nanocore RAT via fake order in password protected word doc with wrong password

I was sent a message via the submissions system last night with the email the victim received attached. At first glance it looked like the typical password protected word docs we see regularly pretending to be either an order, invoice or resume, that frequently drop or download some sort of ransomware. At first I could not open this word doc using the password in the email body  “doc2019” after trying a few variations I found the correct password is “DOC2019”. Windows ( or at least Microsoft Office)  does see the differences in upper & lower case on passwords. When I Continue reading →