DOCGuard is a mail security tool with advanced features. It provides fast and effective analysis of malicious files, keeping users safe from cyber threats. Its structure-based analysis capability offers a speed advantage over other sandbox and analysis tools, so it … Read More
Blog
Deep Dive: Analysis of Shell Link (.lnk) Files
.lnk files, commonly known as shortcuts, allow a specific application to run. Usually, users can safely access these files on their computers and run them correctly. However, malicious actors have the potential to use these files to trick users into … Read More
Analysis of Malicious Word Document: Python Based Malware Targeting Browser Data
In our recent investigations, we have identified a stealer malware spreading through Word documents. Despite its seemingly simple operation, the malware drew our attention when it received a detection score of 4/67 on VirusTotal. Once installed on a compromised computer, … Read More
Quick Analysis of SSLoad Malware Infection Chain
SSLoad is a malware family classified as an advanced persistent threat (APT) and is primarily used for cyber espionage. This sophisticated malware stands out due to its modular structure and complex attack techniques. It typically infiltrates target systems through phishing … Read More
Analysis of Agent Tesla: Malicious Excel File
Agent Tesla first emerged in 2014 and has since undergone numerous updates, continuously evolving to evade detection and enhance its capabilities. Initially, it was a relatively simple keylogger and information stealer. However, over the years, it has transformed into a … Read More
Microsoft Compiled HTML Help (.chm) Using In Spearphishing Attack
CHM, or Microsoft Compiled HTML Help, is a proprietary format for online help files used in Windows applications. Microsoft introduced it as a successor to the earlier HLP (WinHelp) format. CHM files are commonly used to provide software application documentation, … Read More
The New AV Bypass Technique: Embedded Malicious Word in PDF File
Attackers can create files with a PDF signature by manipulating the file structure to bypass AVs. An MHT file created in Word and containing macros is embedded in a PDF file. Then, when this file is recognized as a PDF, … Read More
Unraveling Obfuscated Macros in Office Files:A Step-by-Step Guide
Phishing attacks are one of the most common security threats in the digital world today. In recent years, there has been a trend of malicious actors using Office files to make their targets more sophisticated. Office files are files that … Read More
Rise of OneNote Documents for Phishing Attacks
OneNote is a digital notebook created by Microsoft that can be used through Microsoft 365product suite. Security researchers have discovered that attackers are using Microsoft OneNoteto deliver malware. OneNote has been used to steal data and provide remote access to … Read More
Royal Road is still in use!!
Recently, DOCGuard has identified several RTF samples uploaded to our cloud. Upon further investigation, it has been determined that these samples are associated with the RoyalRoad tool. Royal Road tool: RoyalRoad is a highly sophisticated hacking tool that has been … Read More
In-Depth Analysis of Typhon Stealer
DOCGuard Research team identified a new sample of stealer malware called Typhon Stealer, which has a list of capabilities to steal information from systems. In the first version of Typhon stealer, based on a source code of StormKitty stealer malware … Read More