Diaries by Keyword - SANS Internet Storm Center

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Handler on Duty: Xavier Mertens

Threat Level: green

Date	Author	Title
2022-07-10	Guy Bruneau	Excel 4 Emotet Maldoc Analysis using CyberChef
2022-07-07	Brad Duncan	Emotet infection with Cobalt Strike
2022-04-20	Brad Duncan	"aa" distribution Qakbot (Qbot) infection with DarkVNC traffic
2022-04-06	Brad Duncan	Windows MetaStealer Malware
2022-03-25	Xavier Mertens	XLSB Files: Because Binary is Stealthier Than XML
2022-01-22	Xavier Mertens	Mixed VBA & Excel4 Macro In a Targeted Excel Sheet
2022-01-05	Xavier Mertens	Code Reuse In the Malware Landscape
2021-11-19	Xavier Mertens	Downloader Disguised as Excel Add-In (XLL)
2021-09-25	Didier Stevens	Strings Analysis: VBA & Excel4 Maldoc
2021-09-25	Didier Stevens	Video: Strings Analysis: VBA & Excel4 Maldoc
2021-09-23	Xavier Mertens	Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
2021-09-01	Brad Duncan	STRRAT: a Java-based RAT that doesn't care if you have Java
2021-03-03	Brad Duncan	Qakbot infection with Cobalt Strike
2021-02-28	Didier Stevens	Maldocs: Protection Passwords
2021-02-22	Didier Stevens	Unprotecting Malicious Documents For Inspection
2021-02-17	Brad Duncan	Malspam pushing Trickbot gtag rob13
2021-02-03	Brad Duncan	Excel spreadsheets push SystemBC malware
2021-01-20	Brad Duncan	Qakbot activity resumes after holiday break
2021-01-14	Bojan Zdrnja	Dynamically analyzing a heavily obfuscated Excel 4 macro malicious file
2020-12-12	Didier Stevens	Office 95 Excel 4 Macros
2020-12-09	Brad Duncan	Recent Qakbot (Qbot) activity
2020-10-26	Didier Stevens	Excel 4 Macros: "Abnormal Sheet Visibility"
2020-08-26	Xavier Mertens	Malicious Excel Sheet with a NULL VT Score
2020-06-12	Xavier Mertens	Malicious Excel Delivering Fileless Payload
2020-06-01	Didier Stevens	XLMMacroDeobfuscator: An Update
2020-04-24	Xavier Mertens	Malicious Excel With a Strong Obfuscation and Sandbox Evasion
2020-04-05	Guy Bruneau	Maldoc XLS Invoice with Excel 4 Macros
2020-03-29	Didier Stevens	Obfuscated Excel 4 Macros
2020-03-09	Didier Stevens	Malicious Spreadsheet With Data Connection and Excel 4 Macros
2020-03-06	Xavier Mertens	A Safe Excel Sheet Not So Safe
2020-02-24	Didier Stevens	Maldoc: Excel 4 Macros and VBA, Devil and Angel?
2020-02-23	Didier Stevens	Maldoc: Excel 4 Macros in OOXML Format
2019-11-08	Xavier Mertens	Microsoft Apps Diverted from Their Main Use
2019-03-25	Didier Stevens	"VelvetSweatshop" Maldocs: Shellcode Analysis
2019-03-23	Didier Stevens	"VelvetSweatshop" Maldocs
2019-03-17	Didier Stevens	Video: Maldoc Analysis: Excel 4.0 Macro
2019-03-16	Didier Stevens	Maldoc: Excel 4.0 Macros
2018-10-10	Xavier Mertens	New Campaign Using Old Equation Editor Vulnerability
2018-09-28	Xavier Mertens	More Excel DDE Code Injection
2018-05-22	Xavier Mertens	Malware Distributed via .slk Files
2018-02-02	Xavier Mertens	Simple but Effective Malicious XLS Sheet
2017-04-19	Xavier Mertens	Hunting for Malicious Excel Sheets
2015-05-15	Didier Stevens	Another Maldoc? I'm Afraid So...
2010-03-09	John Bambenek	March 2010 - Microsoft Patch Tuesday Diary
2009-07-13	Adrien de Beaupre	Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution