VERY IMPORTANT

Security researchers observed a malspam campaign in late June attributed to the FIN7 APT group. One of the samples was also reported on Twitter; during execution, it was observed to drop a secondary payload, written in .NET. Earlier this year, a new component used by this group was identified, delivered in XLL format. That element was the first step in the attack chain leading to another malware, dubbed JSSLoader.