Open
Description
- for each check/indicator, report risk level = info/none/low/medium/high
- identify file type and container with ftguess
- report most useful properties
- detect VBA macros with olevba => medium
- detect suspicious VBA macros with mraptor => high
- detect XLM macros with olevba => medium
- detect VBA stomping with olevba => high
- detect encryption => info
- detect OLE objects with rtfobj/oleobj => low
- OLE objects related to CVE => high risk
- OLE package => medium
- OLE package with executable extension => high
- remote template, OLE object, frame, etc with oleobj => medium/high
- overlay data with olemap => medium
- report extracted IOCs?