.. /.Dotm

Phishing

Double Click

Contributors:

mr.d0x

Description:

DOTM is a Microsoft Macro-Enabled Word template file. It can be used to execute malicious macros.

OS:

Windows

Mac

Recommendation:

Disable macros via GPO and whitelist the users that are permitted to run macros. For end users, turn off macros from Word's settings.

Resources:

https://www.sophos.com/en-us/security-news-trends/security-trends/the-rise-of-document-based-malware.aspx

File Samples: