Is your feature request related to a problem? Please describe.
From a discussion on a list, tracking that base64 or other encoding is used in a maldoc can be a useful TTP to note. There are four locations in the source code that base64 is decoded, but the one in vipermonkey/core/expressions.py doesn't log.
Describe the solution you'd like
I can add logging after lines 640 and 644, but I wanted to check to make sure the correct log level is used. I see warning used sometimes and debug used in other locations. Which level is appropriate for this? I can create a PR based on which one is appropriate.
Is your feature request related to a problem? Please describe. From a discussion on a list, tracking that base64 or other encoding is used in a maldoc can be a useful TTP to note. There are four locations in the source code that base64 is decoded, but the one in vipermonkey/core/expressions.py doesn't log.
Describe the solution you'd like I can add logging after lines 640 and 644, but I wanted to check to make sure the correct log level is used. I see warning used sometimes and debug used in other locations. Which level is appropriate for this? I can create a PR based on which one is appropriate.