Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Diaries by Keyword - SANS Internet Storm Center Diaries by Keyword

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title
2022-05-02Didier StevensDetecting VSTO Office Files With ExifTool
2022-04-24Didier StevensAnalyzing a Phishing Word Document
2022-04-17Didier StevensVideo: Office Protects You From Malicious ISO Files
2022-04-16Didier StevensOffice Protects You From Malicious ISO Files
2022-04-10Didier StevensVideo: Method For String Extraction Filtering
2022-04-09Didier StevensMethod For String Extraction Filtering
2022-03-30Didier StevensQuickie: Parsing XLSB Documents
2022-03-27Didier StevensVideo: Maldoc Cleaned by Anti-Virus
2021-11-28Didier StevensVideo: YARA Rules for Office Maldocs
2021-11-23Didier StevensYARA Rule for OOXML Maldocs: Less False Positives
2021-11-14Didier StevensVideo: Obfuscated Maldoc: Reversed BASE64
2021-10-03Didier StevensVideo: CVE-2021-40444 Maldocs: Extracting URLs
2021-09-25Didier StevensStrings Analysis: VBA & Excel4 Maldoc
2021-09-25Didier StevensVideo: Strings Analysis: VBA & Excel4 Maldoc
2021-09-22Didier StevensAn XML-Obfuscated Office Document (CVE-2021-40444)
2021-09-19Didier StevensVideo: Simple Analysis Of A CVE-2021-40444 .docx Document
2021-09-18Didier StevensSimple Analysis Of A CVE-2021-40444 .docx Document
2021-06-28Didier StevensCFBF Files Strings Analysis
2021-02-28Didier StevensMaldocs: Protection Passwords
2021-02-23Jan KoprivaQakbot in a response to Full Disclosure post
2021-02-22Didier StevensUnprotecting Malicious Documents For Inspection
2021-02-21Didier StevensDDE and oledump
2021-01-24Didier StevensVideo: Doc & RTF Malicious Document
2021-01-23Didier StevensCyberChef: Analyzing OOXML Files for URLs
2021-01-18Didier StevensDoc & RTF Malicious Document
2021-01-10Didier StevensMaldoc Analysis With CyberChef
2021-01-09Didier StevensMaldoc Strings Analysis
2020-12-24Xavier MertensMalicious Word Document Delivering an Octopus Backdoor
2020-12-15Didier StevensAnalyzing FireEye Maldocs
2020-11-22Didier StevensQuick Tip: Extracting all VBA Code from a Maldoc - JSON Format
2020-10-31Didier StevensMore File Selection Gaffes
2020-10-26Didier StevensExcel 4 Macros: "Abnormal Sheet Visibility"
2020-08-31Didier StevensFinding The Original Maldoc
2020-08-29Didier StevensMalicious Excel Sheet with a NULL VT Score: More Info
2020-08-19Xavier MertensExample of Word Document Delivering Qakbot
2020-08-16Didier StevensSmall Challenge: A Simple Word Maldoc - Part 3
2020-08-02Didier StevensSmall Challenge: A Simple Word Maldoc
2020-07-12Didier StevensMaldoc: VBA Purging Example
2020-06-12Xavier MertensMalicious Excel Delivering Fileless Payload
2020-06-01Didier StevensXLMMacroDeobfuscator: An Update
2020-05-24Didier StevensZloader Maldoc Analysis With xlm-deobfuscator
2020-04-26Didier StevensVideo: Malformed .docm File
2020-04-18Guy BruneauMaldoc Falsely Represented as DOCX Invoice Redirecting to Fake Apple Store
2020-04-06Didier StevensPassword Protected Malicious Excel Files
2020-04-05Guy BruneauMaldoc XLS Invoice with Excel 4 Macros
2020-04-04Didier StevensNew Bypass Technique or Corrupt Word Document?
2020-03-29Didier StevensObfuscated Excel 4 Macros
2020-03-09Didier StevensMalicious Spreadsheet With Data Connection and Excel 4 Macros
2020-02-24Didier StevensMaldoc: Excel 4 Macros and VBA, Devil and Angel?
2020-02-23Didier StevensMaldoc: Excel 4 Macros in OOXML Format
2020-01-09Xavier MertensQuick Analyzis of a(nother) Maldoc
2019-12-22Didier StevensExtracting VBA Macros From .DWG Files
2019-12-16Didier StevensMalicious .DWG Files?
2019-12-14Didier Stevens(Lazy) Sunday Maldoc Analysis: A Bit More ...
2019-12-09Didier Stevens(Lazy) Sunday Maldoc Analysis
2019-08-15Didier StevensAnalysis of a Spearphishing Maldoc
2019-07-28Didier StevensVideo: Analyzing Compressed PowerShell Scripts
2019-07-06Didier StevensMalicious XSL Files
2019-07-05Didier StevensA "Stream O" Maldoc
2019-07-01Didier StevensMaldoc: Payloads in User Forms
2019-05-28Didier StevensOffice Document & BASE64? PowerShell!
2019-05-01Didier StevensVBA Office Document: Which Version?
2019-04-27Didier StevensQuick Tip for Dissecting CVE-2017-11882 Exploits
2019-04-23Didier StevensMalicious VBA Office Document Without Source Code
2019-03-31Didier StevensMaldoc Analysis of the Weekend by a Reader
2019-03-25Didier Stevens"VelvetSweatshop" Maldocs: Shellcode Analysis
2019-03-23Didier Stevens"VelvetSweatshop" Maldocs
2019-03-17Didier StevensVideo: Maldoc Analysis: Excel 4.0 Macro
2019-03-16Didier StevensMaldoc: Excel 4.0 Macros
2019-02-27Didier StevensMaldoc Analysis by a Reader
2019-02-17Didier StevensVideo: Finding Property Values in Office Documents
2019-02-16Didier StevensFinding Property Values in Office Documents
2019-02-11Didier StevensHave You Seen an Email Virus Recently?
