![]() In this instance, it is an MS Office Document Template file but it could have just as easily been a ‘.docm’ file, ‘.xlsm’ file, or any other macro-enabled file type supported by MS Office 2007 or newer. ![]() The ‘m’ at the end of the ‘.dotm’ file extension, shown in Figure 1, tells you that the file attached is macro-enabled. Figure 1: Example email with password protected MS Office document attached and password in message body. ![]() The email message typically consists of some ruse to entice the user to open the document and, conveniently, includes the password needed to decrypt it (Figure 1). These malicious documents typically end up making their way to the end point via email. This blog details a few different tools and methodologies that can be used to analyze such files. They do this in an effort to bypass detection and thwart analysis. Over the past year-or-so, there seems to have been an uptick of miscreants password protecting the malicious office documents that they send to their target victims.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |