Another Formbook malware campaign that didn’t seem to want to fire off properly in Anyrun initially. I am not sure if there genuinely is an issue with the file or whether the error message was a “red herring”. However opening the exploit laden Excel spreadsheet in the Anyrun app for a second time definitely worked. This involves one of the Microsoft Equation editor exploits in the chain. CVE-2017-11882 or another embedded ole exploit I very much doubt this email did come from https://www.detector-scout.de/ but since they do not appear to have SPF or any other form of authentication on their … Continue reading →