Internet Storm Center
Sign In
Sign Up
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
2024-01-12
Xavier Mertens
One File, Two Payloads
2023-08-23
Xavier Mertens
More Exotic Excel Files Dropping AgentTesla
2023-06-16
Xavier Mertens
Another RAT Delivered Through VBS
2023-01-25
Xavier Mertens
A First Malicious OneNote Document
2022-11-09
Xavier Mertens
Another Script-Based Ransomware
2022-11-04
Xavier Mertens
Remcos Downloader with Unicode Obfuscation
2022-09-17
Didier Stevens
Video: Analyzing Obfuscated VBS with CyberChef
2022-09-16
Didier Stevens
Word Maldoc With CustomXML and Renamed VBAProject.bin
2022-09-04
Didier Stevens
Video: VBA Maldoc & UTF7 (APT-C-35)
2022-08-29
Didier Stevens
Update: VBA Maldoc & UTF7 (APT-C-35)
2022-08-16
Didier Stevens
VBA Maldoc & UTF7 (APT-C-35)
2022-07-24
Didier Stevens
Video: Maldoc: non-ASCII VBA Identifiers
2022-07-21
Didier Stevens
Maldoc: non-ASCII VBA Identifiers
2022-05-05
Brad Duncan
Password-protected Excel spreadsheet pushes Remcos RAT
2022-03-05
Didier Stevens
oledump's Extra Option
2022-02-18
Xavier Mertens
Remcos RAT Delivered Through Double Compressed Archive
2022-01-22
Xavier Mertens
Mixed VBA & Excel4 Macro In a Targeted Excel Sheet
2021-12-19
Didier Stevens
Office 2021: VBA Project Version
2021-09-25
Didier Stevens
Strings Analysis: VBA & Excel4 Maldoc
2021-09-25
Didier Stevens
Video: Strings Analysis: VBA & Excel4 Maldoc
2021-09-23
Xavier Mertens
Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
2021-06-04
Xavier Mertens
Russian Dolls VBS Obfuscation
2021-04-28
Xavier Mertens
Deeper Analyzis of my Last Malicious PowerPoint Add-On
2021-04-26
Didier Stevens
CAD: .DGN and .MVBA Files
2021-04-23
Xavier Mertens
Malicious PowerPoint Add-On: "Small Is Beautiful"
2021-03-06
Xavier Mertens
Spotting the Red Team on VirusTotal!
2021-03-04
Xavier Mertens
From VBS, PowerShell, C Sharp, Process Hollowing to RAT
2021-02-05
Xavier Mertens
VBA Macro Trying to Alter the Application Menus
2021-02-02
Xavier Mertens
New Example of XSL Script Processing aka "Mitre T1220"
2020-11-22
Didier Stevens
Quick Tip: Extracting all VBA Code from a Maldoc - JSON Format
2020-11-15
Didier Stevens
oledump's ! Indicator
2020-11-08
Didier Stevens
Quick Tip: Extracting all VBA Code from a Maldoc
2020-09-23
Xavier Mertens
Malicious Word Document with Dynamic Content
2020-09-18
Xavier Mertens
A Mix of Python & VBA in a Malicious Word Document
2020-08-31
Didier Stevens
Finding The Original Maldoc
2020-08-29
Didier Stevens
Malicious Excel Sheet with a NULL VT Score: More Info
2020-08-26
Xavier Mertens
Malicious Excel Sheet with a NULL VT Score
2020-08-06
Xavier Mertens
A Fork of the FTCode Powershell Ransomware
2020-08-03
Xavier Mertens
Powershell Bot with Multiple C2 Protocols
2020-07-26
Didier Stevens
Cracking Maldoc VBA Project Passwords
2020-07-13
Didier Stevens
VBA Project Passwords
2020-07-12
Didier Stevens
Maldoc: VBA Purging Example
2020-05-13
Brad Duncan
Malspam with links to zip archives pushes Dridex malware
2020-04-08
Brad Duncan
German malspam pushes ZLoader malware
2020-03-25
Brad Duncan
Recent Dridex activity
2020-02-24
Didier Stevens
Maldoc: Excel 4 Macros and VBA, Devil and Angel?
2020-02-22
Xavier Mertens
Simple but Efficient VBScript Obfuscation
2020-02-07
Xavier Mertens
Sandbox Detection Tricks & Nice Obfuscation in a Single VBScript
2019-12-28
Didier Stevens
Corrupt Office Documents
2019-12-23
Didier Stevens
New oledump.py plugin: plugin_version_vba
2019-12-22
Didier Stevens
Extracting VBA Macros From .DWG Files
2019-12-16
Didier Stevens
Malicious .DWG Files?
2019-12-09
Didier Stevens
(Lazy) Sunday Maldoc Analysis
2019-11-20
Brad Duncan
Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike
2019-10-18
Xavier Mertens
Quick Malicious VBS Analysis
2019-08-22
Xavier Mertens
Simple Mimikatz & RDPWrapper Dropper
2019-05-01
Didier Stevens
VBA Office Document: Which Version?
2019-02-14
Xavier Mertens
Old H-Worm Delivered Through GitHub
2019-02-10
Didier Stevens
Video: Maldoc Analysis of the Weekend
2019-02-09
Didier Stevens
Maldoc Analysis of the Weekend
2018-11-26
Russ McRee
ViperMonkey: VBA maldoc deobfuscation
2018-09-13
Xavier Mertens
Malware Delivered Through MHT Files
2018-08-24
Xavier Mertens
Microsoft Publisher Files Delivering Malware
2018-05-25
Xavier Mertens
Antivirus Evasion? Easy as 1,2,3
2017-12-16
Xavier Mertens
Microsoft Office VBA Macro Obfuscation via Metadata
2017-11-15
Xavier Mertens
If you want something done right, do it yourself!
2017-11-07
Xavier Mertens
Interesting VBA Dropper
2017-08-26
Didier Stevens
Malware analysis: searching for dots
2017-07-08
Xavier Mertens
A VBScript with Obfuscated Base64 Data
2017-03-12
Guy Bruneau
Honeypot Logs and Tracking a VBE Script
2017-02-26
Guy Bruneau
It is Tax Season - Watch out for Suspicious Attachment
2016-12-24
Didier Stevens
Pinging All The Way
2016-11-18
Didier Stevens
VBA Shellcode and Windows 10
2016-10-17
Didier Stevens
Maldoc VBA Anti-Analysis: Video
2016-10-16
Didier Stevens
Analyzing Office Maldocs With Decoder.xls
2016-10-15
Didier Stevens
Maldoc VBA Anti-Analysis
2016-09-26
Didier Stevens
VBA and P-code
2016-03-29
Didier Stevens
VBE: Encoded VBS Script
2016-03-07
Xavier Mertens
Another Malicious Document, Another Way to Deliver Malicious Code
2015-03-14
Didier Stevens
Maldoc VBA Sandbox/Virtualization Detection
2015-02-20
Tom Webb
Fast analysis of a Tax Scam
2013-11-19
Johannes Ullrich
vBulletin.com Compromise - Possible 0-day
2010-07-23
Mark Hofman
vBulletin vB 3.8.6 vulnerability
2010-03-01
Mark Hofman
IE 0-day using .hlp files
2008-04-03
Bojan Zdrnja
Mixed (VBScript and JavaScript) obfuscation
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Follow the Internet Storm Center on
Twitter