Here's an extra tip to my diary entry "Simple Tips For Triage Of MALWARE Bazaar's Daily Malware Batches". You can also use YARA rules together with my zipdump tool: I'm using 2 simples rules to detect Office documents with VBA macros:
Rule olevba is for binary (ole) office documents, and rule pkvba is for OOXML documents. Remark: these rules are designed for triage: they might generate false positives or negatives. Didier Stevens |
DidierStevens 638 Posts ISC Handler Aug 16th 2021 |
Thread locked Subscribe |
Aug 16th 2021 9 months ago |
Sign Up for Free or Log In to start participating in the conversation!