volexity / threat-intel Goto Github PK
View Code? Open in Web Editor NEWSignatures and IoCs from public Volexity blog posts.
License: Other
Signatures and IoCs from public Volexity blog posts.
License: Other
Volexity/threat-intel
Originally posted by @Sunshine4767 in #4 (comment)
Not necessarily an issue, but does there by chance exist a version of onenoteextractor that could write the extracted files to disc using their original file names?
First, thank you so much for providing this really cool tool!
Whilst it works perfectly for unencrypted files, I noticed that the output of encrypted contents seems to be broken at 4k boundaries. To reproduce, consider the attached two examples, containing exactly the same contents. The encrypted version requires the password GeHeIm
:
one-extract --extract-files --output-directory . --password GeHeIm Test-encrypted.one
one-extract --extract-files --output-directory . Test.one
The output files, ./Test-encrypted.one_0.extracted
and ./Test.one_0.extracted
are PNG images, of which the latter is usable, but the former is broken:
$ diff -u <(hd Test.one_0.extracted) <(hd Test-encrypted.one_0.extracted)
--- /dev/fd/63 2023-07-19 13:21:21.199984571 +0200
+++ /dev/fd/62 2023-07-19 13:21:21.183984571 +0200
@@ -253,8 +253,8 @@
00000fc0 32 5c 55 52 b2 60 d0 47 5a 50 1e f8 c2 60 76 52 |2\UR.`.GZP...`vR|
00000fd0 7d d3 c4 18 d4 81 82 b8 56 3a 37 b3 49 69 db 10 |}.......V:7.Ii..|
00000fe0 15 36 3a 35 e5 91 92 05 83 6a a4 28 7a 15 4b ba |.6:5.....j.(z.K.|
-00000ff0 58 ed 37 6a c8 06 52 cd dd 9c 52 88 42 b7 22 e6 |X.7j..R...R.B.".|
-00001000 3e 17 47 6f 5c 49 a7 a6 3c 52 b2 21 a9 2a 29 d9 |>.Go\I..<R.!.*).|
+00000ff0 58 ed 37 6a c8 06 52 cd 0d 55 2d 49 82 ec 01 0c |X.7j..R..U-I....|
+00001000 a1 09 4b cb 9d 93 93 f4 3c 52 b2 21 a9 2a 29 d9 |..K.....<R.!.*).|
00001010 86 d8 4b 3a d2 a8 f2 40 56 88 22 83 54 d7 9c 22 |..K:...@V.".T.."|
00001020 86 f5 2f 25 0a e8 ea ed 54 52 7a 82 69 dc 9b 42 |../%....TRz.i..B|
00001030 a7 a6 5c 52 b2 df 94 2a 29 55 30 e8 7d 0e 8e 15 |..\R...*)U0.}...|
@@ -509,8 +509,8 @@
00001fc0 da 70 52 76 5e e4 f0 92 4a 61 26 dd 45 6e b4 9c |.pRv^...Ja&.En..|
00001fd0 47 9a a1 fe 41 37 e9 da 73 27 3d 73 97 7b 3a b0 |G...A7..s'=s.{:.|
00001fe0 f2 fe 11 a3 49 51 a5 49 48 bf 6f 02 d2 bd 44 c5 |....IQ.IH.o...D.|
-00001ff0 f7 89 29 1e 69 66 80 4f 72 4f 27 83 67 45 95 7a |..).if.OrO'.gE.z|
-00002000 f3 88 cf 1a f4 35 ec 2d eb 36 98 f4 60 a3 39 48 |.....5.-.6..`.9H|
+00001ff0 f7 89 29 1e 69 66 80 4f 70 26 7b af da 20 52 d2 |..).if.Op&{.. R.|
+00002000 ad 7d 9a 01 ed e8 3e 91 eb 36 98 f4 60 a3 39 48 |.}....>..6..`.9H|
00002010 f5 ce 29 62 04 29 d9 3c c5 3b 15 22 43 ba 2e d0 |..)b.).<.;."C...|
00002020 27 0d b0 4d 8f b6 f9 27 c9 dc 7b c0 49 ed db 40 |'..M...'..{.I..@|
00002030 52 54 e1 04 52 3f 69 0e db b0 8c 21 4d 0d f4 49 |RT..R?i....!M..I|
@@ -765,8 +765,8 @@
00002fc0 ca 99 20 28 90 83 e2 8a 1a ef 79 3b a2 81 34 45 |.. (......y;..4E|
00002fd0 f5 8b d6 5a 87 f4 77 5f 31 03 69 53 a3 da 4e 96 |...Z..w_1.iS..N.|
00002fe0 bb f2 c9 66 b5 15 12 90 06 d2 6d 6a 7b 68 ce 02 |...f......mj{h..|
-00002ff0 d2 e0 92 a2 d6 7a f1 3e 2a dd 4f c1 d9 4b 55 3c |.....z.>*.O..KU<|
-00003000 3a b4 90 3a 52 c5 fd 27 ba 9e 47 56 22 3d 7f ee |:..:R..'..GV"=..|
+00002ff0 d2 e0 92 a2 d6 7a f1 3e 09 a6 20 4d 2f b3 be 0b |.....z.>.. M/...|
+00003000 39 da ee 10 ef 3d 3c 02 ba 9e 47 56 22 3d 7f ee |9....=<...GV"=..|
00003010 83 f0 93 22 7b 6a af 48 d4 97 b6 d4 1e 11 ac b0 |..."{j.H........|
00003020 38 1f 69 21 45 e8 11 51 4f aa 86 5c 64 21 d2 2f |8.i!E..QO..\d!./|
00003030 1f 32 07 29 42 eb 96 f2 ce 22 db a4 9c a9 36 6d |.2.)B...."....6m|
I use the tool on Debian Bookworm, running python3 v. 3.11.2 and the standard python3-msoffcrypto-tool
package (v. 5.0.0-1). Any idea how this issue could be fixed?
TIA, Albrecht.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.