Exploring the Malicious Document Threat Landscape: Towards a Systematic Approach to Detection and Analysis
Authors: Aakanksha Saha, Jorge Blasco, Martina Lindorfer
Abstract: Despite being the most common initial attack vector, document-based malware delivery remains understudied compared to research on malicious executables. The focus on analyzing executables limits our understanding of how attackers leverage document file formats and exploit their functionalities for malicious purposes. In this paper, we perform a measurement study that leverages existing tools and techniques to detect, extract, and analyze malicious Office documents. We collect a substantial dataset of 9,086 malicious samples and reveal a critical gap in the understanding of how attackers utilize these documents. Our in-depth analysis highlights emerging tactics used in both targeted and large-scale cyberattacks while identifying weaknesses in common document analysis methods. Through a combination of analysis techniques, we gain crucial insights valuable for forensic analysts to assess suspicious files, pinpoint infection origins, and ultimately contribute to the development of more robust detection models. We make our dataset and source code available to the academic community to foster further research in this area.