Recherche : [Excel] - Cyberveille

Excel(ent) Obfuscation: Regex Gone Rogue https://www.deepinstinct.com/blog/excellent-obfuscation-regex-gone-rogue

14/05/2025 19:42:34

Join Ido Kringel and the Deep Instinct Threat Research Team in this deep dive into a recently discovered, Office-based regex evasion technique

Microsoft Office-based attacks have long been a favored tactic amongst cybercriminals— and for good reason. Attackers frequently use Office documents in cyberattacks because they are widely trusted. These files, such as Word or Excel docs, are commonly exchanged in business and personal settings. They are also capable of carrying hidden malicious code, embedded macros, and external links that execute code when opened, especially if users are tricked into enabling features like macros.

Moreover, Office documents support advanced techniques like remote template injection, obfuscated macros, and legacy features like Excel 4.0 macros. These allow attackers to bypass antivirus detection and trigger multi-stage payloads such as ransomware or information-stealing malware.

Since Office files are familiar to users and often appear legitimate (e.g., invoices, resumes, or reports), they’re also highly effective tools in phishing and social engineering attacks.

This mixture of social credit and advanced attack characteristics unique to Office files, as well as compatibility across platforms and integration with scripting languages, makes them ideal for initiating sophisticated attacks with minimal user suspicion.

Last year, Microsoft announced the availability of three new functions that use Regular Expressions (regex) to help parse text more easily:

Regex are sequences of characters that define search patterns, primarily used for string matching and manipulation. They enable efficient text processing by allowing complex searches, replacements, and validations based on specific criteria.

Menace Unleashed: Excel File Deploys Cobalt Strike at Ukraine | Fortinet Blog https://www.fortinet.com/blog/threat-research/menace-unleashed-excel-file-deploys-cobalt-strike-at-ukraine

09/06/2024 16:31:33

FortiGuard Labs has recently identified a sophisticated cyberattack involving an Excel file embedded with a VBA macro designed to deploy a DLL file. Learn more.

Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware https://thehackernews.com/2023/12/hackers-exploiting-old-ms-excel.html?m=1

21/12/2023 19:57:57

Beware of phishing emails with invoice-themed attachments! Attackers are using an old Office vulnerability (CVE-2017-11882) to spread the Agent Tesla

Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins https://blog.talosintelligence.com/xlling-in-excel-malicious-add-ins/

26/12/2022 23:07:12

As more and more users adopt new versions of Microsoft Office, it is likely that threat actors will turn away from VBA-based malicious documents to other formats such as XLLs or rely on exploiting newly discovered vulnerabilities to launch malicious code.

Dead or Alive? An Emotet Story https://thedfirreport.com/2022/09/12/dead-or-alive-an-emotet-story/

12/09/2022 14:03:00

In this intrusion from May 2022, we observed a domain-wide compromise that started from a malware ridden Excel document containing the never-dying malware, Emotet. The post-exploitation started ver…

Liens par page

Filtres