Tools: zipdump.py, CyberChef

ISC diary entry: “Analyzing Obfuscated VBS with CyberChef“

Sample: malwarebazaar

Tools: 1768.py, xor-kpa.py, pecheck.py, translate.py, strings.py

Diary entry: Analysis of an Encoded Cobalt Strike Beacon

Sample: e652ee076aded6b2c8b4e3e8ee83ed9423019d0a9aacbd38837d251191972bef

Tools: oledump.py, re-search.py, hex-to-bin.py, translate.py, xorsearch, strings.py

Diary entries: “VBA Maldoc & UTF7 (APT-C-35)“, “Update: VBA Maldoc & UTF7 (APT-C-35)“

Sample: 394c97cc9d567e556a357f129aea03f737cbd2a1761df32146ef69d93afc73dc, MalwareBazaar

Tools: jpegdump.py, base64dump.py, pecheck.py, headtail.py

ISC diary entry: James Webb JPEG With Malware

Sample: 3bdf6d9f0f35be75d8345d897ec838ae231ba01ae898f6d0c8f920ff4061fc22, MalwareBazaar