Detect Word documents exploiting embeddedHtml (Microsoft Office Online Video)

decalage2 / oletools

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

http://www.decalage.info/python/oletools

Other

2.9k stars 563 forks source link

Detect Word documents exploiting embeddedHtml (Microsoft Office Online Video) #363

Open decalage2 opened 5 years ago

decalage2 commented 5 years ago

See:

https://blog.cymulate.com/abusing-microsoft-office-online-video
https://github.com/rvrsh3ll/Word-Doc-Video-Embed-EXE-POC
https://blog.trendmicro.com/trendlabs-security-intelligence/hide-and-script-inserted-malicious-urls-within-office-documents-embedded-videos/

decalage2 commented 5 years ago

Does not look like a very good technique: https://twitter.com/ItsReallyNick/status/1058104194182377477