2019-02-10Didier StevensVideo: Maldoc Analysis of the Weekend
2019-02-09Didier StevensMaldoc Analysis of the Weekend
2019-01-26Didier StevensVideo: Analyzing Encrypted Malicious Office Documents
2019-01-11Didier StevensQuick Maldoc Analysis
2019-01-07Didier StevensAnalyzing Encrypted Malicious Office Documents
2019-01-02Didier StevensMaldoc with Nonfunctional Shellcode
2018-12-29Didier StevensVideo: De-DOSfuscation Example
2018-12-17Didier StevensPassword Protected ZIP with Maldoc
2018-12-12Didier StevensYet Another DOSfuscation Sample
2018-12-03Didier StevensWord maldoc: yet another place to hide a command
2018-11-26Russ McReeViperMonkey: VBA maldoc deobfuscation
2018-11-23Didier StevensVideo: Dissecting a CVE-2017-11882 Exploit
2018-11-10Didier StevensVideo: CyberChef: BASE64/XOR Recipe
2018-11-02Didier StevensTriJklcj2HIUCheDES decryption failed?
2018-10-16Didier StevensCyberChef: BASE64/XOR Recipe
2018-10-13Didier StevensMaldoc: Once More It's XOR
2018-10-01Didier StevensDecoding Custom Substitution Encodings with translate.py
2018-09-30Didier StevensWhen DOSfuscation Helps...
2018-08-25Didier StevensMicrosoft Publisher malware: static analysis
2018-08-05Didier StevensVideo: Maldoc analysis with standard Linux tools
2018-07-30Didier StevensMalicious Word documents using DOSfuscation
2018-06-17Didier StevensEncrypted Office Documents
2018-02-02Xavier MertensSimple but Effective Malicious XLS Sheet
2018-01-28Didier StevensIs this a pentest?
2018-01-20Didier StevensAn RTF phish
2018-01-02Didier StevensPDF documents & URLs: video
2017-12-31Didier StevensAnalyzing TNEF files
2017-12-25Didier StevensDealing with obfuscated RTF files
2017-12-24Didier StevensPDF documents & URLs: update
2017-12-23Didier StevensEncrypted PDFs
2017-12-19Xavier MertensExample of 'MouseOver' Link in a Powerpoint File
2017-12-18Didier StevensPhish or scam? - Part 2
2017-12-17Didier StevensPhish or scam? - Part 1
2017-12-09Didier StevensSometimes it's a dud
2017-11-06Didier StevensMetasploit's Maldoc
2017-11-05Didier StevensExtracting the text from PDF documents
2017-11-04Didier StevensPDF documents & URLs
2017-09-10Didier StevensIt is a resume - Part 3
2017-08-20Didier StevensIt's Not An Invoice ...
2017-08-17Xavier MertensMaldoc with auto-updated link
2017-08-10Didier StevensMaldoc Analysis with ViperMonkey
2017-07-29Didier StevensMaldoc Submitted and Analyzed
2017-07-28Didier StevensStatic Analysis of Emotet Maldoc
2017-07-15Didier StevensOffice maldoc + .lnk
2017-07-10Didier StevensBasic Office maldoc analysis
2017-04-28Xavier MertensAnother Day, Another Obfuscation Technique
2017-04-23Didier StevensMalicious Documents: A Bit Of News
2017-04-21Xavier MertensAnalysis of a Maldoc with Multiple Layers of Obfuscation
2017-03-05Didier StevensAnother example of maldoc string obfuscation, with extra bonus: UAC bypass
2017-02-26Didier StevensCRA Maldoc Analysis
2016-12-24Didier StevensPinging All The Way
2016-12-10Didier StevensSleeping VBS Really Wants To Sleep
2016-12-05Didier StevensHancitor Maldoc Videos
2016-11-18Didier StevensVBA Shellcode and Windows 10
2016-11-12Didier StevensVBA Shellcode and EMET
2016-10-17Didier StevensMaldoc VBA Anti-Analysis: Video
2016-10-16Didier StevensAnalyzing Office Maldocs With Decoder.xls
2016-10-15Didier StevensMaldoc VBA Anti-Analysis
2016-09-26Didier StevensVBA and P-code
2016-08-06Didier Stevensrtfdump
2016-07-30Didier Stevensrtfobj
2016-07-29Didier StevensMalicious RTF Files
2016-07-19Didier StevensOffice Maldoc: Let's Focus on the VBA Macros Later...
2016-03-29Didier StevensVBE: Encoded VBS Script
2016-02-21Didier StevensTip: Quick Analysis of Office Maldoc
2016-01-11Didier StevensBlackEnergy .XLS Dropper
2015-12-26Didier StevensMalfunctioning Malware
2015-11-21Didier StevensMaldoc Social Engineering Trick
2015-09-19Didier StevensDon't launch that file Adobe Reader!
2015-08-26Didier StevensPDF + maldoc1 = maldoc2
2015-05-15Didier StevensAnother Maldoc? I'm Afraid So...
2015-05-09Didier StevensMalicious Word Document: This Time The Maldoc Is A MIME File
2015-04-10Didier StevensThe Kill Chain: Now With Pastebin
2015-03-30Didier StevensYARA Rules For Shellcode
2015-03-14Didier StevensMaldoc VBA Sandbox/Virtualization Detection