Tools: pngdump.py, byte-stats.py, translate.py, decrypt-icedid.py, strings.py
Sample: 8fca57502cbd74502560bf963f3fd78acfc922b43d5973a0cd8f28426214abca
SANS ISC Diary entry: PNG Analysis
Tools: pngdump.py, byte-stats.py, translate.py, decrypt-icedid.py, strings.py
Sample: 8fca57502cbd74502560bf963f3fd78acfc922b43d5973a0cd8f28426214abca
SANS ISC Diary entry: PNG Analysis
Tools: base64dump.py, zipdump.py, isodump.py, pecheck.py
Sample: 79cd49dc922c41b2845787c7835063e6ed77507001df133e7d7aafa3d13b6e20
SANS ISC Diary entry: Analysis of a Malicious HTML File (QBot)
Tools: zipdump.py, CyberChef
ISC diary entry: “Analyzing Obfuscated VBS with CyberChef“
Sample: malwarebazaar
Tools: jpegdump.py, base64dump.py, pecheck.py, headtail.py
ISC diary entry: James Webb JPEG With Malware
Sample: 3bdf6d9f0f35be75d8345d897ec838ae231ba01ae898f6d0c8f920ff4061fc22, MalwareBazaar
Tools: 1768.py
Tools: oledump.py
Sample: f0deca3a062a057b45bd075aef290b9bd88180c4f72743c29907dc3b934121d8
ISC diary entry: Maldoc: non-ASCII VBA Identifiers
Sample: 402a722d58368018ffb78eda78280a3f1e6346dd8996b4e4cd442f30e429a5cf
Tools: strings.py, base64dump.py, re-search.py, byte-stats.py
ISC Diary Entry: Decoding Obfuscated BASE64 Statistically
Tools: rtfdump.py, oledump.py, olemake.py (private tool, not available for download)