Lokibot via fake order email. Massive document.xml.rels obscuring analysis

Earlier this morning I received a spam email, pretending to be a new order asking me to quote a price, with a word docx attachment. That is normal for me & many others to receive this sort of malware laden spam. The subjects are so generic, the alleged senders might be a company or type of company / business your small or medium size business will deal with. The attachment on this appears to be blank when opened. However this document is using an exploit that some Antiviruses describe as  CVE-2017-0199. The malicious content is contained in the document.xml.rels which Continue reading →