Extract IOC out of Cuckoo report

[michaelweiser]

In one peculiar case Excel creates a link to the user's Documents folder in its %AppData%\Microsoft\Office\Recent folder named Eigene Dokumente.LNK. This matches Cuckoo signature Creates executable file in filesystem which records the path in the mark/ioc element of the report. If we had access to that field, we could write an expression rule to implement an exception for this particular case.