Blind DOCtor

Introducing the Blind DOCtor

Microsoft Office files are often trojanised to deliver malicious payloads in various campaigns. The more you study these campaigns, the more you see the same templates popping up.

The Blind DOCtor extracts these visual templates and uses them to correlate the families. In the mean time, it extracts further artefacts from the files using static analysis.

Read more about the concept or the core publication

Analyse a file

Scan a Microsoft Office file for possible malicious indicators and correlate it with malware families.


Allowed extensions: doc, docx, xls, xlsm, xlsx, docm, xlsb (RTF support to come...) Maximum filesize: 3MB

Policy: By uploading you agree to the processing of your file and using it for extracting templates for other malicious MS Office documents and sharing it with others.

Analysed files: 1309