Paul Rascagneres · @r00tbsd
1199 followers · 249 posts · Server infosec.exchange
I wrote a small Python library to extract metadata and embedded files in a #OneNote documents (.one). The OneNote file format is not really documented but it seems to work on the files I tested.
It is published on the @volexity GitHub repository: https://github.com/volexity/threat-intel/tree/main/tools/one-extract
It can be used in #standalone or included easily on any #pipeline.
#CTI #threathunting #maldoc #maliciousdocuments
#onenote #standalone #pipeline #cti #threathunting #maldoc #maliciousdocuments
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
PoetRAT Resurfaces in Attacks in Azerbaijan Amid Escalating Conflict - Spear-phishing attacks targeting VIPs and others show key malware changes and are likely linked to... https://threatpost.com/poetrat-resurfaces-azerbaijan-conflict/159917/ #thebrotherskaramazov #maliciousdocuments #malwareanalysis #microsoftword #spearphishing #publicsector #threatactors #websecurity #nationstate #government #azerbaijan #ciscotalos #dostoevsky #espionage #conflict #malware #armenia #poetrat #spyware
#spyware #poetrat #armenia #malware #conflict #espionage #dostoevsky #ciscotalos #azerbaijan #government #nationstate #websecurity #threatactors #publicsector #spearphishing #microsoftword #malwareanalysis #maliciousdocuments #thebrotherskaramazov
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
PoetRAT: Malware targeting public and private sector in Azerbaijan evolves - By Warren Mercer, Paul Rascagneres and Vitor Ventura.
The Azerbaijan public sector and other import... http://feedproxy.google.com/~r/feedburner/Talos/~3/HJ1mqTAdQDQ/poetrat-update.html #maliciousdocuments #azerbajian #poetrat #python #lua
#lua #python #poetrat #azerbajian #maliciousdocuments