The plugin_dridex plugin was updated.
And oledump.py has a new option: –quiet: only print output from plugins.
Several dridex .doc examples that do not seem to decode under oledump v0.0.9, via http or dridex plugin.
Comment by Anonymous — Friday 20 February 2015 @ 1:42
got another .doc sample which was detected by 1/57 in virustotal see: 1cf2218f95300c6a963976d154af0700113fd8e7e120654af70d4b976ec5c163
the filename changes at the end with numbers so it seems like some champaign
maybe worth a look
Comment by stefan — Wednesday 25 February 2015 @ 16:43
RSS feed for comments on this post. TrackBack URI
Fill in your details below or click an icon to log in:
You are commenting using your WordPress.com account. ( Log Out / Change )
You are commenting using your Twitter account. ( Log Out / Change )
You are commenting using your Facebook account. ( Log Out / Change )
You are commenting using your Google+ account. ( Log Out / Change )
Connecting to %s
Notify me of new comments via email.
Notify me of new posts via email.
Blog at WordPress.com.