So today I wanted to analyze a Microsoft Word document I downloaded from 0xffff0800 .onion website http://iec56w4ibovnb4wc.onion and just go through some quick triage steps to strip out some Indicators of Compromise (IOC's) if you needed to start scanning your environment quickly. So as usual, when I pull down a sample I will transfer it … Continue reading APT34 OilrigThreeDollarsMacro.doc Analysis

Today I wanted to do a blog post on a malicious Microsoft Word Document that I pulled down from http://iec56w4ibovnb4wc.onion, this is @0xffff0800 repository of malware. It is definitely an excellent resource of malware. So far from what I can tell in my analysis is that this Word document is a downloader, but with that … Continue reading MagicHoundAPT34 Word Doc Analysis