Summary

This article delves deeper into the malevolent OOXML and embedded Rich Text Format (RTF) document exploit deployed in targeted attacks against government entities. We look at the anatomy of RTF documents and will endeavor to programmatically reconstruct the malicious document using the same technique and complete it with a sample code. After that, we will try to understand the attack chain too.

Description