From 76a1114d0ea8d570617ea2eb2287a1ddb745d80f Mon Sep 17 00:00:00 2001
From: mether049 <cstt17009@g.nihon-u.ac.jp>
Date: Sun, 22 Mar 2020 23:55:24 +0900
Subject: [PATCH] Update malware-analysis_ref_and_memo.md

---
 malware-analysis_ref_and_memo.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/malware-analysis_ref_and_memo.md b/malware-analysis_ref_and_memo.md
index 7d3e5f3..8b764d2 100644
--- a/malware-analysis_ref_and_memo.md
+++ b/malware-analysis_ref_and_memo.md
@@ -374,6 +374,8 @@ Injecition/Hollowingされたプロセスの自動検出<br>
     - [.NET Core](https://docs.microsoft.com/ja-jp/dotnet/core/install/linux-package-manager-ubuntu-1604)
     - [PowerShell Core(PowerShell 7+)](https://docs.microsoft.com/ja-jp/powershell/scripting/install/installing-powershell-core-on-windows?view=powershell-7)
     - [LibreOffice](https://ja.libreoffice.org/)
+- **exiftool**
+	- HyperLinkBabse等のプロパティにコマンド等が格納されているケースもある
 - ref:
     - [vbastomp.com](https://vbastomp.com/)
     - [Advanced VBA Macros Attack&Defence,BHEU2019](https://www.decalage.info/files/eu-19-Lagadec-Advanced-VBA-Macros-Attack-And-Defence.pdf)