Internet Storm Center
Sign In
Sign Up
SANS Network Security: Las Vegas Sept 4-9.
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
2023-05-07
Didier Stevens
Quickly Finding Encoded Payloads in Office Documents
2023-02-05
Didier Stevens
Video: Analyzing Malicious OneNote Documents
2023-02-01
Didier Stevens
Detecting (Malicious) OneNote Files
2022-09-24
Didier Stevens
Maldoc Analysis Info On MalwareBazaar
2022-09-16
Didier Stevens
Word Maldoc With CustomXML and Renamed VBAProject.bin
2022-09-10
Guy Bruneau
Phishing Word Documents with Suspicious URL
2022-09-09
Didier Stevens
Maldoc With Decoy BASE64
2022-09-04
Didier Stevens
Video: VBA Maldoc & UTF7 (APT-C-35)
2022-08-29
Didier Stevens
Update: VBA Maldoc & UTF7 (APT-C-35)
2022-08-16
Didier Stevens
VBA Maldoc & UTF7 (APT-C-35)
2022-07-10
Guy Bruneau
Excel 4 Emotet Maldoc Analysis using CyberChef
2022-06-12
Didier Stevens
Quickie: Follina, RTF & Explorer Preview Pane
2022-06-06
Didier Stevens
"ms-msdt" RTF Maldoc Analysis: oledump Plugins
2022-06-05
Didier Stevens
Analysis Of An "ms-msdt" RTF Maldoc
2022-05-02
Didier Stevens
Detecting VSTO Office Files With ExifTool
2022-04-24
Didier Stevens
Analyzing a Phishing Word Document
2022-04-17
Didier Stevens
Video: Office Protects You From Malicious ISO Files
2022-04-16
Didier Stevens
Office Protects You From Malicious ISO Files
2022-04-10
Didier Stevens
Video: Method For String Extraction Filtering
2022-04-09
Didier Stevens
Method For String Extraction Filtering
2022-03-30
Didier Stevens
Quickie: Parsing XLSB Documents
2022-03-27
Didier Stevens
Video: Maldoc Cleaned by Anti-Virus
2021-11-28
Didier Stevens
Video: YARA Rules for Office Maldocs
2021-11-23
Didier Stevens
YARA Rule for OOXML Maldocs: Less False Positives
2021-11-14
Didier Stevens
Video: Obfuscated Maldoc: Reversed BASE64
2021-10-03
Didier Stevens
Video: CVE-2021-40444 Maldocs: Extracting URLs
2021-09-25
Didier Stevens
Strings Analysis: VBA & Excel4 Maldoc
2021-09-25
Didier Stevens
Video: Strings Analysis: VBA & Excel4 Maldoc
2021-09-22
Didier Stevens
An XML-Obfuscated Office Document (CVE-2021-40444)
2021-09-19
Didier Stevens
Video: Simple Analysis Of A CVE-2021-40444 .docx Document
2021-09-18
Didier Stevens
Simple Analysis Of A CVE-2021-40444 .docx Document
2021-06-28
Didier Stevens
CFBF Files Strings Analysis
2021-02-28
Didier Stevens
Maldocs: Protection Passwords
2021-02-23
Jan Kopriva
Qakbot in a response to Full Disclosure post
2021-02-22
Didier Stevens
Unprotecting Malicious Documents For Inspection
2021-02-21
Didier Stevens
DDE and oledump
2021-01-24
Didier Stevens
Video: Doc & RTF Malicious Document
2021-01-23
Didier Stevens
CyberChef: Analyzing OOXML Files for URLs
2021-01-18
Didier Stevens
Doc & RTF Malicious Document
2021-01-10
Didier Stevens
Maldoc Analysis With CyberChef
2021-01-09
Didier Stevens
Maldoc Strings Analysis
2020-12-24
Xavier Mertens
Malicious Word Document Delivering an Octopus Backdoor
2020-12-15
Didier Stevens
Analyzing FireEye Maldocs
2020-11-22
Didier Stevens
Quick Tip: Extracting all VBA Code from a Maldoc - JSON Format
2020-10-31
Didier Stevens
More File Selection Gaffes
2020-10-26
Didier Stevens
Excel 4 Macros: "Abnormal Sheet Visibility"
2020-08-31
Didier Stevens
Finding The Original Maldoc
2020-08-29
Didier Stevens
Malicious Excel Sheet with a NULL VT Score: More Info
2020-08-19
Xavier Mertens
Example of Word Document Delivering Qakbot
2020-08-16
Didier Stevens
Small Challenge: A Simple Word Maldoc - Part 3
2020-08-02
Didier Stevens
Small Challenge: A Simple Word Maldoc
2020-07-12
Didier Stevens
Maldoc: VBA Purging Example
2020-06-12
Xavier Mertens
Malicious Excel Delivering Fileless Payload
2020-06-01
Didier Stevens
XLMMacroDeobfuscator: An Update
2020-05-24
Didier Stevens
Zloader Maldoc Analysis With xlm-deobfuscator
2020-04-26
Didier Stevens
Video: Malformed .docm File
2020-04-18
Guy Bruneau
Maldoc Falsely Represented as DOCX Invoice Redirecting to Fake Apple Store
2020-04-06
Didier Stevens
Password Protected Malicious Excel Files
2020-04-05
Guy Bruneau
Maldoc XLS Invoice with Excel 4 Macros
2020-04-04
Didier Stevens
New Bypass Technique or Corrupt Word Document?
