diff --git a/oletools/README.html b/oletools/README.html
index 6a9a798..8f157e6 100644
--- a/oletools/README.html
+++ b/oletools/README.html
@@ -19,11 +19,24 @@
oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics and debugging. It is based on the olefile parser. See http://www.decalage.info/python/oletools for more info.
-Quick links: Home page - Download/Install - Documentation - Report Issues/Suggestions/Questions - Contact the Author - Repository - Updates on Twitter
+Quick links: Home page - Download/Install - Documentation - Report Issues/Suggestions/Questions - Contact the Author - Repository - Updates on Twitter Cheatsheet
Note: python-oletools is not related to OLETools published by BeCubed Software.
News
-- 2018-02-18 v0.52:
+
- 2018-05-30 v0.53:
+
+- olevba and mraptor can now parse Word/PowerPoint 2007+ pure XML files (aka Flat OPC format)
+- improved support for VBA forms in olevba (oleform)
+- rtfobj now displays the CLSID of OLE objects, which is the best way to identify them. Known-bad CLSIDs such as MS Equation Editor are highlighted in red.
+- Updated rtfobj to handle obfuscated RTF samples.
+- rtfobj now handles the "\'" obfuscation trick seen in recent samples such as https://twitter.com/buffaloverflow/status/989798880295444480, by emulating the MS Word bug described in https://securelist.com/disappearing-bytes/84017/
+- msodde: improved detection of DDE formulas in CSV files
+- oledir now displays the tree of storage/streams, along with CLSIDs and their meaning.
+- common.clsid contains the list of known CLSIDs, and their links to CVE vulnerabilities when relevant.
+- oleid now detects encrypted OpenXML files
+- fixed bugs in oleobj, rtfobj, oleid, olevba
+
+- 2018-02-18 v0.52:
- New tool msodde to detect and extract DDE links from MS Office files, RTF and CSV;
- Fixed bugs in olevba, rtfobj and olefile, to better handle malformed/obfuscated files;
@@ -31,18 +44,6 @@
- VBA form parsing in olevba;
- Office 2007+ support in oleobj.
-- 2017-06-29 v0.51:
-
-- added the oletools cheatsheet
-- improved rtfobj to handle malformed RTF files, detect vulnerability CVE-2017-0199
-- olevba: improved deobfuscation and Mac files support
-- mraptor: added more ActiveX macro triggers
-- added DocVarDump.vba to dump document variables using Word
-- olemap: can now detect and extract extra data at end of file, improved display
-- oledir, olemeta, oletimes: added support for zip files and wildcards
-- many bugfixes in all the tools
-- improved Python 2+3 support
-
See the full changelog for more information.
@@ -65,7 +66,7 @@
olemap: to display a map of all the sectors in an OLE file.
-oletools are used by a number of projects and online malware analysis services, including Viper, REMnux, FAME, Hybrid-analysis.com, Joe Sandbox, Deepviz, Laika BOSS, Cuckoo Sandbox, Anlyz.io, ViperMonkey, pcodedmp, dridex.malwareconfig.com, and probably VirusTotal. (Please contact me if you have or know a project using oletools)
+oletools are used by a number of projects and online malware analysis services, including Viper, REMnux, FAME, Hybrid-analysis.com, Joe Sandbox, Deepviz, Laika BOSS, Cuckoo Sandbox, Anlyz.io, ViperMonkey, pcodedmp, dridex.malwareconfig.com, Snake, DARKSURGEON, and probably VirusTotal. (Please contact me if you have or know a project using oletools)
Download and Install:
The recommended way to download and install/update the latest stable release of oletools is to use pip:
diff --git a/oletools/README.rst b/oletools/README.rst
index bfc6e7e..bbf818d 100644
--- a/oletools/README.rst
+++ b/oletools/README.rst
@@ -21,6 +21,7 @@ Issues/Suggestions/Questions `__
- `Contact the Author `__ -
`Repository `__ - `Updates on
Twitter `__
+`Cheatsheet `__
Note: python-oletools is not related to OLETools published by BeCubed
Software.
@@ -28,7 +29,29 @@ Software.
News
----
-- **2018-02-18 v0.52**:
+- **2018-05-30 v0.53**:
+
+ - olevba and mraptor can now parse Word/PowerPoint 2007+ pure XML
+ files (aka Flat OPC format)
+ - improved support for VBA forms in olevba (oleform)
+ - rtfobj now displays the CLSID of OLE objects, which is the best
+ way to identify them. Known-bad CLSIDs such as MS Equation Editor
+ are highlighted in red.
+ - Updated rtfobj to handle obfuscated RTF samples.
+ - rtfobj now handles the "\'" obfuscation trick seen in recent
+ samples such as
+ https://twitter.com/buffaloverflow/status/989798880295444480, by
+ emulating the MS Word bug described in
+ https://securelist.com/disappearing-bytes/84017/
+ - msodde: improved detection of DDE formulas in CSV files
+ - oledir now displays the tree of storage/streams, along with CLSIDs
+ and their meaning.
+ - common.clsid contains the list of known CLSIDs, and their links to
+ CVE vulnerabilities when relevant.
+ - oleid now detects encrypted OpenXML files
+ - fixed bugs in oleobj, rtfobj, oleid, olevba
+
+- 2018-02-18 v0.52:
- New tool
`msodde `__ to
@@ -39,28 +62,6 @@ News
- VBA form parsing in olevba;
- Office 2007+ support in oleobj.
-- 2017-06-29 v0.51:
-
- - added the `oletools
- cheatsheet `__
- - improved
- `rtfobj `__ to
- handle malformed RTF files, detect vulnerability CVE-2017-0199
- - olevba: improved deobfuscation and Mac files support
- - `mraptor `__:
- added more ActiveX macro triggers
- - added
- `DocVarDump.vba `__
- to dump document variables using Word
- - olemap: can now detect and extract `extra data at end of
- file `__, improved display
- - oledir, olemeta, oletimes: added support for zip files and
- wildcards
- - many
- `bugfixes `__
- in all the tools
- - improved Python 2+3 support
-
See the `full
changelog `__ for
more information.
@@ -123,8 +124,10 @@ Sandbox `__,
`Anlyz.io `__,
`ViperMonkey `__,
`pcodedmp `__,
-`dridex.malwareconfig.com `__, and
-probably `VirusTotal `__. (Please `contact
+`dridex.malwareconfig.com `__,
+`Snake `__,
+`DARKSURGEON `__, and probably
+`VirusTotal `__. (Please `contact
me <(http://decalage.info/contact)>`__ if you have or know a project
using oletools)
diff --git a/oletools/doc/Home.html b/oletools/doc/Home.html
index 930c429..d913eb1 100644
--- a/oletools/doc/Home.html
+++ b/oletools/doc/Home.html
@@ -16,7 +16,7 @@
-
+
This is the home page of the documentation for python-oletools. The latest version can be found online, otherwise a copy is provided in the doc subfolder of the package.
python-oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics and debugging. It is based on the olefile parser. See http://www.decalage.info/python/oletools for more info.
Quick links: Home page - Download/Install - Documentation - Report Issues/Suggestions/Questions - Contact the Author - Repository - Updates on Twitter
diff --git a/oletools/doc/Home.md b/oletools/doc/Home.md
index cb00046..29c03f4 100644
--- a/oletools/doc/Home.md
+++ b/oletools/doc/Home.md
@@ -1,4 +1,4 @@
-python-oletools v0.52 documentation
+python-oletools v0.53 documentation
===================================
This is the home page of the documentation for python-oletools. The latest version can be found