optiv/Ivy: Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment to load, decrypt and execute shellcode.
January 12, 2022 at 3:34:45 PM UTC - permalink -

- https://github.com/optiv/Ivy

ApoMacroSploit : Apocalyptical FUD race - Check Point Research
February 19, 2021 at 12:54:42 PM UTC - permalink -

- https://research.checkpoint.com/2021/apomacrosploit-apocalyptical-fud-race/

DissectMalware/XLMMacroDeobfuscator: Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
July 18, 2020 at 12:29:37 AM UTC - permalink -

- https://github.com/DissectMalware/XLMMacroDeobfuscator

sevagas/macro_pack: macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.
July 16, 2020 at 9:50:08 AM UTC - permalink -

- https://github.com/sevagas/macro_pack

SYLKin Attack: New Malicious .slk files are bypassing Microsoft 365 Security, Risking 200M+ Users
July 10, 2020 at 9:27:42 AM UTC - permalink -

- https://www.avanan.com/blog/sylkin-attack-bypassing-microsoft-365-security-risking-users

GitHub - Mr-Un1k0d3r/DKMC: DKMC - Dont kill my cat - Malicious payload evasion tool
April 15, 2020 at 2:40:14 PM UTC - permalink -

- https://github.com/Mr-Un1k0d3r/DKMC

GitHub - felamos/weirdhta: A python tool to create obfuscated HTA script.
April 15, 2020 at 2:39:46 PM UTC - permalink -

- https://github.com/felamos/weirdhta