| 2022-04-20 | Brad Duncan | "aa" distribution Qakbot (Qbot) infection with DarkVNC traffic |
| 2022-03-25 | Xavier Mertens | XLSB Files: Because Binary is Stealthier Than XML |
| 2022-01-22 | Xavier Mertens | Mixed VBA & Excel4 Macro In a Targeted Excel Sheet |
| 2021-12-20 | Jan Kopriva | PowerPoint attachments, Agent Tesla and code reuse in malware |
| 2021-12-02 | Brad Duncan | TA551 (Shathak) pushes IcedID (Bokbot) |
| 2021-09-23 | Xavier Mertens | Excel Recipe: Some VBA Code with a Touch of Excel4 Macro |
| 2021-09-01 | Brad Duncan | STRRAT: a Java-based RAT that doesn't care if you have Java |
| 2021-08-06 | Xavier Mertens | Malicious Microsoft Word Remains A Key Infection Vector |
| 2021-04-23 | Xavier Mertens | Malicious PowerPoint Add-On: "Small Is Beautiful" |
| 2021-03-03 | Brad Duncan | Qakbot infection with Cobalt Strike |
| 2021-02-23 | Jan Kopriva | Qakbot in a response to Full Disclosure post |
| 2021-02-05 | Xavier Mertens | VBA Macro Trying to Alter the Application Menus |
| 2021-02-03 | Brad Duncan | Excel spreadsheets push SystemBC malware |
| 2021-02-02 | Xavier Mertens | New Example of XSL Script Processing aka "Mitre T1220" |
| 2021-01-26 | Brad Duncan | TA551 (Shathak) Word docs push Qakbot (Qbot) |
| 2021-01-20 | Brad Duncan | Qakbot activity resumes after holiday break |
| 2021-01-14 | Bojan Zdrnja | Dynamically analyzing a heavily obfuscated Excel 4 macro malicious file |
| 2021-01-13 | Brad Duncan | Hancitor activity resumes after a hoilday break |
| 2020-12-09 | Brad Duncan | Recent Qakbot (Qbot) activity |
| 2020-11-09 | Xavier Mertens | How Attackers Brush Up Their Malicious Scripts |
| 2020-10-26 | Didier Stevens | Excel 4 Macros: "Abnormal Sheet Visibility" |
| 2020-10-14 | Brad Duncan | More TA551 (Shathak) Word docs push IcedID (Bokbot) |
| 2020-09-23 | Xavier Mertens | Malicious Word Document with Dynamic Content |
| 2020-09-18 | Xavier Mertens | A Mix of Python & VBA in a Malicious Word Document |
| 2020-09-10 | Brad Duncan | Recent Dridex activity |
| 2020-08-26 | Xavier Mertens | Malicious Excel Sheet with a NULL VT Score |
| 2020-08-19 | Xavier Mertens | Example of Word Document Delivering Qakbot |
| 2020-08-07 | Brad Duncan | TA551 (Shathak) Word docs push IcedID (Bokbot) |
| 2020-08-06 | Xavier Mertens | A Fork of the FTCode Powershell Ransomware |
| 2020-08-03 | Xavier Mertens | Powershell Bot with Multiple C2 Protocols |
| 2020-07-15 | Brad Duncan | Word docs with macros for IcedID (Bokbot) |
| 2020-07-10 | Brad Duncan | Excel spreasheet macro kicks off Formbook infection |
| 2020-06-12 | Xavier Mertens | Malicious Excel Delivering Fileless Payload |
| 2020-06-10 | Brad Duncan | Job application-themed malspam pushes ZLoader |
| 2020-06-01 | Didier Stevens | XLMMacroDeobfuscator: An Update |
| 2020-05-20 | Brad Duncan | Microsoft Word document with malicious macro pushes IcedID (Bokbot) |
| 2020-04-05 | Guy Bruneau | Maldoc XLS Invoice with Excel 4 Macros |
| 2020-03-29 | Didier Stevens | Obfuscated Excel 4 Macros |
| 2020-03-18 | Brad Duncan | Trickbot gtag red5 distributed as a DLL file |
| 2020-03-09 | Didier Stevens | Malicious Spreadsheet With Data Connection and Excel 4 Macros |
| 2020-03-06 | Xavier Mertens | A Safe Excel Sheet Not So Safe |
| 2020-02-24 | Didier Stevens | Maldoc: Excel 4 Macros and VBA, Devil and Angel? |
| 2020-02-23 | Didier Stevens | Maldoc: Excel 4 Macros in OOXML Format |
| 2020-02-21 | Xavier Mertens | Quick Analysis of an Encrypted Compound Document Format |
| 2020-01-22 | Brad Duncan | German language malspam pushes Ursnif |
| 2020-01-09 | Xavier Mertens | Quick Analyzis of a(nother) Maldoc |
| 2019-12-11 | Brad Duncan | German language malspam pushes yet another wave of Trickbot |
| 2019-12-04 | Jan Kopriva | Analysis of a strangely poetic malware |
| 2019-10-02 | Brad Duncan | A recent example of Emotet malspam |
| 2019-09-18 | Brad Duncan | Emotet malspam is back |
| 2019-06-18 | Brad Duncan | Malspam with password-protected Word docs pushing Dridex |
| 2019-03-17 | Didier Stevens | Video: Maldoc Analysis: Excel 4.0 Macro |
| 2019-03-16 | Didier Stevens | Maldoc: Excel 4.0 Macros |
| 2019-03-13 | Brad Duncan | Malspam pushes Emotet with Qakbot as the follow-up malware |
| 2019-01-24 | Brad Duncan | Malspam with Word docs uses macro to run Powershell script and steal system data |
| 2018-12-18 | Brad Duncan | Malspam links to password-protected Word docs that push IcedID (Bokbot) |
| 2018-11-15 | Brad Duncan | Emotet infection with IcedID banking Trojan |
| 2018-08-24 | Xavier Mertens | Microsoft Publisher Files Delivering Malware |
| 2018-05-25 | Xavier Mertens | Antivirus Evasion? Easy as 1,2,3 |
| 2018-05-01 | Xavier Mertens | Diving into a Simple Maldoc Generator |
| 2017-12-19 | Xavier Mertens | Example of 'MouseOver' Link in a Powerpoint File |
| 2017-12-16 | Xavier Mertens | Microsoft Office VBA Macro Obfuscation via Metadata |
| 2017-11-15 | Xavier Mertens | If you want something done right, do it yourself! |
| 2017-02-26 | Guy Bruneau | It is Tax Season - Watch out for Suspicious Attachment |
| 2016-09-30 | Xavier Mertens | Another Day, Another Malicious Behaviour |
| 2015-02-19 | Daniel Wesemann | Macros? Really?! |
https://www.sans.edu
