VERY IMPORTANT

On July 6, 2017, RSA FirstWatch noted renewed MONSOON APT campaign activity submitted (from a community user in India) to Virus Total. The submission in this case was an email attachment, Free_Hosting.doc, a Rich Text Format (RTF) document that attempts to exploit CVE-2015-1641. (Note: For a technical walk-through of RTF and its commonly exploited vulnerabilities, we recommend readers take a look at this post by RSA Engineering's Kevin Douglas.)