2020-03-29
Didier Stevens
Obfuscated Excel 4 Macros
2020-03-09
Didier Stevens
Malicious Spreadsheet With Data Connection and Excel 4 Macros
2020-02-24
Didier Stevens
Maldoc: Excel 4 Macros and VBA, Devil and Angel?
2020-02-23
Didier Stevens
Maldoc: Excel 4 Macros in OOXML Format
2020-01-09
Xavier Mertens
Quick Analyzis of a(nother) Maldoc
2019-12-22
Didier Stevens
Extracting VBA Macros From .DWG Files
2019-12-16
Didier Stevens
Malicious .DWG Files?
2019-12-14
Didier Stevens
(Lazy) Sunday Maldoc Analysis: A Bit More ...
2019-12-09
Didier Stevens
(Lazy) Sunday Maldoc Analysis
2019-08-15
Didier Stevens
Analysis of a Spearphishing Maldoc
2019-07-28
Didier Stevens
Video: Analyzing Compressed PowerShell Scripts
2019-07-06
Didier Stevens
Malicious XSL Files
2019-07-05
Didier Stevens
A "Stream O" Maldoc
2019-07-01
Didier Stevens
Maldoc: Payloads in User Forms
2019-05-28
Didier Stevens
Office Document & BASE64? PowerShell!
2019-05-01
Didier Stevens
VBA Office Document: Which Version?
2019-04-27
Didier Stevens
Quick Tip for Dissecting CVE-2017-11882 Exploits
2019-04-23
Didier Stevens
Malicious VBA Office Document Without Source Code
2019-03-31
Didier Stevens
Maldoc Analysis of the Weekend by a Reader
2019-03-25
Didier Stevens
"VelvetSweatshop" Maldocs: Shellcode Analysis
2019-03-23
Didier Stevens
"VelvetSweatshop" Maldocs
2019-03-17
Didier Stevens
Video: Maldoc Analysis: Excel 4.0 Macro
2019-03-16
Didier Stevens
Maldoc: Excel 4.0 Macros
2019-02-27
Didier Stevens
Maldoc Analysis by a Reader
2019-02-17
Didier Stevens
Video: Finding Property Values in Office Documents
2019-02-16
Didier Stevens
Finding Property Values in Office Documents
2019-02-11
Didier Stevens
Have You Seen an Email Virus Recently?
2019-02-10
Didier Stevens
Video: Maldoc Analysis of the Weekend
2019-02-09
Didier Stevens
Maldoc Analysis of the Weekend
2019-01-26
Didier Stevens
Video: Analyzing Encrypted Malicious Office Documents
2019-01-11
Didier Stevens
Quick Maldoc Analysis
2019-01-07
Didier Stevens
Analyzing Encrypted Malicious Office Documents
2019-01-02
Didier Stevens
Maldoc with Nonfunctional Shellcode
2018-12-29
Didier Stevens
Video: De-DOSfuscation Example
2018-12-17
Didier Stevens
Password Protected ZIP with Maldoc
2018-12-12
Didier Stevens
Yet Another DOSfuscation Sample
2018-12-03
Didier Stevens
Word maldoc: yet another place to hide a command
2018-11-26
Russ McRee
ViperMonkey: VBA maldoc deobfuscation
2018-11-23
Didier Stevens
Video: Dissecting a CVE-2017-11882 Exploit
2018-11-10
Didier Stevens
Video: CyberChef: BASE64/XOR Recipe
2018-11-02
Didier Stevens
TriJklcj2HIUCheDES decryption failed?
