Blog

Deep Dive: Analysis of Shell Link (.lnk) Files

Posted by Ali Paşa Turhan on 9 July 2023 | Featured

.lnk files, commonly known as shortcuts, allow a specific application to run. Usually, users can safely access these files on their computers and run them correctly. However, malicious actors have the potential to use these files to trick users into … Read More

Tags: LNK Structure, Malicious LNK

How to Use DOCGuard

Posted by Ali Paşa Turhan on 3 January 2024 | Featured

DOCGuard is a mail security tool with advanced features. It provides fast and effective analysis of malicious files, keeping users safe from cyber threats. Its structure-based analysis capability offers a speed advantage over other sandbox and analysis tools, so it … Read More

Microsoft Compiled HTML Help (.chm) Using In Spearphishing Attack

Posted by Ali Paşa Turhan on 4 October 2023 | Featured

CHM, or Microsoft Compiled HTML Help, is a proprietary format for online help files used in Windows applications. Microsoft introduced it as a successor to the earlier HLP (WinHelp) format. CHM files are commonly used to provide software application documentation, … Read More

The New AV Bypass Technique: Embedded Malicious Word in PDF File

Posted by Ali Paşa Turhan on 29 August 2023 | Featured

Attackers can create files with a PDF signature by manipulating the file structure to bypass AVs. An MHT file created in Word and containing macros is embedded in a PDF file. Then, when this file is recognized as a PDF, … Read More

Unraveling Obfuscated Macros in Office Files:A Step-by-Step Guide

Posted by Ali Paşa Turhan on 7 July 2023 | Featured

Phishing attacks are one of the most common security threats in the digital world today. In recent years, there has been a trend of malicious actors using Office files to make their targets more sophisticated. Office files are files that … Read More

Tags: Obfuscated File

Rise of OneNote Documents for Phishing Attacks

Posted by docguard on 20 March 2023 | Featured

OneNote is a digital notebook created by Microsoft that can be used through Microsoft 365product suite. Security researchers have discovered that attackers are using Microsoft OneNoteto deliver malware. OneNote has been used to steal data and provide remote access to … Read More

Royal Road is still in use!!

Posted by docguard on 25 January 2023 | Featured

Recently, DOCGuard has identified several RTF samples uploaded to our cloud. Upon further investigation, it has been determined that these samples are associated with the RoyalRoad tool. Royal Road tool: RoyalRoad is a highly sophisticated hacking tool that has been … Read More

In-Depth Analysis of Typhon Stealer

Posted by docguard on 1 December 2022 | Featured

DOCGuard Research team identified a new sample of stealer malware called Typhon Stealer, which has a list of capabilities to steal information from systems. In the first version of Typhon stealer, based on a source code of StormKitty stealer malware … Read More

LockBit3.0 Manual Analysis

Posted by docguard on 8 November 2022 | Featured

LockBit 3.0 (also known as LockBit Black) is a strain of ransomware borne from the LockBit ransomware family. This is a group of ransomware programs that was first discovered in September 2019, after the first wave of attacks took place. … Read More

LNK file-based Attacks Are on The Rise

Posted by docguard on 27 October 2022 | Featured

Introduction After Microsoft disabled the macros in Microsoft Office, criminals started to look for new techniques to beat security defenses and make it harder to detect malware and hide it from security solutions. LNK attack is one of the powerful … Read More

#APT Attack Targeting Russia

Posted by docguard on 20 October 2022 | Featured

Today, we identified a sample uploaded to DOCGuard that targets Russia. This file uses template injection to connect to C2 and download the next stage. What is a template injection? Microsoft Word has a feature where a user can create … Read More