Tool: zoneidentifier.exe
ISC Diary Entry: Office Protects You From Malicious ISO Files
Tools: zipdump.py, strings.py and myjson-filter.py.
ISC diary entry: Method For String Extraction Filtering
Tools: oledump.py, OLETemplate.bt, 010 Editor
ISC Diary Entry: Maldoc Cleaned by Anti-Virus
Sample: 0f609e43fa76afd4e2e916acb2ab54cc8fce64750ec372f716b42f34db3da0ce
Tools: oledump.py, xorsearch, scdbg
ISC Diary Entry: A Good Old Equation Editor Vulnerability Delivering Malware
Sample: c82724520ee5ffbcc6ee13c76d004aa903c2f70c93c505df87fe46e5e8cc53a9
Tools: base64dump.py, translate.py, 1768.py, pecheck.py
ISC Diary Entry: Attackers are abusing MSBuild to evade defenses and implant Cobalt Strike beacons
Tools: oledump.py, zipdump.py
ISC diary entries: Simple YARA Rules for Office Maldocs, YARA Rule for OOXML Maldocs: Less False Positives
Sample: a9490d94cf547e27dcc0d52dc72e74e7
Tools: oledump.py, zipdump.py, xmldump.py, translate.py, base64dump.py
ISC Diary entry: Obfuscated Maldoc: Reversed BASE64
Tool: zipdump.py
ISC diary entries: Reader Malware: ZIP/HTML Phish, Phishing ZIP With Malformed Filename, Video: Phishing ZIP With Malformed Filename