Diaries by Keyword - SANS Internet Storm Center

Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
2022-10-27	Tom Webb	Supersizing your DUO and 365 Integration
2022-05-30	Xavier Mertens	New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme (CVE-2022-30190)
2022-04-17	Didier Stevens	Video: Office Protects You From Malicious ISO Files
2022-04-16	Didier Stevens	Office Protects You From Malicious ISO Files
2021-12-19	Didier Stevens	Office 2021: VBA Project Version
2021-11-28	Didier Stevens	Video: YARA Rules for Office Maldocs
2021-11-23	Didier Stevens	YARA Rule for OOXML Maldocs: Less False Positives
2021-09-08	Johannes Ullrich	Microsoft Offers Workaround for 0-Day Office Vulnerability (CVE-2021-40444)
2020-12-12	Didier Stevens	Office 95 Excel 4 Macros
2020-11-08	Didier Stevens	Quick Tip: Extracting all VBA Code from a Maldoc
2020-09-23	Xavier Mertens	Malicious Word Document with Dynamic Content
2020-08-20	Rob VandenBrink	Office 365 Mail Forwarding Rules (and other Mail Rules too)
2020-02-21	Xavier Mertens	Quick Analysis of an Encrypted Compound Document Format
2019-12-28	Didier Stevens	Corrupt Office Documents
2019-12-09	Didier Stevens	(Lazy) Sunday Maldoc Analysis
2019-04-07	Guy Bruneau	Fake Office 365 Payment Information Update
2019-04-01	Didier Stevens	Analysis of PDFs Created with OpenOffice/LibreOffice
2018-12-13	Xavier Mertens	Phishing Attack Through Non-Delivery Notification
2018-10-10	Xavier Mertens	New Campaign Using Old Equation Editor Vulnerability
2018-09-04	Rob VandenBrink	Let's Trade: You Read My Email, I'll Read Your Password!
2018-05-25	Xavier Mertens	Antivirus Evasion? Easy as 1,2,3
2018-05-01	Xavier Mertens	Diving into a Simple Maldoc Generator
2017-12-16	Xavier Mertens	Microsoft Office VBA Macro Obfuscation via Metadata
2017-11-15	Xavier Mertens	If you want something done right, do it yourself!
2017-04-28	Xavier Mertens	Another Day, Another Obfuscation Technique
2017-01-31	Johannes Ullrich	Malicious Office files using fileless UAC bypass to drop KEYBASE malware
2016-09-30	Xavier Mertens	Another Day, Another Malicious Behaviour
2016-07-19	Didier Stevens	Office Maldoc: Let's Focus on the VBA Macros Later...
2016-01-24	Didier Stevens	Obfuscated MIME Files
2015-02-20	Tom Webb	Fast analysis of a Tax Scam
2015-02-19	Daniel Wesemann	Macros? Really?!
2014-07-10	Rob VandenBrink	Certificate Errors in Office 365 Today
2014-06-22	Russ McRee	OfficeMalScanner helps identify the source of a compromise
2013-11-05	Daniel Wesemann	TIFF images in MS-Office documents used in targeted attacks
2012-09-14	Lenny Zeltser	Analyzing Malicious RTF Files Using OfficeMalScanner's RTFScan
2012-06-04	Lenny Zeltser	Decoding Common XOR Obfuscation in Malicious Code
2011-01-28	Guy Bruneau	OpenOffice Security Fixes
2010-10-26	Pedro Bueno	Cyber Security Awareness Month - Day 26 - Sharing Office Files
2010-06-05	Guy Bruneau	OpenOffice.org 3.2.1 Fixes Bugs and Vulnerabilities
2010-02-22	Rob VandenBrink	Multiple Security Updates for OpenOffice ==> http://www.openoffice.org/security/bulletin.html
2010-01-08	Rob VandenBrink	Microsoft OfficeOnline, Searching for Trust and Malware
2009-07-16	Bojan Zdrnja	OWC exploits used in SQL injection attacks
2009-07-13	Adrien de Beaupre	Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution