Today I’m releasing my rtfdump.py tool to analyze RTF documents. I started working on it about a year ago, but I didn’t like the direction it took me in, and stopped working on it. About a week ago I started again with new samples, and I’m more satisfied now with the result.
I will post more information later. But if you want to get an idea how to use my tool, take a look at this analysis in SANS ISC Diary.
rtfdump_V0_0_2.zip (https)
MD5: 368CCACC556E283D5E1759ED5E164BFF
SHA256: DA9B0AB231B1ADBC1083FC0F915A789EF19A5F7540C317CFA80BF3DE038C7952
Didier Stevens 
[…] also showed how to use his new Python script rtfdump.py (version 0.0.2) to examine a malicious RTF file. The post goes through the various elements of the […]
Pingback by Week 30 – 2016 – This Week In 4n6 — Sunday 31 July 2016 @ 13:21
[…] Releasing rtfdump.py […]
Pingback by Overview of Content Published In July | Didier Stevens — Monday 1 August 2016 @ 0:01
Wouldn’t it be a good idea to throw this up on Github as well for easier source code management and visibility?
Comment by Chris Higgins — Tuesday 2 August 2016 @ 19:12
Well yes it would be a good idea. More than a year old: https://blog.didierstevens.com/didier-stevens-suite/
Comment by Didier Stevens — Tuesday 2 August 2016 @ 21:18