An email with the subject of “Re: Inquiry” pretending to come from AL SRAIYA HOLDING GROUP, a large consulting group in Qatar but actually coming from “purchase manager <jairus_miguel@bsdnetwork.com.br>” with a malicious word doc attachment delivers Lokibot This malware campaign is marginally more interesting for a malware researcher because of the way the malware bad actor has misconfigured the word docs and displays this message in English & Russian. Decoy document which is opened after successful hit. Документ для пользователя который открывается после успешного пробива. These criminal gangs normally display an innocent word doc with genuine data like a list of … Continue reading →