S4E02: Weaponizing Office Documents with VBA Purging
State of the Hack
English - November 19, 2020 20:35 - 56 minutes - 42.9 MB - ★★★★★ - 28 ratingsTechnology News Tech News fireeye mandiant cybersecurity malware hacker Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: S4E01: KEGTAP-ing Out: Don't be a One Trickbot Pony
Next Episode: S4E03: Azure Got Run Over by a Refresh Token
Malicious Office document’s module streams that contain source code,
but no P-code are more likely to evade YARA rules and AV detection.
This evasion technique is called VBA purging; which is different than
the observed VBA stomping technique. In this episode we will discuss
what VBA purging is, the difference between purging and stomping, the
consequences of this technique, and a new tool created by Mandiant’s
Red Team called OfficePurge.