analyzing-macro-malware-in-office-documents
CommunityUncover macro malware in Office documents and IOCs.
AuthorAxxxxxxaaann
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Analyzing macro malware in Office documents is a challenge due to obfuscated VBA/XLM macros, making it hard to quickly identify payloads, IOCs, and persistence mechanisms.
Core Features & Use Cases
- VBA and XLM Macro Extraction: Detects and extracts macros from Word, Excel, and PowerPoint documents.
- Deobfuscation & Analysis: Applies deobfuscation techniques to reveal hidden commands, URLs, and IOCs.
- DDE/Remote Template Checks: Flags Dynamic Data Exchange usage and remote template injections for investigation.
- Workflow Guidance: Provides end-to-end guidance for triage, extraction, verification, and reporting.
Quick Start
Analyze a suspicious Office document suspected of containing macros to retrieve the deobfuscated macro and IOCs.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: analyzing-macro-malware-in-office-documents Download link: https://github.com/Axxxxxxaaann/KAIRI-Skills/archive/main.zip#analyzing-macro-malware-in-office-documents Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.