Date Author Title
2024-01-12Xavier MertensOne File, Two Payloads
2023-08-23Xavier MertensMore Exotic Excel Files Dropping AgentTesla
2023-06-16Xavier MertensAnother RAT Delivered Through VBS
2023-01-25Xavier MertensA First Malicious OneNote Document
2022-11-09Xavier MertensAnother Script-Based Ransomware
2022-11-04Xavier MertensRemcos Downloader with Unicode Obfuscation
2022-09-17Didier StevensVideo: Analyzing Obfuscated VBS with CyberChef
2022-09-16Didier StevensWord Maldoc With CustomXML and Renamed VBAProject.bin
2022-09-04Didier StevensVideo: VBA Maldoc & UTF7 (APT-C-35)
2022-08-29Didier StevensUpdate: VBA Maldoc & UTF7 (APT-C-35)
2022-08-16Didier StevensVBA Maldoc & UTF7 (APT-C-35)
2022-07-24Didier StevensVideo: Maldoc: non-ASCII VBA Identifiers
2022-07-21Didier StevensMaldoc: non-ASCII VBA Identifiers
2022-05-05Brad DuncanPassword-protected Excel spreadsheet pushes Remcos RAT
2022-03-05Didier Stevensoledump's Extra Option
2022-02-18Xavier MertensRemcos RAT Delivered Through Double Compressed Archive
2022-01-22Xavier MertensMixed VBA & Excel4 Macro In a Targeted Excel Sheet
2021-12-19Didier StevensOffice 2021: VBA Project Version
2021-09-25Didier StevensStrings Analysis: VBA & Excel4 Maldoc
2021-09-25Didier StevensVideo: Strings Analysis: VBA & Excel4 Maldoc
2021-09-23Xavier MertensExcel Recipe: Some VBA Code with a Touch of Excel4 Macro
2021-06-04Xavier MertensRussian Dolls VBS Obfuscation
2021-04-28Xavier MertensDeeper Analyzis of my Last Malicious PowerPoint Add-On
2021-04-26Didier StevensCAD: .DGN and .MVBA Files
2021-04-23Xavier MertensMalicious PowerPoint Add-On: "Small Is Beautiful"
2021-03-06Xavier MertensSpotting the Red Team on VirusTotal!
2021-03-04Xavier MertensFrom VBS, PowerShell, C Sharp, Process Hollowing to RAT
2021-02-05Xavier MertensVBA Macro Trying to Alter the Application Menus
2021-02-02Xavier MertensNew Example of XSL Script Processing aka "Mitre T1220"
2020-11-22Didier StevensQuick Tip: Extracting all VBA Code from a Maldoc - JSON Format
2020-11-15Didier Stevensoledump's ! Indicator
2020-11-08Didier StevensQuick Tip: Extracting all VBA Code from a Maldoc
2020-09-23Xavier MertensMalicious Word Document with Dynamic Content
2020-09-18Xavier MertensA Mix of Python & VBA in a Malicious Word Document
2020-08-31Didier StevensFinding The Original Maldoc
2020-08-29Didier StevensMalicious Excel Sheet with a NULL VT Score: More Info
2020-08-26Xavier MertensMalicious Excel Sheet with a NULL VT Score
2020-08-06Xavier MertensA Fork of the FTCode Powershell Ransomware
2020-08-03Xavier MertensPowershell Bot with Multiple C2 Protocols
2020-07-26Didier StevensCracking Maldoc VBA Project Passwords
2020-07-13Didier StevensVBA Project Passwords
2020-07-12Didier StevensMaldoc: VBA Purging Example
2020-05-13Brad DuncanMalspam with links to zip archives pushes Dridex malware
2020-04-08Brad DuncanGerman malspam pushes ZLoader malware
2020-03-25Brad DuncanRecent Dridex activity
2020-02-24Didier StevensMaldoc: Excel 4 Macros and VBA, Devil and Angel?
2020-02-22Xavier MertensSimple but Efficient VBScript Obfuscation
2020-02-07Xavier MertensSandbox Detection Tricks & Nice Obfuscation in a Single VBScript
2019-12-28Didier StevensCorrupt Office Documents
2019-12-23Didier StevensNew oledump.py plugin: plugin_version_vba
2019-12-22Didier StevensExtracting VBA Macros From .DWG Files
2019-12-16Didier StevensMalicious .DWG Files?
2019-12-09Didier Stevens(Lazy) Sunday Maldoc Analysis
2019-11-20Brad DuncanHancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike
2019-10-18Xavier MertensQuick Malicious VBS Analysis
2019-08-22Xavier MertensSimple Mimikatz & RDPWrapper Dropper
2019-05-01Didier StevensVBA Office Document: Which Version?
2019-02-14Xavier MertensOld H-Worm Delivered Through GitHub
2019-02-10Didier StevensVideo: Maldoc Analysis of the Weekend
2019-02-09Didier StevensMaldoc Analysis of the Weekend
2018-11-26Russ McReeViperMonkey: VBA maldoc deobfuscation
2018-09-13Xavier MertensMalware Delivered Through MHT Files
2018-08-24Xavier MertensMicrosoft Publisher Files Delivering Malware
2018-05-25Xavier MertensAntivirus Evasion? Easy as 1,2,3
2017-12-16Xavier MertensMicrosoft Office VBA Macro Obfuscation via Metadata
2017-11-15Xavier MertensIf you want something done right, do it yourself!
2017-11-07Xavier MertensInteresting VBA Dropper
2017-08-26Didier StevensMalware analysis: searching for dots
2017-07-08Xavier MertensA VBScript with Obfuscated Base64 Data
2017-03-12Guy BruneauHoneypot Logs and Tracking a VBE Script
2017-02-26Guy BruneauIt is Tax Season - Watch out for Suspicious Attachment
2016-12-24Didier StevensPinging All The Way
2016-11-18Didier StevensVBA Shellcode and Windows 10
2016-10-17Didier StevensMaldoc VBA Anti-Analysis: Video
2016-10-16Didier StevensAnalyzing Office Maldocs With Decoder.xls
2016-10-15Didier StevensMaldoc VBA Anti-Analysis
2016-09-26Didier StevensVBA and P-code
2016-03-29Didier StevensVBE: Encoded VBS Script
2016-03-07Xavier MertensAnother Malicious Document, Another Way to Deliver Malicious Code
2015-03-14Didier StevensMaldoc VBA Sandbox/Virtualization Detection
2015-02-20Tom WebbFast analysis of a Tax Scam
2013-11-19Johannes UllrichvBulletin.com Compromise - Possible 0-day
2010-07-23Mark HofmanvBulletin vB 3.8.6 vulnerability
2010-03-01Mark HofmanIE 0-day using .hlp files
2008-04-03Bojan ZdrnjaMixed (VBScript and JavaScript) obfuscation