Nothing exceptionally special about this malware campaign delivering Pony / fareit trojan. An email with the subject of “Urgent Order for october Shipment needed” pretending to come from AL-HASSANA TRADING LTD <info@al-hassana.com> with a malicious word doc attachment using CVE-2017-11882 Equation Editor Exploit delivers the malware. The only things to note are the website delivering the malware payload http://mdideals.us/florence9832423.jpg was registered on 5th September 2018 to what purports to be a Nigerian Entity via Namecheap as both registrar & host. I very much dountb the details are correct in any way. The other thing of note is that one of the … Continue reading →