Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

oleid: improvements for oletools 0.60 #679

Open
8 of 15 tasks
decalage2 opened this issue May 18, 2021 · 0 comments
Open
8 of 15 tasks

oleid: improvements for oletools 0.60 #679

decalage2 opened this issue May 18, 2021 · 0 comments

Comments

@decalage2
Copy link
Owner

decalage2 commented May 18, 2021

  • for each check/indicator, report risk level = info/none/low/medium/high
  • identify file type and container with ftguess
  • report most useful properties
  • detect VBA macros with olevba => medium
  • detect suspicious VBA macros with mraptor => high
  • detect XLM macros with olevba => medium
  • detect VBA stomping with olevba => high
  • detect encryption => info
  • detect OLE objects with rtfobj/oleobj => low
  • OLE objects related to CVE => high risk
  • OLE package => medium
  • OLE package with executable extension => high
  • remote template, OLE object, frame, etc with oleobj => medium/high
  • overlay data with olemap => medium
  • report extracted IOCs?
@decalage2 decalage2 self-assigned this May 18, 2021
@decalage2 decalage2 added this to the oletools 0.60 milestone May 18, 2021
decalage2 added a commit that referenced this issue May 18, 2021
c-rosenberg pushed a commit to HeinleinSupport/oletools that referenced this issue Dec 2, 2021
ljuturu pushed a commit to ljuturu/oletools that referenced this issue Apr 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant