Internet Storm Center
Sign In
Sign Up
Watch ISC TV. Great for NOCs, SOCs and Living Rooms:
https://isctv.sans.edu
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
2023-02-05
Didier Stevens
Video: Analyzing Malicious OneNote Documents
2023-02-01
Didier Stevens
Detecting (Malicious) OneNote Files
2022-09-24
Didier Stevens
Maldoc Analysis Info On MalwareBazaar
2022-09-16
Didier Stevens
Word Maldoc With CustomXML and Renamed VBAProject.bin
2022-09-10
Guy Bruneau
Phishing Word Documents with Suspicious URL
2022-09-09
Didier Stevens
Maldoc With Decoy BASE64
2022-09-04
Didier Stevens
Video: VBA Maldoc & UTF7 (APT-C-35)
2022-08-29
Didier Stevens
Update: VBA Maldoc & UTF7 (APT-C-35)
2022-08-16
Didier Stevens
VBA Maldoc & UTF7 (APT-C-35)
2022-07-10
Guy Bruneau
Excel 4 Emotet Maldoc Analysis using CyberChef
2022-06-12
Didier Stevens
Quickie: Follina, RTF & Explorer Preview Pane
2022-06-06
Didier Stevens
"ms-msdt" RTF Maldoc Analysis: oledump Plugins
2022-06-05
Didier Stevens
Analysis Of An "ms-msdt" RTF Maldoc
2022-05-02
Didier Stevens
Detecting VSTO Office Files With ExifTool
2022-04-24
Didier Stevens
Analyzing a Phishing Word Document
2022-04-17
Didier Stevens
Video: Office Protects You From Malicious ISO Files
2022-04-16
Didier Stevens
Office Protects You From Malicious ISO Files
2022-04-10
Didier Stevens
Video: Method For String Extraction Filtering
2022-04-09
Didier Stevens
Method For String Extraction Filtering
2022-03-30
Didier Stevens
Quickie: Parsing XLSB Documents
2022-03-27
Didier Stevens
Video: Maldoc Cleaned by Anti-Virus
2021-11-28
Didier Stevens
Video: YARA Rules for Office Maldocs
2021-11-23
Didier Stevens
YARA Rule for OOXML Maldocs: Less False Positives
2021-11-14
Didier Stevens
Video: Obfuscated Maldoc: Reversed BASE64
2021-10-03
Didier Stevens
Video: CVE-2021-40444 Maldocs: Extracting URLs
2021-09-25
Didier Stevens
Strings Analysis: VBA & Excel4 Maldoc
2021-09-25
Didier Stevens
Video: Strings Analysis: VBA & Excel4 Maldoc
2021-09-22
Didier Stevens
An XML-Obfuscated Office Document (CVE-2021-40444)
2021-09-19
Didier Stevens
Video: Simple Analysis Of A CVE-2021-40444 .docx Document
2021-09-18
Didier Stevens
Simple Analysis Of A CVE-2021-40444 .docx Document
2021-06-28
Didier Stevens
CFBF Files Strings Analysis
2021-02-28
Didier Stevens
Maldocs: Protection Passwords
2021-02-23
Jan Kopriva
Qakbot in a response to Full Disclosure post
2021-02-22
Didier Stevens
Unprotecting Malicious Documents For Inspection
2021-02-21
Didier Stevens
DDE and oledump
2021-01-24
Didier Stevens
Video: Doc & RTF Malicious Document
2021-01-23
Didier Stevens
CyberChef: Analyzing OOXML Files for URLs
2021-01-18
Didier Stevens
Doc & RTF Malicious Document
2021-01-10
Didier Stevens
Maldoc Analysis With CyberChef
2021-01-09
Didier Stevens
Maldoc Strings Analysis
2020-12-24
Xavier Mertens
Malicious Word Document Delivering an Octopus Backdoor
2020-12-15
Didier Stevens
Analyzing FireEye Maldocs
2020-11-22
Didier Stevens
Quick Tip: Extracting all VBA Code from a Maldoc - JSON Format
2020-10-31
Didier Stevens
More File Selection Gaffes
2020-10-26
Didier Stevens
Excel 4 Macros: "Abnormal Sheet Visibility"
2020-08-31
Didier Stevens
Finding The Original Maldoc
2020-08-29
Didier Stevens
Malicious Excel Sheet with a NULL VT Score: More Info
2020-08-19
Xavier Mertens
Example of Word Document Delivering Qakbot
2020-08-16
Didier Stevens
Small Challenge: A Simple Word Maldoc - Part 3
2020-08-02
Didier Stevens
Small Challenge: A Simple Word Maldoc
2020-07-12
Didier Stevens
Maldoc: VBA Purging Example
2020-06-12
Xavier Mertens
Malicious Excel Delivering Fileless Payload
2020-06-01
Didier Stevens
XLMMacroDeobfuscator: An Update
2020-05-24
Didier Stevens
Zloader Maldoc Analysis With xlm-deobfuscator
2020-04-26
Didier Stevens
Video: Malformed .docm File
2020-04-18
Guy Bruneau
Maldoc Falsely Represented as DOCX Invoice Redirecting to Fake Apple Store
2020-04-06
Didier Stevens
Password Protected Malicious Excel Files
2020-04-05
Guy Bruneau
Maldoc XLS Invoice with Excel 4 Macros
2020-04-04
Didier Stevens
New Bypass Technique or Corrupt Word Document?
