Malicious Word Document with Dynamic Content, (Wed, Sep 23rd)

Here is another malicious Word document that I spotted while hunting. “Another one?” may ask some of our readers. Indeed but malicious documents remain a very common infection vector and you learn a lot when you analyze them. I was recently asked to talk about Powershell (de)obfuscation techniques. When you’re dealing with an incident in a corporate environment, you don’t have time to investigate in deep. The incident must be resolved as soon as possible because the business must go on and a classic sandbox analysis is performed to get the feedback: It’s malicious or not.

Article Link: https://isc.sans.edu/diary/rss/26590