Complex file format with macros is a significant red flag

We were requested to download and use the oneNDA template recently. This flags several security concerns, emails from third parties directing to download files is a red flag.

On investigation the file format is docx, and contains macros, a commonly used malware tactic. In addition to this the macros calls functions that are suspicious and attempts to drop a LNK file. This is a large red flag and diminishes trust in the onenda template.

Dedicated third party services flag the file as “malware” as a result of this. Docguard for example where you can submit your own sample.

I would advise removing all macros from the document, and offering the document in multiple formats, docx, odt, odf, pdf etc.