Internet Storm Center
Sign In
Sign Up
Watch ISC TV. Great for NOCs, SOCs and Living Rooms:
https://isctv.sans.edu
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
2022-09-16
Didier Stevens
Word Maldoc With CustomXML and Renamed VBAProject.bin
2022-09-04
Didier Stevens
Video: VBA Maldoc & UTF7 (APT-C-35)
2022-08-29
Didier Stevens
Update: VBA Maldoc & UTF7 (APT-C-35)
2022-08-16
Didier Stevens
VBA Maldoc & UTF7 (APT-C-35)
2022-07-24
Didier Stevens
Video: Maldoc: non-ASCII VBA Identifiers
2022-07-21
Didier Stevens
Maldoc: non-ASCII VBA Identifiers
2022-03-05
Didier Stevens
oledump's Extra Option
2022-01-22
Xavier Mertens
Mixed VBA & Excel4 Macro In a Targeted Excel Sheet
2021-12-19
Didier Stevens
Office 2021: VBA Project Version
2021-09-25
Didier Stevens
Strings Analysis: VBA & Excel4 Maldoc
2021-09-25
Didier Stevens
Video: Strings Analysis: VBA & Excel4 Maldoc
2021-09-23
Xavier Mertens
Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
2021-04-26
Didier Stevens
CAD: .DGN and .MVBA Files
2021-04-23
Xavier Mertens
Malicious PowerPoint Add-On: "Small Is Beautiful"
2021-03-06
Xavier Mertens
Spotting the Red Team on VirusTotal!
2021-02-05
Xavier Mertens
VBA Macro Trying to Alter the Application Menus
2021-02-02
Xavier Mertens
New Example of XSL Script Processing aka "Mitre T1220"
2020-11-22
Didier Stevens
Quick Tip: Extracting all VBA Code from a Maldoc - JSON Format
2020-11-15
Didier Stevens
oledump's ! Indicator
2020-11-08
Didier Stevens
Quick Tip: Extracting all VBA Code from a Maldoc
2020-09-23
Xavier Mertens
Malicious Word Document with Dynamic Content
2020-09-18
Xavier Mertens
A Mix of Python & VBA in a Malicious Word Document
2020-08-31
Didier Stevens
Finding The Original Maldoc
2020-08-29
Didier Stevens
Malicious Excel Sheet with a NULL VT Score: More Info
2020-08-26
Xavier Mertens
Malicious Excel Sheet with a NULL VT Score
2020-08-03
Xavier Mertens
Powershell Bot with Multiple C2 Protocols
2020-07-26
Didier Stevens
Cracking Maldoc VBA Project Passwords
2020-07-13
Didier Stevens
VBA Project Passwords
2020-07-12
Didier Stevens
Maldoc: VBA Purging Example
2020-02-24
Didier Stevens
Maldoc: Excel 4 Macros and VBA, Devil and Angel?
2019-12-28
Didier Stevens
Corrupt Office Documents
2019-12-23
Didier Stevens
New oledump.py plugin: plugin_version_vba
2019-12-22
Didier Stevens
Extracting VBA Macros From .DWG Files
2019-12-16
Didier Stevens
Malicious .DWG Files?
2019-12-09
Didier Stevens
(Lazy) Sunday Maldoc Analysis
2019-05-01
Didier Stevens
VBA Office Document: Which Version?
2019-02-10
Didier Stevens
Video: Maldoc Analysis of the Weekend
2019-02-09
Didier Stevens
Maldoc Analysis of the Weekend
2018-11-26
Russ McRee
ViperMonkey: VBA maldoc deobfuscation
2018-08-24
Xavier Mertens
Microsoft Publisher Files Delivering Malware
2017-12-16
Xavier Mertens
Microsoft Office VBA Macro Obfuscation via Metadata
2017-11-15
Xavier Mertens
If you want something done right, do it yourself!
2017-11-07
Xavier Mertens
Interesting VBA Dropper
2017-02-26
Guy Bruneau
It is Tax Season - Watch out for Suspicious Attachment
2016-12-24
Didier Stevens
Pinging All The Way
2016-11-18
Didier Stevens
VBA Shellcode and Windows 10
2016-10-17
Didier Stevens
Maldoc VBA Anti-Analysis: Video
2016-10-16
Didier Stevens
Analyzing Office Maldocs With Decoder.xls
2016-10-15
Didier Stevens
Maldoc VBA Anti-Analysis
2016-09-26
Didier Stevens
VBA and P-code
2016-03-07
Xavier Mertens
Another Malicious Document, Another Way to Deliver Malicious Code
2015-03-14
Didier Stevens
Maldoc VBA Sandbox/Virtualization Detection
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
The Internet Storm Center is a community for everyone, so
join the conversation