@bartblaze cc @DidierStevens OleDump does not recognize this as supported filetype (same as with XML trick). https://www.virustotal.com/en/file/b7823adf544e8aa6eaaf38bf7d371a63baa8b12da5847825b2b5d5801733b6cc/analysis/ …
Latest malware trick for Office docs: create .mht file, append Base64 encoded data (.mso) and rename to .doc.pic.twitter.com/qSsCEuMUUn
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bartblaze@Techhelplistcom *cough 91.227.18.]18/api/1.doc through 91.227.18.]18/api/30.doc -
@mesa_matt@Techhelplistcom hXXp://91.227.18.18/stat/get.php Oops. - Show replies
New conversation -
-
-
@Techhelplistcom@bartblaze Macros! Downloading from pastebins like: https://pastebin.com/VTd9HVkz They started doing this last week I believe. -
@mesa_matt@Techhelplistcom Yep, that's the one I found as well. Malware's been known to download from Pastebin for a while - but not macros - Show replies
New conversation -
-
-
@bartblaze@xme@DidierStevens implemented in olevba yesterday ;-) https://bitbucket.org/decalage/oletools … details here: https://bitbucket.org/decalage/oletools/issue/10 …Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bartblaze yes, a Word Document with interesting (hardcoded) hints...pic.twitter.com/7Ea0eGuwWM
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bartblaze this is actually even simpler: open a Word doc with macros, save as MHTML from Word, rename .mht to .docThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bartblaze it looks like the file I analyzed today ! -
@Elkaluche Which one was that? :)
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.