2018-10-16
Didier Stevens
CyberChef: BASE64/XOR Recipe
2018-10-13
Didier Stevens
Maldoc: Once More It's XOR
2018-10-01
Didier Stevens
Decoding Custom Substitution Encodings with translate.py
2018-09-30
Didier Stevens
When DOSfuscation Helps...
2018-08-25
Didier Stevens
Microsoft Publisher malware: static analysis
2018-08-05
Didier Stevens
Video: Maldoc analysis with standard Linux tools
2018-07-30
Didier Stevens
Malicious Word documents using DOSfuscation
2018-06-17
Didier Stevens
Encrypted Office Documents
2018-02-02
Xavier Mertens
Simple but Effective Malicious XLS Sheet
2018-01-28
Didier Stevens
Is this a pentest?
2018-01-20
Didier Stevens
An RTF phish
2018-01-02
Didier Stevens
PDF documents & URLs: video
2017-12-31
Didier Stevens
Analyzing TNEF files
2017-12-25
Didier Stevens
Dealing with obfuscated RTF files
2017-12-24
Didier Stevens
PDF documents & URLs: update
2017-12-23
Didier Stevens
Encrypted PDFs
2017-12-19
Xavier Mertens
Example of 'MouseOver' Link in a Powerpoint File
2017-12-18
Didier Stevens
Phish or scam? - Part 2
2017-12-17
Didier Stevens
Phish or scam? - Part 1
2017-12-09
Didier Stevens
Sometimes it's a dud
2017-11-06
Didier Stevens
Metasploit's Maldoc
2017-11-05
Didier Stevens
Extracting the text from PDF documents
2017-11-04
Didier Stevens
PDF documents & URLs
2017-09-10
Didier Stevens
It is a resume - Part 3
2017-08-20
Didier Stevens
It's Not An Invoice ...
2017-08-17
Xavier Mertens
Maldoc with auto-updated link
2017-08-10
Didier Stevens
Maldoc Analysis with ViperMonkey
2017-07-29
Didier Stevens
Maldoc Submitted and Analyzed
2017-07-28
Didier Stevens
Static Analysis of Emotet Maldoc
2017-07-15
Didier Stevens
Office maldoc + .lnk
2017-07-10
Didier Stevens
Basic Office maldoc analysis
2017-04-28
Xavier Mertens
Another Day, Another Obfuscation Technique
2017-04-23
Didier Stevens
Malicious Documents: A Bit Of News
2017-04-21
Xavier Mertens
Analysis of a Maldoc with Multiple Layers of Obfuscation
2017-03-05
Didier Stevens
Another example of maldoc string obfuscation, with extra bonus: UAC bypass
2017-02-26
Didier Stevens
CRA Maldoc Analysis
2016-12-24
Didier Stevens
Pinging All The Way
2016-12-10
Didier Stevens
Sleeping VBS Really Wants To Sleep
2016-12-05
Didier Stevens
Hancitor Maldoc Videos
2016-11-18
Didier Stevens
VBA Shellcode and Windows 10
2016-11-12
Didier Stevens
VBA Shellcode and EMET
2016-10-17
Didier Stevens
Maldoc VBA Anti-Analysis: Video
2016-10-16
Didier Stevens
Analyzing Office Maldocs With Decoder.xls
2016-10-15
Didier Stevens
Maldoc VBA Anti-Analysis
2016-09-26
Didier Stevens
VBA and P-code
2016-08-06
Didier Stevens
rtfdump
2016-07-30
Didier Stevens
rtfobj
2016-07-29
Didier Stevens
Malicious RTF Files
2016-07-19
Didier Stevens
Office Maldoc: Let's Focus on the VBA Macros Later...
2016-03-29
Didier Stevens
VBE: Encoded VBS Script
2016-02-21
Didier Stevens
Tip: Quick Analysis of Office Maldoc
2016-01-11
Didier Stevens
BlackEnergy .XLS Dropper
2015-12-26
Didier Stevens
Malfunctioning Malware
2015-11-21
Didier Stevens
Maldoc Social Engineering Trick
2015-09-19
Didier Stevens
Don't launch that file Adobe Reader!
2015-08-26
Didier Stevens
PDF + maldoc1 = maldoc2
2015-05-15
Didier Stevens
Another Maldoc? I'm Afraid So...
2015-05-09
Didier Stevens
Malicious Word Document: This Time The Maldoc Is A MIME File
2015-04-10
Didier Stevens
The Kill Chain: Now With Pastebin
2015-03-30
Didier Stevens
YARA Rules For Shellcode
2015-03-14
Didier Stevens
Maldoc VBA Sandbox/Virtualization Detection
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Make the web a better place by
sharing the SANS Internet Storm Center
with others