2020-03-29
Didier Stevens
Obfuscated Excel 4 Macros
2020-03-09
Didier Stevens
Malicious Spreadsheet With Data Connection and Excel 4 Macros
2020-02-24
Didier Stevens
Maldoc: Excel 4 Macros and VBA, Devil and Angel?
2020-02-23
Didier Stevens
Maldoc: Excel 4 Macros in OOXML Format
2020-01-09
Xavier Mertens
Quick Analyzis of a(nother) Maldoc
2019-12-22
Didier Stevens
Extracting VBA Macros From .DWG Files
2019-12-16
Didier Stevens
Malicious .DWG Files?
2019-12-14
Didier Stevens
(Lazy) Sunday Maldoc Analysis: A Bit More ...
2019-12-09
Didier Stevens
(Lazy) Sunday Maldoc Analysis
2019-08-15
Didier Stevens
Analysis of a Spearphishing Maldoc
2019-07-28
Didier Stevens
Video: Analyzing Compressed PowerShell Scripts
2019-07-06
Didier Stevens
Malicious XSL Files
2019-07-05
Didier Stevens
A "Stream O" Maldoc
2019-07-01
Didier Stevens
Maldoc: Payloads in User Forms
2019-05-28
Didier Stevens
Office Document & BASE64? PowerShell!
2019-05-01
Didier Stevens
VBA Office Document: Which Version?
2019-04-27
Didier Stevens
Quick Tip for Dissecting CVE-2017-11882 Exploits
2019-04-23
Didier Stevens
Malicious VBA Office Document Without Source Code
2019-03-31
Didier Stevens
Maldoc Analysis of the Weekend by a Reader
2019-03-25
Didier Stevens
"VelvetSweatshop" Maldocs: Shellcode Analysis
2019-03-23
Didier Stevens
"VelvetSweatshop" Maldocs
2019-03-17
Didier Stevens
Video: Maldoc Analysis: Excel 4.0 Macro
2019-03-16
Didier Stevens
Maldoc: Excel 4.0 Macros
2019-02-27
Didier Stevens
Maldoc Analysis by a Reader
2019-02-17
Didier Stevens
Video: Finding Property Values in Office Documents
2019-02-16
Didier Stevens
Finding Property Values in Office Documents
2019-02-11
Didier Stevens
Have You Seen an Email Virus Recently?
2019-02-10
Didier Stevens
Video: Maldoc Analysis of the Weekend
2019-02-09
Didier Stevens
Maldoc Analysis of the Weekend
2019-01-26
Didier Stevens
Video: Analyzing Encrypted Malicious Office Documents
2019-01-11
Didier Stevens
Quick Maldoc Analysis
2019-01-07
Didier Stevens
Analyzing Encrypted Malicious Office Documents
2019-01-02
Didier Stevens
Maldoc with Nonfunctional Shellcode
2018-12-29
Didier Stevens
Video: De-DOSfuscation Example
2018-12-17
Didier Stevens
Password Protected ZIP with Maldoc
2018-12-12
Didier Stevens
Yet Another DOSfuscation Sample
2018-12-03
Didier Stevens
Word maldoc: yet another place to hide a command
2018-11-26
Russ McRee
ViperMonkey: VBA maldoc deobfuscation
2018-11-23
Didier Stevens
Video: Dissecting a CVE-2017-11882 Exploit
2018-11-10
Didier Stevens
Video: CyberChef: BASE64/XOR Recipe
2018-11-02
Didier Stevens
TriJklcj2HIUCheDES decryption failed?
