I have heard of the “Belt and Braces ” approach to delivering malware before, but this malware campaign delivering Remcos Rat is using the belt and 2 pairs of braces to try make sure the malware gets delivered. The email is a fairly typical Invoice Request that appears to a part of an ongoing conversation and contains 3 different attachments. A zip file that contains a Remcos binary An RTF file using CVE-2017-11882 to contact a remote site & download a different Remcos binary A Word doc that is a renamed RTF file using CVE-2017-11882 to contact the same remote … Continue reading →