We are excited to announce our integration with DOCGuard for the analysis of
Office documents, PDFs and other file
types as a behavioral analysis engine. This document analysis collaboration will
allow the community to get the another opinion on the scanned
documents.
In their own words:
DOCGuard is a malware analysis service, whose main use case
is to integrate with SEGs (Secure Email Gateways) and SOAR
solutions.
The service performs a new kind of static analysis called
structural analysis. The structural analysis dissembles the
malwares and passes it to the core engines with respect to
file structure components. By the aid of this approach,
DOCGuard can precisely detect the malwares and extract the
F/P free IOCs and may also identify obfuscation and
encryption in the form of string encoding and document
encryption.
The currently supported file types are Microsoft Office
Files, PDFs, HTMLs, HTMs, LNKs, JScripts, ISOs, IMGs, VHDs,
VCFs, and archives(.zip, .rar, .7z etc.). The detailed
findings of the structural analysis are presented in an
aggregated view in the GUI and can be downloaded as a JSON
report and can also be gathered over API.
Going further, users can explore the behavior tab of the file
scanned for more details. In the example below, we see a
detected macro of a malicious Excel XLS file
Read the original article: