VBA – Page 2 – WindowsTechs.com

[SANS ISC] VBA Macro Trying to Alter the Application Menus

Posted on February 5, 2021 by Xavier

I published the following diary on isc.sans.edu: “VBA Macro Trying to Alter the Application Menus‘”: Who remembers the worm Melissa? It started to spread in March 1999! In information security, it looks like speaking about prehistory but I spotted a VBA macro that tried to use the same defensive technique

The post [SANS ISC] VBA Macro Trying to Alter the Application Menus appeared first on /dev/random.

Continue reading [SANS ISC] VBA Macro Trying to Alter the Application Menus→

[SANS ISC] New Example of XSL Script Processing aka “Mitre T1220”

Posted on February 2, 2021 by Xavier

I published the following diary on isc.sans.edu: “New Example of XSL Script Processing aka ‘Mitre T1220‘”: Last week, Brad posted a diary about TA551. A few days later, one of our readers submitted another sample belonging to the same campaign. Brad had a look at the traffic so I decided

The post [SANS ISC] New Example of XSL Script Processing aka “Mitre T1220” appeared first on /dev/random.

Continue reading [SANS ISC] New Example of XSL Script Processing aka “Mitre T1220”→

[SANS ISC] A Mix of Python & VBA in a Malicious Word Document

Posted on September 18, 2020 by Xavier

I published the following diary on isc.sans.edu: “A Mix of Python & VBA in a Malicious Word Document“: A few days ago, Didier wrote an interesting diary about embedded objects into an Office document. I had a discussion about an interesting OLE file that I found. Because it used the same

The post [SANS ISC] A Mix of Python & VBA in a Malicious Word Document appeared first on /dev/random.

Continue reading [SANS ISC] A Mix of Python & VBA in a Malicious Word Document→

[SANS ISC] Malicious Excel Sheet with a NULL VT Score

Posted on August 26, 2020 by Xavier

I published the following diary on isc.sans.edu: “Malicious Excel Sheet with a NULL VT Score“: Just a quick diary today to demonstrate, once again, that relying only on a classic antivirus solution is not sufficient in 2020. I found a sample that just has a very nice score of 0/57 on VT. Yes, according to

The post [SANS ISC] Malicious Excel Sheet with a NULL VT Score appeared first on /dev/random.

Continue reading [SANS ISC] Malicious Excel Sheet with a NULL VT Score→

CISA Warns of Phishing Campaign Used to Deploy KONNI Malware

Posted on August 18, 2020 by Silviu STAHIE

The Cybersecurity and Infrastructure Security Agency (CISA) advised users to be wary of an email attachment containing a malicious Microsoft Word document that’s used to deploy KONNI malware. Phishing is one of the main methods hackers use to spread ma… Continue reading CISA Warns of Phishing Campaign Used to Deploy KONNI Malware→

[SANS ISC] Antivirus Evasion? Easy as 1,2,3

Posted on May 25, 2018 by Xavier

I published the following diary on isc.sans.org: “Antivirus Evasion? Easy as 1,2,3“: For a while, ISC handlers have demonstrated several obfuscation techniques via our diaries. We always told you that attackers are trying to find new techniques to hide their content to not be flagged as malicious by antivirus products.

[The post [SANS ISC] Antivirus Evasion? Easy as 1,2,3 has been first published on /dev/random]

Continue reading [SANS ISC] Antivirus Evasion? Easy as 1,2,3→

[SANS ISC] Microsoft Office VBA Macro Obfuscation via Metadata

Posted on December 16, 2017 by Xavier

I published the following diary on isc.sans.org: “Microsoft Office VBA Macro Obfuscation via Metadata“: Often, malicious macros make use of the same functions to infect the victim’s computer. If a macro contains these strings, it can be flagged as malicious or, at least, considered as suspicious. Some examples of suspicious functions

[The post [SANS ISC] Microsoft Office VBA Macro Obfuscation via Metadata has been first published on /dev/random]

Continue reading [SANS ISC] Microsoft Office VBA Macro Obfuscation via Metadata→

[SANS ISC] Interesting VBA Dropper

Posted on November 7, 2017 by Xavier

I published the following diary on isc.sans.org: “Interesting VBA Dropper“. Here is another sample that I found in my spam trap. The technique to infect the victim’s computer is interesting. I captured a mail with a malicious RTF document (SHA256: c247929d3f5c82247db9102d2dec28c27f73dc0824f8b386f92aad1a22fd8edd) that exploits the OLE2Link vulnerability (CVE-2017-0199). Once opened, the

[The post [SANS ISC] Interesting VBA Dropper has been first published on /dev/random]

Continue reading [SANS ISC] Interesting VBA Dropper→

[SANS ISC] Base64 All The Things!

Posted on October 9, 2017 by Xavier

I published the following diary on isc.sans.org: “Base64 All The Things!“. Here is an interesting maldoc sample captured with my spam trap. The attached file is “PO# 36-14673.DOC” and has a score of 6 on VT. The file contains Open XML data that refers to an invoice.. [Read more]

[The post [SANS ISC] Base64 All The Things! has been first published on /dev/random]

Continue reading [SANS ISC] Base64 All The Things!→

Wolf in sheep’s clothing: a SophosLabs investigation into delivering malware via VBA

Posted on May 31, 2017 by Bill Brenner

SophosLabs gets under the skin of the bad guys’ latest attempt to drop ransomware on to your PCs Continue reading Wolf in sheep’s clothing: a SophosLabs investigation into delivering malware via VBA→