Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: SANS Internet Storm Center SANS Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Last Daily Podcast (Wed, Nov 24th):Improved YARA Maldoc Signature; Windows Installer 0-Day; VMWare VCenter Vulnerability

Latest Diaries

Video: YARA Rules for Office Maldocs

Published: 2021-11-28
Last Updated: 2021-11-28 00:02:27 UTC
by Didier Stevens (Version: 1)
0 comment(s)

In this video, I show and explain the YARA rules I covered in diary entries "Extra Tip For Triage Of MALWARE Bazaar's Daily Malware Batches" , "Simple YARA Rules for Office Maldocs" and "YARA Rule for OOXML Maldocs: Less False Positives".

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com

Keywords: yara video office maldoc
0 comment(s)

If you have more information or corrections regarding our diary, please share.

Top of page

Recent Diaries

Video: SANS Holiday Hack Challenge 2021 Q&A with Ed Skoudis
Nov 27th 2021
1 day ago by DidierStevens (0 comments)

Searching for Exposed ASUS Routers Vulnerable to CVE-2021-20090
Nov 26th 2021
2 days ago by Guy (0 comments)

YARA's Private Strings
Nov 25th 2021
2 days ago by DidierStevens (0 comments)

Phishing page hiding itself using dynamically adjusted IP-based allow list
Nov 24th 2021
4 days ago by Jan (0 comments)

YARA Rule for OOXML Maldocs: Less False Positives
Nov 23rd 2021
5 days ago by DidierStevens (0 comments)

Simple YARA Rules for Office Maldocs
Nov 22nd 2021
6 days ago by DidierStevens (0 comments)

Backdooring PAM
Nov 21st 2021
1 week ago by DidierStevens (0 comments)

View All Diaries →
Top of page

Latest Discussions

Dshield Sensor
created Jun 8th 2021
5 months ago by Rick (0 replies)

API port data
created Apr 25th 2021
7 months ago by JJ (1 reply)

RSS feed containing non-XML compatible characters
created Apr 14th 2021
7 months ago by Anonymous (1 reply)

Handler's Diary (Full text) RSS Feeds stopt working due to a typo
created Mar 5th 2021
8 months ago by bas.auer@auerplace.nl (0 replies)

port_scan issue in Snort3
created Feb 23rd 2021
9 months ago by astraea (0 replies)

View All Forums →
Top of page

Latest News

Top Diaries

Shadow IT Makes People More Vulnerable to Phishing
Nov 10th 2021
2 weeks ago by Xme (0 comments)

"Summer of SAM": Microsoft Releases Guidance for CVE-2021-36934
Jul 22nd 2021
4 months ago by Johannes (0 comments)

Securing and Optimizing Networks: Using pfSense Traffic Shaper Limiters to Combat Bufferbloat
Jul 12th 2021
4 months ago by Johannes (0 comments)

DIY CD/DVD Destruction - Follow Up
Jul 4th 2021
4 months ago by DidierStevens (0 comments)

Downloader Disguised as Excel Add-In (XLL)
Nov 19th 2021
1 week ago by Xme (0 comments)