MalDoc in PDF - Detection bypass by embedding a malicious Word file into a PDF file –

JPCERT/CC details a new technique, "MalDoc in PDF", where an attacker appends a Word MHT file containing VBA macros to a PDF file so it retains PDF headers yet opens in Microsoft Word and can execute macros; this enables evasion of PDF-focused scanners and some automated analysis. The advisory includes example YARA detection, recommends using olevba to extract and analyze embedded macros, and publishes C2 domains and three malware hashes observed in the July incident.