I made a video for yesterday’s diary entry “Maldoc Analysis of the Weekend” (the analysis of a Word document with VBA launching a PowerShell command).
The sample I use in this video is different from yesterday’s sample: I start with an email (.msg file) containing the maldoc in a password protected ZIP attachment. Unfortunately, I can’t share the content of this email. But I’m looking for similar samples that I can share.
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.