.. /.Odt

Exploit
Phishing
Double Click

Contributors:

Adithya - @ravooriadithya

Description:

ODT is a ZIP archive with XML-based files used by Microsoft Office, as well as the comparable Apache OpenOffice and LibreOffice software. There have recently been multiple malware campaigns using this file type that are able to avoid antivirus detection, due to the fact that these engines view ODT files as standard archives and don't apply the same rules it normally would for an Office document.

OS:

Windows

Recommendation:

Block these file types on web and email gateways if no business need. Enforce GPOs to control execution of malicious macros among other script executables from odt file types.. Enforce office protected view.

Resources:

https://blog.talosintelligence.com/2019/09/odt-malware-twist.html

File Samples:

https://www.virustotal.com/gui/file/de8e85328b1911084455e7dc78b18fd1c6f84366a23eaa273be7fbe4488613dd/detection