Threat Hunting
in the post-macro world

How to formulate threat hunting success by turning unknown malware threats into contextual threat intelligence.


Unlock the full potential of your Threat Hunting efforts. Discover the necessity of threat hunting, build iterative loops for effective hunting, and leverage advanced threat analysis for comprehensive insights.

Explore the dangers of office macros and understand the evolving threat landscape after Microsoft’s macro block. From emerging file types to new threat vectors, gain the skills to navigate and proactively protect your organization.

Section 1

Why do we need Threat Hunting?

Explore the importance of threat hunting in today’s dynamic digital landscape.

As organizations face the ever-evolving challenges posed by cybercriminals, it becomes imperative to understand why threat hunting is a critical component of proactive defense. In the following chapters, we will delve into the relevance and significance of embracing the changing threat landscape and the unique challenges that come with it.

In Chapter 1, we will explore the relevance of threat hunting in the context of tackling new and emerging threats. In Chapter 2, we will delve into the the need for productive and iterative loops to effectively respond to emerging threats.

Section 2

Threat Analysis for threat hunting

Discover the significant advantages of leveraging threat analysis in your threat hunting endeavors. Uncover the contextual insights that allow you to understand existing threats within your environment. Accelerate and enhance alert enrichment processes by uncovering previously unseen malware and its behavior.

Stay proactive by monitoring and identifying shifts in prevalent malware families. Embrace the power of automation to optimize workflows and effectively handle the influx of alerts. Elevate your threat hunting capabilities with comprehensive threat analysis and unlock greater protection against emerging cyber threats.

Section 3

Macros – what are the and why are they dangerous?

In today’s cybersecurity landscape, it is crucial to comprehend the significance of macros and their potential risks. Macros, scripting languages embedded in Microsoft Office products, provide a powerful tool for executing programs. While they offer convenience and automation, they can also be exploited by threat actors to launch malicious attacks. In this section, we delve into the intricacies of macros, shedding light on their functionality and exploring the inherent dangers they pose. By gaining a deeper understanding of macros, their capabilities, and associated risks, you can navigate this complex terrain and bolster your defenses against evolving cyber threats.

Chapter 5: 
Understanding macros: a background

Chapter 6: 
Why can macros be dangerous

Section 4

The post-macro world

Let’s explore how the threat landscape evolves after Microsoft’s macro-blocking update.

Discover the risks associated with macros, the changes made by Microsoft, and how threat actors are adapting by exploring new file types. 

Chapter 7: 
What has Microsoft changed about Office macros?

Chapter 8: 
What’s next in the threat landscape

Chapter 9: 
What are LNK files and how do attackers use them?

Chapter 10: 
OneNote: a new attack vector

Section 5

How VMRay can help with your Threat Hunting – Demo

Join Fatih Akar, a cybersecurity expert from our team, as he takes you on a demo walkthrough of analyzing an LNK file—a popular choice among attackers in the post-macro world.

With our advanced threat analysis platform, he will showcase the depth and clarity of insights you can gain from each tab. Follow along as he performs a step-by-step analysis of a real malicious file sourced from the wild, unraveling its hidden secrets and equipping you with practical knowledge for effective threat hunting.

Gain firsthand experience of our platform’s capabilities and enhance your cybersecurity skills with this insightful demo.

Chapter 11: 
Analysis Walktrough

See VMRay in action.
Start maximizing the value of your threat hunting.

Further resources


Watch the full recording from the our webinar at SANS DFIR Summit.


Explore how you can improve the efficacy of threat hunting through VMRay.


Check the most advanced sandbox for analyzing malware and phishing.

Welcome to the playground.

Explore what you can do with VMRay.

Click on the yellow dots to check the report formats, see the overview, explore the network connections of the sample, malicious behavior, and relevant files, map the threat on MITRE ATT&CK Framework, analyze and download IOCs and artifacts.

The analysis report tabs are available both for VMRayDeepResponse and VMRayTotalInsight. The bundle of VMRay FinalVerdict and VMRayDeepResponse also offers access to the analysis report tabs.

We’re sorry. 

The interactive tour is not available on mobile devices.

Unveiling the power:
See our experts showcasing VMRay’s capabilities.

Analysis of a malicious file

Join Fatih Akar from the VMRay team as he provides a detailed walkthrough of a malicious LNK file, a prevalent attack vector since Microsoft’s Office macros block.

Gain valuable insights into each tab of our comprehensive analysis report and get a sneak peek into what you’ll be exploring.

Analysis of a malicious URL

Join Andrey Voitenko, an expert in advanced malware and phishing analysis from the VMRay team, as he demonstrates how to submit emails and URLs to the VMRay platform using built-in connectors.

Discover the capabilities of our new Automation Dashboard, enabling one-click automation with your existing EDR, SOAR, SIEM, and TIP tools. Monitor analysis data seamlessly from your VMRay dashboard and unlock new levels of efficiency in your security operations.

Integrating with existing tools

Watch Michael Bourton showcasing the seamless integration of VMRay platform with your existing security stacks.

Discover how effortlessly you can leverage unparalleled detection and analysis capabilities by utilizing dedicated connectors or our Rest API.

Experience VMRay in Action:
Explore Real-world Malware Analysis Reports

Get a firsthand look at the power and capabilities of the VMRay platform by delving into our sample malware and phishing analysis reports.

Immerse yourself in a range of report formats, providing comprehensive insights.

Dive into the overview, explore intricate network connections, analyze malicious behavior in detail, and map threats using the MITRE ATT&CK Framework. See the possibilities to download clear IOCs.

Uncover the capabilities that await you.

Calculate how much malware false positives are costing your organization:
Malware False Positive Cost Calculator