Loading…
Botconf 2018 has ended
Back To Schedule
Thursday, December 6 • 10:20 - 10:50
Stagecraft of Malicious Office Documents – A Look at Recent Campaigns

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Malicious office documents have become a favorite malware delivery tool for malware authors. We have observed an increase in use of malicious documents over past 4 years. 30% of the malware blocked by Zscaler Cloud Sandbox since 2017 are malicious office documents. Malicious office documents are used for the delivery of crimeware payloads and are also often involved in Advanced Persistent Threats (APT) attacks. Over the time, these malicious office documents have used various obfuscation, encryption and evasion techniques to prevent detection. In this paper, we will provide a detailed analysis of different obfuscation, encryption, exploits and evasion techniques used in these malicious documents. We have analyzed over one thousand malicious documents from fifty different campaigns for this study. This research paper also lists the different malware samples delivered by these malicious documents and the use of powershell as well as other scripting languages.



Speakers
DD

Deepen DESAI

Zscaler
Deepen Desai is responsible for running the security research operations at Zscaler ThreatLabZ. Deepen has been actively involved in the field of Threat Research and Analysis from past 15 years. He is passionate about building new detection modules to counter evolving threat landscape... Read More →
avatar for Tarun DEWAN

Tarun DEWAN

Zscaler Softech India Pvt Ltd
I am working in malware analysis industry from last 6.8yrs. Currently I am in Zscaler as Sr.Senior Security Researcher and previously I worked with Norman and Mcafee. In my free time I love to play cricket and listen songs.
DN

Dr. Nirmal SINGH

Sr. Manager, Security Research, Zscaler
Nirmal Singh is Sr. Manager for security research team at Zscaler ThreatLabZ located at Chandigarh, India. Nirmal has PhD in computer science and working in Threat Research and Analysis field from past 10 years. He oversees malware research, detection and innovation at Zscaler. Prior... Read More →


Thursday December 6, 2018 10:20 - 10:50 CET
Auditorium Marthe Condat 118 Route de Narbonne, 31400 Toulouse, France