A bit of a change with the Trickbot delivery system with this example. Instead of directly attaching a malicious macro enabled word doc or other Microsoft Office file to the email, it instead has a html attachment and a link in the email body that when opened shows a web page that looks like a secure message with another link to download the malicious word doc. By the time I received the email and investigated, the website was down & not responding. I did manage to find a copy that somebody else had uploaded to VirusTotal and Anyrun and went … Continue reading →