“Nothing made by a human can avoid personal expression” (Hrant Papazian). Anomali Labs has conducted an in-depth study of Rich Text Format (RTF) phishing attachments and identified four key ways to perform attribution of targeted exploits. By analyzing the metadata, obfuscation, shell code, and object dimensions of a phishing attachment, attribution can be developed. This presentation will rank RTF attribution methods and present a use case where a single RTF object dimension was used to track 5 Chinese Advanced Persistent Threats (APTs) over the course of two years.
Audiences will learn weaponization is a difficult kill-chain phase to gain visibility into. However, these methods, especially tracking object dimensions, can facilitate the tracking and attribution of RTF phishing weaponizers to major APT adversaries. This will empower attendees to become the Phishing Guardians of their Network Galaxy.
NOTE: A valid email address is required to receive your requested asset.