī¸VirusShare
      • ♠ī¸MalShare
      • đŸšĨMalwareTraffic
      • 🚏Malware Bazaar
  • Malware Analysis Toolkit
    • 🧌Windows Malware Analysis Toolkit
      • 💉Common Online Malware Analysis Toolkit
        • 💎Joe Sandbox
        • đŸŽĒVT - VirusTotal
        • đŸ‘ŊThreat.Zone
        • đŸĻHybrid Analysis
        • đŸĻ„Any.run
        • đŸĨĢFilescan
      • đŸĨStatic Analysis Tools
        • 🍡Advance Static Analysis Tool
      • 💠Dynamic Analysis Tool
        • Advance Dynamic Analysis Tool
      • đŸĨœNetwork Analysis Tool
      • đŸĨŸString Dumpers Toolkit
        • 📏Strings
        • đŸĻžFloss
    • 📱Android Malware Analysis Toolkit
      • 🕹ī¸Static Analysis Toolkit
      • 💠Dynamic Analysis Toolkit
      • đŸĢ’Online Analysis Toolkit
    • 📱IPHONE Malware Analysis Toolkit
      • đŸĨĸStatic Analysis Toolkit
      • â™Ļī¸Dynamic Analysis Toolkit
    • đŸ’ģMAC OSX Malware Analysis Toolkit
      • đŸ“¯Static Analysis Toolkit
      • 🍭Dynamic Analysis Toolkit
      • đŸŒŦī¸Online Analysis Toolkit
  • Books and Guidelines
    • 🔋Books and Guidelines for Malware Analysis .
      • 🏋ī¸â€â™€ī¸Android Malware Analysis 101
      • đŸĨ–Common Anti-Forensics
      • đŸĻŖMemory Forensics GUI
      • đŸ“ŧAssembly for Malware Analyst
      • 💾Disk Image Forensics
      • ⚡Volatility Noob to Pro
  • 📋Malware Analysis Tips
    • 🖇ī¸Malware Analysis Tips
      • 🏮Memory Malware Analysis
      • 🐜Technique to Investigate Process
      • đŸ’ĨProcess Lists 1
      • đŸ’ĨProcess Lists 2
      • đŸ’ĨProcess Lists 3
  • đŸ§ŊIncident Response
    • đŸŗWhat is Incident Response
      • Incident Response Tools
      • Incident Response Toolkit
  • Technical Analysis Report
    • đŸĻŽTechnical Analysis Report
      • 🧲Stuxnet Memory Analysis
  • 🚨Rootkit Removal
    • 🤖Rootkit Removal
  • 🗜ī¸Antivirus Artifact
    • ã€Ŋī¸Antivirus Artifact
      • 🀄Antivirus Process Name
  • 🧠Malware Author Mindset
    • đŸ’ŊMalware Author Mindset
      • đŸĢHow Malware Author Terminate Antivirus Process during runtime ?
Powered by GitBook
On this page
  1. Malware Introduction
  2. Malicious Documents

Common Techniques Used in Malicious Documents

  1. Macros:

    • Macros are scripts written in VBA (Visual Basic for Applications) that can automate tasks in Office applications. Malicious documents may use macros to execute malicious code when the document is opened or when certain actions are performed.

  2. Embedded Objects:

    • Documents may include embedded objects, such as executables or scripts, that execute malicious code. For example, a Word document might contain an embedded Flash object that exploits vulnerabilities.

  3. Exploiting Vulnerabilities:

    • Malicious documents can exploit vulnerabilities in the software used to open them. For example, a PDF might exploit a flaw in Adobe Reader to execute arbitrary code.

  4. Social Engineering:

    • Malicious documents often use social engineering techniques to deceive users into opening them. This might include disguising the document as an important report, invoice, or other legitimate file.

  5. Phishing:

    • Documents may be used as part of phishing campaigns to steal sensitive information, such as login credentials or financial details.

Detection and Mitigation

  1. Antivirus and Antimalware Software:

    • Use up-to-date antivirus and antimalware solutions that can scan for known malicious documents and detect suspicious behavior.

  2. Sandboxing:

    • Open documents in a sandboxed environment to safely analyze their behavior without risking your main system.

  3. Disabling Macros:

    • Configure document viewers and office applications to disable macros by default, and only enable them from trusted sources.

  4. Patching and Updates:

    • Keep software up to date with the latest security patches to protect against known vulnerabilities that might be exploited by malicious documents.

  5. User Education:

    • Educate users about the risks of opening unsolicited documents or attachments and encourage them to verify the legitimacy of documents before opening.

  6. Email Filtering:

    • Implement email filtering solutions to detect and block malicious documents in email attachments.

Malicious documents are a significant threat vector, and understanding their tactics and techniques is essential for maintaining robust cybersecurity defenses.

PreviousOther Document FormatsNextAdvanced Persistence Threat - APT

Last updated 10 months ago

🕷ī¸
📃
đŸŠŧ
Page cover image