Fake Order data Malware campaign abusing Google docs

I am seeing a new malware campaign this morning hitting UK abusing google docs. So far I can’t get the final payload, so I don’t know what it is supposed to be. I have had intermittent luck with getting the vbs file inside a zip. Sometimes I get a blank page, one time I did get the malware zip. It all starts with an email with a subject of Invoice, Order, Purchase order, Purchase data  or similar, all with random numbers. The link in the email goes to a google docs page where you see what is described as a Continue reading →