Continuing with this malware campaign trying to deliver Hawkeye Keylogger/ Infostealer from yesterday. The same bad actor has updated the email, changed the payload slightly to try to bypass AV detections and instead of a .exe attachment has used a .rar attachment along with an updated malformed XLS spreadsheet using one of the Microsoft Equation Editor Exploits ( probably CVE-2017-11882) with a single URL in the exploit code that does work and downloads the payload to a vulnerable computer. The email is nothing special and is a typical scam style message, that gets flagged as a potential / probable … Continue reading →