Finding Property Values in Office Documents, (Sat, Feb 16th)

In diary entry “Maldoc Analysis of the Weekend”, I use the strings method explained in diary entry “Quickie: String Analysis is Still Useful” to quickly locate the PowerShell command hidden in a malicious Word document.

Old H-Worm Delivered Through GitHub, (Thu, Feb 14th)

Another piece of malicious code spotted on GitHub this time. By the way, this is the perfect example to demonstrate that protecting users via a proxy with web-categorization is useless… Event sites from the Alexa Top-1M may deliver malicious content (Github current position is 51[1]). The URL has been found in a classic email phishing […]

Suspicious PDF Connecting to a Remote SMB Share, (Thu, Feb 14th)

Yesterday I stumbled upon a PDF file that was flagged as suspicious by a customer’s anti-malware solution and placed in the quarantine. Later, the recipient contacted the team in charge of emails to access his document because he knew the sender and pretended that the file was legit.

Microsoft February 2019 Patch Tuesday, (Tue, Feb 12th)

This month, we got patches for 74 vulnerabilities in total. One of them has been exploited and two vulnerabilities have been made public before today. 

Have You Seen an Email Virus Recently?, (Mon, Feb 11th)

I did some research into the delivery of the malicious documents I analyzed this weekend (diary entries here and here).