Malicious RTF — malware analysis report

Heuristics 4

• URL Moniker in RTF OLE object high CVE related RTF_URL_MONIKER_RELATED
  RTF contains a URL Moniker GUID in OLE object context, but no decoded remote target was confirmed. Treat as related OLE2Link attack-surface evidence rather than proof of CVE-2017-0199 exploitation.
• Large hex data blocks in OLE object high RTF_EXCESSIVE_HEX
  RTF contains ~1526KB of hex-encoded data inside \objdata sections — may hide a payload
• OLE object data medium RTF_OBJDATA
  RTF contains 1 \objdata section(s) — embedded OLE objects
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL http://www.submarineinstitute.com/userfiles/Image/2016-shine-dome-gold-sponsor-hero.png In RTF body

  • http://www.submarineinstitute.com/userfiles/Image/2016-shine-dome-gold-sponsor-hero.png}}{In RTF body
  • http://www.submarineinstitute.com/SRA.html?fp=61In RTF body
  • http://www.submarineinstitute.com/MacTaggart-Scott.html?fp=61In RTF body
  • http://www.boathousebythelake.com.au/cocktail-events/In RTF body
  • http://www.marisepayne.com/In RTF body
  • http://www.submarineinstitute.com/Sonartech-Atlas.html?fp=61In RTF body
  • http://www.navy.gov.au/biography/commodore-peter-scottIn RTF body
  • http://www.submarineinstitute.com/CivMec.html?fp=61In RTF body
  • https://www.aspi.org.au/research/find-an-expert/andrew-daviesIn RTF body
  • http://www.submarineinstitute.com/defencesa.html?fp=61In RTF body
  • http://www.submarineinstitute.com/DMTC.html?fp=61In RTF body
  • http://moadoph.gov.au/collection/the-building/kings-hall/In RTF body
  • http://www.submarineinstitute.com/AECOM.html?fp=61In RTF body
  • http://www.submarineinstitute.com/PMB-Defence.html?fp=61In RTF body
  • http://collection.moadoph.gov.au/rooms/m513/In RTF body
  • http://www.submarineinstitute.com/JEDS.html?fp=61In RTF body
  • http://www.defence.gov.au/casg/Multimedia/Coles_Report_Final_22Nov12-9-7738.pdfIn RTF body
  • http://www.submarineinstitute.com/sponsorship-and-advertising.htmlIn RTF body
  • http://Ajilon.html?fp=61In RTF body
  • http://www.submarineinstitute.com/APCT.html?fp=61In RTF body
  • http://www.aph.gov.au/Senators_and_Members/Parliamentarian?MPID=HWQIn RTF body
  • http://schemas.microsoft.com/office/word/2003/wordmlIn RTF body
  • https://www.google.com.au/maps/place/The+Boat+House+by+the+Lake/@-35.304531,149.150348,15z/data=%214m2%213m1%211s0x0:0x7b623178fecbba8b?sa=X&ved=0ahUKEwiKzM2ItOfNAhUINpQKHdqhALkQ_BIIeTAKIn RTF body
  • https://en.wikipedia.org/wiki/Tim_Barrett_%28admiral%29In RTF body
  • http://www.navy.mil/navydata/bios/navybio.asp?bioID=635In RTF body
  • https://en.wikipedia.org/wiki/Chris_UhlmannIn RTF body
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#In RTF body
  • http://purl.org/dc/elements/1.1In RTF body
  • http://flex.apache.org/In RTF body
  • http://www.adobe.com/2006/flex/mx/internalIn RTF body
  • http://adobe.com/AS3/2006/builtinIn RTF body

Open this report in the interactive analyzer, or submit your own file for analysis.