Monday, May 18, 2020

Another Maldoc Analysis Article

19 May 2020

Recently, I have been dove headfirst into learning about how adversaries utilize the Microsoft binary, MSBuild. When I came across an interesting malicious document that made use of MSBuild in its execution chain, I had to take it apart and see what I could find.

This blog will cover the investigation of the following document:

"home working guidelines.wbk"
SHA256:   BB0FFC8CD1FC4D83510AE0F5D6DE5FA471C49067DD4479307EF5321883660B6F
MD5: 743F9956DAB862CEE41098AFF054BFDA
URL:  https://app.any.run/tasks/41fcc642-2a73-42ab-9e6a-cc7f0d8f3423/

JPCert's Log Analysis Training

6 Aug 2020 About a week or so ago, JPCert released their Log Analysis training slides and corresponding CSV files for each hands-on exercise...