Execution
T1203 office_exploit_crash: Microsoft Office process crashes (failed exploitation of a vulnerability is possible)
T1064 office_macros: The document contains macro
Defense Evasion
T1064 office_macros: The document contains macro
Credential Access
T1555.003 cookie_files: Accesses cookie files
T1552 cookie_files: Accesses cookie files
Other
yara_rules: Static rules
office_summary: The document contains suspicious metadata
creates_in_programdata: Creates files in the ProgramData directory