2018-10-16
Didier Stevens
CyberChef: BASE64/XOR Recipe
2018-10-13
Didier Stevens
Maldoc: Once More It's XOR
2018-10-01
Didier Stevens
Decoding Custom Substitution Encodings with translate.py
2018-09-30
Didier Stevens
When DOSfuscation Helps...
2018-08-25
Didier Stevens
Microsoft Publisher malware: static analysis
2018-08-05
Didier Stevens
Video: Maldoc analysis with standard Linux tools
2018-07-30
Didier Stevens
Malicious Word documents using DOSfuscation
2018-06-17
Didier Stevens
Encrypted Office Documents
2018-02-02
Xavier Mertens
Simple but Effective Malicious XLS Sheet
2018-01-28
Didier Stevens
Is this a pentest?
2018-01-20
Didier Stevens
An RTF phish
2018-01-02
Didier Stevens
PDF documents & URLs: video
2017-12-31
Didier Stevens
Analyzing TNEF files
2017-12-25
Didier Stevens
Dealing with obfuscated RTF files
2017-12-24
Didier Stevens
PDF documents & URLs: update
2017-12-23
Didier Stevens
Encrypted PDFs
2017-12-19
Xavier Mertens
Example of 'MouseOver' Link in a Powerpoint File
2017-12-18
Didier Stevens
Phish or scam? - Part 2
2017-12-17
Didier Stevens
Phish or scam? - Part 1
2017-12-09
Didier Stevens
Sometimes it's a dud
2017-11-06
Didier Stevens
Metasploit's Maldoc
2017-11-05
Didier Stevens
Extracting the text from PDF documents
2017-11-04
Didier Stevens
PDF documents & URLs
2017-09-10
Didier Stevens
It is a resume - Part 3
2017-08-20
Didier Stevens
It's Not An Invoice ...
2017-08-17
Xavier Mertens
Maldoc with auto-updated link
2017-08-10
Didier Stevens
Maldoc Analysis with ViperMonkey
2017-07-29
Didier Stevens
Maldoc Submitted and Analyzed
2017-07-28
Didier Stevens
Static Analysis of Emotet Maldoc
2017-07-15
Didier Stevens
Office maldoc + .lnk
2017-07-10
Didier Stevens
Basic Office maldoc analysis
2017-04-28
Xavier Mertens
Another Day, Another Obfuscation Technique
2017-04-23
Didier Stevens
Malicious Documents: A Bit Of News
2017-04-21
Xavier Mertens
Analysis of a Maldoc with Multiple Layers of Obfuscation
2017-03-05
Didier Stevens
Another example of maldoc string obfuscation, with extra bonus: UAC bypass
2017-02-26
Didier Stevens
CRA Maldoc Analysis
2016-12-24
Didier Stevens
Pinging All The Way
2016-12-10
Didier Stevens
Sleeping VBS Really Wants To Sleep
2016-12-05
Didier Stevens
Hancitor Maldoc Videos
2016-11-18
Didier Stevens
VBA Shellcode and Windows 10
2016-11-12
Didier Stevens
VBA Shellcode and EMET
2016-10-17
Didier Stevens
Maldoc VBA Anti-Analysis: Video
2016-10-16
Didier Stevens
Analyzing Office Maldocs With Decoder.xls
2016-10-15
Didier Stevens
Maldoc VBA Anti-Analysis
2016-09-26
Didier Stevens
VBA and P-code
2016-08-06
Didier Stevens
rtfdump
2016-07-30
Didier Stevens
rtfobj
2016-07-29
Didier Stevens
Malicious RTF Files
2016-07-19
Didier Stevens
Office Maldoc: Let's Focus on the VBA Macros Later...
2016-03-29
Didier Stevens
VBE: Encoded VBS Script
2016-02-21
Didier Stevens
Tip: Quick Analysis of Office Maldoc
2016-01-11
Didier Stevens
BlackEnergy .XLS Dropper
2015-12-26
Didier Stevens
Malfunctioning Malware
2015-11-21
Didier Stevens
Maldoc Social Engineering Trick
2015-09-19
Didier Stevens
Don't launch that file Adobe Reader!
2015-08-26
Didier Stevens
PDF + maldoc1 = maldoc2
2015-05-15
Didier Stevens
Another Maldoc? I'm Afraid So...
2015-05-09
Didier Stevens
Malicious Word Document: This Time The Maldoc Is A MIME File
2015-04-10
Didier Stevens
The Kill Chain: Now With Pastebin
2015-03-30
Didier Stevens
YARA Rules For Shellcode
2015-03-14
Didier Stevens
Maldoc VBA Sandbox/Virtualization Detection
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
The Internet Storm Center is a community for everyone, so
join the conversation