Attribution is in the Object: Using RTF Data to Become the Phishing Guardian of Your Network Galaxy

Using RTF Data to Become the Phishing Guardian of Your Network Galaxy: Detect ‘19 Series

ON-DEMAND WEBCAST

Attribution is in the Object

“Nothing made by a human can avoid personal expression” (Hrant Papazian). Anomali Labs has conducted an in-depth study of Rich Text Format (RTF) phishing attachments and identified four key ways to perform attribution of targeted exploits. By analyzing the metadata, obfuscation, shell code, and object dimensions of a phishing attachment, attribution can be developed. This presentation will rank RTF attribution methods and present a use case where a single RTF object dimension was used to track 5 Chinese Advanced Persistent Threats (APTs) over the course of two years.

Audiences will learn weaponization is a difficult kill-chain phase to gain visibility into. However, these methods, especially tracking object dimensions, can facilitate the tracking and attribution of RTF phishing weaponizers to major APT adversaries. This will empower attendees to become the Phishing Guardians of their Network Galaxy.

Watch the on-demand webcast led by Ghareeb Saad, Principal Security Researcher at Anomali and Michael Raggi, Senior Threat Research Engineer at Proofpoint.

View Now!

NOTE: A valid email address is required to receive your requested asset.