Analyzing Malicious Office Macros: Step-by-Step
A 2026 phishing campaign hid a full attack chain inside a .docm invoice file. This walkthrough uses olevba and PowerShell forensics to decode the macro, expose the C2 address, and trace persistence on a compromised host.
