Excel(ent) Obfuscation: Regex Gone Rogue

Description

A new Excel-based attack technique leverages recently introduced regex functions for advanced code obfuscation. The proof-of-concept demonstrates how malicious actors can use REGEXEXTRACT to hide PowerShell commands within large text blocks, significantly reducing antivirus detection rates. This method outperforms traditional obfuscation techniques, dropping VirusTotal detections from 22 to just 2. The approach also evades heuristic analysis tools like OLEVBA. While currently limited by Microsoft's default macro security and the functions' limited availability, this technique could potentially be combined with more sophisticated attack methods as it becomes more widely accessible.