Excel Archives - /dev/random

[SANS ISC] XLSB Files: Because Binary is Stealthier Than XML

March 25, 2022 Malware, SANS Internet Storm Center, Security Leave a comment

I published the following diary on isc.sans.edu: “XLSB Files: Because Binary is Stealthier Than XML“: In one of his last diaries, Brad mentioned an Excel sheet named with a .xlsb extension. Now, it was my turn to find one… What’s the magic behind this file extension? “XLS” means that we

[SANS ISC] Malicious Excel Sheet with a NULL VT Score

August 26, 2020 Malware, SANS Internet Storm Center, Security One comment

I published the following diary on isc.sans.edu: “Malicious Excel Sheet with a NULL VT Score“: Just a quick diary today to demonstrate, once again, that relying only on a classic antivirus solution is not sufficient in 2020. I found a sample that just has a very nice score of 0/57 on VT. Yes, according to

[SANS ISC] A Safe Excel Sheet Not So Safe

March 6, 2020 Malware, SANS Internet Storm Center, Security 2 comments

I published the following diary on isc.sans.edu: “A Safe Excel Sheet Not So Safe“: I discovered a nice sample yesterday. This excel sheet was found in a mail flagged as â€œsuspiciousâ€ by a security appliance. The recipient asked to release the mail from the quarantine because â€œit was sent from

[SANS ISC] New Campaign Using Old Equation Editor Vulnerability

October 11, 2018 Malware, SANS Internet Storm Center, Security Leave a comment

I published the following diary on isc.sans.edu: “New Campaign Using Old Equation Editor Vulnerability“: Yesterday, I found a phishing sample that looked interesting: From: sales@tjzxchem[.]com To: me Subject: RE: Re: Proforma Invoice INV 075 2018-19 â€™08 Reply-To: exports.sonyaceramics@gmail[.]com [Read more]

[SANS ISC] More Excel DDE Code Injection

September 28, 2018 Malware, SANS Internet Storm Center, Security Leave a comment

I published the following diary on isc.sans.edu: “More Excel DDE Code Injection“: The â€œDDE code injectionâ€ technique is not brand new. DDE stands for â€œDynamic Data Exchangeâ€. It has already been discussed by many security researchers. Just a quick reminder for those who missed it. In Excel, it is possibleÂ to

[SANS ISC] Malware Distributed via .slk Files

May 22, 2018 Malware, SANS Internet Storm Center, Security One comment

I published the following diary on isc.sans.org: “Malware Distributed via .slk Files“: Attackers are always trying to find new ways to infect computers by luring not only potential victims but also security controls like anti-virus products. Do you know what SYLK files are? SYmbolic LinK files (they use the .slk

Automatic Extraction of Data from Excel Sheet

October 24, 2017 Software, Unix 3 comments

Excel sheetsÂ are very common files in corporate environments. It’s definitively not a security tool but it’s not rare to find useful information stored in such files. When these data must be processed for threat hunting or to collect IOC’s, it is mandatory to automate, as much as possible, the processing