Lokibot via fake enquiry CVE-2017-8570 malware campaign error

An email with the subject of  “Re: Inquiry”  pretending to come from AL SRAIYA HOLDING GROUP, a large consulting group in Qatar  but actually coming from “purchase manager <jairus_miguel@bsdnetwork.com.br>”  with a malicious word doc attachment  delivers Lokibot This malware campaign is marginally more interesting for a malware researcher because of the way the malware bad actor has misconfigured the word docs and displays this message in English & Russian. Decoy document which is opened after successful hit. Документ для пользователя который открывается после успешного пробива. These criminal gangs normally display an innocent word doc with genuine data like a list of Continue reading →