Multiple Hawkeye malspam campaigns via GreenCloudVPS

Another Hawkeye keylogger campaign again today. We see these most days and the emails are always such a generic invoice, order or Request for quotation so I don’t bother to post all versions we receive. I normally just tweet to the other researchers and submit to antivirus companies. These are all using CVE-2017-11882 RTF Today we are seeing a much more aggressive campaign than usual with multiple senders and subjects. But all coming from the same IP number and server. None of the email addresses or companies mentioned in this campaign are sending the emails to you. Their details have Continue reading →