Threats That Hide in Your Microsoft Office Documents

This report outlines the abuse of Microsoft Office documents as a distribution vector for credential phishing and malware, covering embedded links, QR codes, VBA macros, and exploitation of CVE-2017-11882 and CVE-2017-0199. It details observed campaigns (Emotet, DarkGate) and payloads (FormBook, Agent Tesla), demonstrates typical infection chains (HTA in RTF, equation-editor buffer overflow, PowerShell IEX), and highlights the role of open-source tools in easing malicious document creation.