Malspam using password-protected Word docs to push Remcos RAT
released on 2019-09-04 @ 09:37:19 AM
Malicious spam (malspam) using attached password-protected Word documents to evade detection is nothing new. I've documented it as early as March 2017, and this style of malware distribution started years before then. This particular campaign has pushed a variety of malware, including IcedID (Bokbot), various types of ransomware, and Nymaim. This diary from 2018 has a list of different types of malware seen from this campaign during that year.