SOC Analyst Training: How to Analyze Malicious PDFs

Learn the tools and techniques that can help you identify and analyze malicious PDF files - start at 15:16 to jump into the details about static and dynamic analysis (with examples).
Phishing campaigns remain one of the most popular methods used by threat actors to get into the victim’s system. Usually these attacks use carefully crafted luring messages and documents that trick users into opening and clicking on links allowing the execution of malicious code.
PDF files are cross-platform, supporting links, images, and fonts which make this format very attractive for cyber criminals as they can create documents that will look valid and trick victims to engage with the document.
One of the challenges incident response teams face is to quickly identify and classify the files that were used by the threat actors after an endpoint is compromised. The collected evidence contains thousands of files of different types making it harder to inspect them. In particular, PDF files make the process more time consuming because PDF files are widely used in environments, but they can carry malicious code that is hidden and encrypted inside the streams of the file.
In this webinar we show:
- Overview of the PDF file format
- Attack vectors and techniques using PDF files
- How investigators can detect and analyze potentially harmful PDF files
- Learn how Intezer analyzes all types of files and helps in malware analysis investigations
- A live demo of analyzing PDF files using open-source tools. We will work on files that were used in several phishing attacks that eventually infected the victims with backdoors and information stealing malware
SHA256, MD5, and more about each of the examples here:
Example 1: analyze.intezer.com/analyses/...
Example 2: analyze.intezer.com/analyses/...
Example 3: analyze.intezer.com/analyses/...
Example 4: analyze.intezer.com/analyses/...