S4E02: Weaponizing Office Documents with VBA Purging

Malicious Office document’s module streams that contain source code, but no P-code are more likely to evade YARA rules and AV detection. This evasion technique is called VBA purging; which is different than the observed VBA stomping technique. In this episode we will discuss what VBA purging is, the difference between purging and stomping, the consequences of this technique, and a new tool created by Mandiant’s Red Team called OfficePurge.

Om Podcasten

State of the Hack is FireEye’s monthly series, hosted by Christopher Glyer (@cglyer) and Nick Carr (@itsreallynick), that discusses the latest in information security, digital forensics, incident response, cyber espionage, APT attack trends, and tales from the front lines of significant targeted intrusions.