What It Looks Like: Disassembling A Malicious Document
Tags
| attack-pattern: | Malicious File - T1204.002 Powershell - T1059.001 Python - T1059.006 Visual Basic - T1059.005 Tool - T1588.002 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | f1efd581-39f5-463a-a739-3f77f66944a9 |
| Fingerprint | 32d0c95308e00982 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Jan. 5, 2015, 8:37 a.m. |
| Added to db | Jan. 19, 2023, 12:07 a.m. |
| Last updated | Nov. 17, 2024, 12:55 p.m. |
| Headline | Windows Incident Response |
| Title | What It Looks Like: Disassembling A Malicious Document |
| Detected Hints/Tags/Attributes | 25/1/17 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 10 | phishme.com |
|
| Details | Domain | 1 | document-analyzer.net |
|
| Details | Domain | 27 | zipdump.py |
|
| Details | Domain | 53 | oledump.py |
|
| Details | File | 16 | app.xml |
|
| Details | File | 3 | vbadata.xml |
|
| Details | File | 29 | vbaproject.bin |
|
| Details | File | 2 | 'vbaproject.bin |
|
| Details | File | 58 | document.xml |
|
| Details | File | 1 | documents.xml |
|
| Details | File | 6 | image1.jpg |
|
| Details | File | 3 | image2.jpg |
|
| Details | File | 1 | 'msgss.exe |
|
| Details | File | 25 | zipdump.py |
|
| Details | File | 49 | oledump.py |
|
| Details | File | 1 | d:\tips\file.doc |
|
| Details | File | 2 | vba.txt |