Introduction Phishing malicious documents can contain external relationship with type oleobject. A defender objective is to kill the attack at the early stage by blocking malicious domains at perimeter, this post levarages Cyberchef to extract payload urls quickly from malicious office documents CyberChef is an open source tool maintained by GCHQ . It provides a drag and drop interface via a web browser (Firefox & Chrome) to quickly perform a wide range of data manipulation functions called 'operations'. A sequence of operations is called a 'recipe'. As all the processing is client-side, CyberChef can be downloaded and used offline or in an air-gapped forensic network. CyberChef has operations useful for disk forensics, malware & network analysts, and even OSINT researchers. Tools Cyberchef Analysis All document samples are pulled from Hybrid Analysis - a free malware analysis service for the community that detects and analyzes unknown t