I published the following diary on isc.sans.org: “Maldoc with auto-updated link“. Yesterday, while hunting, I found another malicious document that (ab)used a Microsoft Word feature: auto-update of links. This feature is enabled by default for any newly created document (that was the case for my Word 2016 version). If you
