Category: Uncategorized

  • Maldoc uses template injection for macro execution

    I recently came across a handful of malicious office documents (maldocs) whose network traffic struck me as a slightly odd. As you can see in the screenshot below, there are several HTTP requests to the hxxp://moveis-schuster-com.[ga] domain and some of these requests appear to be for a DOTM file. A DOTM file is a macro-enabled…