Document exploitation is a popular method of distributing malware in the malware community. Even though it was never the most prevalent infection vector, document exploitation has been on the rise for the last few years, hiding in the shadow of the more seasonal VBA or JavaScript downloaders. This technical paper explores why we're seeing more document exploitation malware in the wild, as well as the long-standing popularity of the document exploitation generator Ancalog, which is widely commercially available, and its various applications in cybercrime.