Idea - Summary #57
Assignees
Labels
enhancement
New feature or request
Comments
|
Good idea. Did you used --output-level switch?
Currently, it is only suppress uninteresting XLM macros However, I can extend this to also remove uninteresting defined names ... |
|
I have to be honest, I did not test the --output-level, and it kinda does what I was looking for. I'm sorry to have bothered without having tested each switch. |
|
No worries. But still I think there is a room to better control the output. Currently, only macros can be filtered using this switch. May it is also a good idea to filter defined name, memory and file dumps. So, I will leave this issue open for improving this part of the project. Feel free to share your ideas on how we can improve this part. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, I have inserted XlmMacroDeobfuscator inside IntelOwl (intelowlproject/IntelOwl#196) to have a better understanding of the malware campaigns that are running these days in Italy.
To have a report, i'm abusing the json format, but the the entire json is quite big and hard to read if you don't know what you are looking for.
Would be a good idea to have a summary of what have been found? My personal use case would be find urls, allowing to easily find the document requests and the next payload to analyse. Don't get me wrong, is easy to make a regex to find the urls inside the report myself, but inside IntelOwl we decided to touch the tool result the least possible.
The text was updated successfully, but these errors were encountered: