Diaries by Keyword - SANS Internet Storm Center

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
2022-09-16	Didier Stevens	Word Maldoc With CustomXML and Renamed VBAProject.bin
2022-09-04	Didier Stevens	Video: VBA Maldoc & UTF7 (APT-C-35)
2022-08-29	Didier Stevens	Update: VBA Maldoc & UTF7 (APT-C-35)
2022-08-16	Didier Stevens	VBA Maldoc & UTF7 (APT-C-35)
2022-07-24	Didier Stevens	Video: Maldoc: non-ASCII VBA Identifiers
2022-07-21	Didier Stevens	Maldoc: non-ASCII VBA Identifiers
2022-03-05	Didier Stevens	oledump's Extra Option
2022-01-22	Xavier Mertens	Mixed VBA & Excel4 Macro In a Targeted Excel Sheet
2021-12-19	Didier Stevens	Office 2021: VBA Project Version
2021-09-25	Didier Stevens	Strings Analysis: VBA & Excel4 Maldoc
2021-09-25	Didier Stevens	Video: Strings Analysis: VBA & Excel4 Maldoc
2021-09-23	Xavier Mertens	Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
2021-04-26	Didier Stevens	CAD: .DGN and .MVBA Files
2021-04-23	Xavier Mertens	Malicious PowerPoint Add-On: "Small Is Beautiful"
2021-03-06	Xavier Mertens	Spotting the Red Team on VirusTotal!
2021-02-05	Xavier Mertens	VBA Macro Trying to Alter the Application Menus
2021-02-02	Xavier Mertens	New Example of XSL Script Processing aka "Mitre T1220"
2020-11-22	Didier Stevens	Quick Tip: Extracting all VBA Code from a Maldoc - JSON Format
2020-11-15	Didier Stevens	oledump's ! Indicator
2020-11-08	Didier Stevens	Quick Tip: Extracting all VBA Code from a Maldoc
2020-09-23	Xavier Mertens	Malicious Word Document with Dynamic Content
2020-09-18	Xavier Mertens	A Mix of Python & VBA in a Malicious Word Document
2020-08-31	Didier Stevens	Finding The Original Maldoc
2020-08-29	Didier Stevens	Malicious Excel Sheet with a NULL VT Score: More Info
2020-08-26	Xavier Mertens	Malicious Excel Sheet with a NULL VT Score
2020-08-03	Xavier Mertens	Powershell Bot with Multiple C2 Protocols
2020-07-26	Didier Stevens	Cracking Maldoc VBA Project Passwords
2020-07-13	Didier Stevens	VBA Project Passwords
2020-07-12	Didier Stevens	Maldoc: VBA Purging Example
2020-02-24	Didier Stevens	Maldoc: Excel 4 Macros and VBA, Devil and Angel?
2019-12-28	Didier Stevens	Corrupt Office Documents
2019-12-23	Didier Stevens	New oledump.py plugin: plugin_version_vba
2019-12-22	Didier Stevens	Extracting VBA Macros From .DWG Files
2019-12-16	Didier Stevens	Malicious .DWG Files?
2019-12-09	Didier Stevens	(Lazy) Sunday Maldoc Analysis
2019-05-01	Didier Stevens	VBA Office Document: Which Version?
2019-02-10	Didier Stevens	Video: Maldoc Analysis of the Weekend
2019-02-09	Didier Stevens	Maldoc Analysis of the Weekend
2018-11-26	Russ McRee	ViperMonkey: VBA maldoc deobfuscation
2018-08-24	Xavier Mertens	Microsoft Publisher Files Delivering Malware
2017-12-16	Xavier Mertens	Microsoft Office VBA Macro Obfuscation via Metadata
2017-11-15	Xavier Mertens	If you want something done right, do it yourself!
2017-11-07	Xavier Mertens	Interesting VBA Dropper
2017-02-26	Guy Bruneau	It is Tax Season - Watch out for Suspicious Attachment
2016-12-24	Didier Stevens	Pinging All The Way
2016-11-18	Didier Stevens	VBA Shellcode and Windows 10
2016-10-17	Didier Stevens	Maldoc VBA Anti-Analysis: Video
2016-10-16	Didier Stevens	Analyzing Office Maldocs With Decoder.xls
2016-10-15	Didier Stevens	Maldoc VBA Anti-Analysis
2016-09-26	Didier Stevens	VBA and P-code
2016-03-07	Xavier Mertens	Another Malicious Document, Another Way to Deliver Malicious Code
2015-03-14	Didier Stevens	Maldoc VBA Sandbox/Virtualization Detection