Netskope Threat Research Labs has been tracking multiple similar malspam campaigns that began in April 2019. The spam campaign contains an ISO image file as an attachment containing the next level payload. This blog post details both the campaign and the payload.
MalSpam Campaign
The malspam campaign began in April 2019, with a generic message about an invoice and an ISO disk image file attachment. The generic message indicates that the spam campaigns are not targeted toward any particular individuals or enterprises. Figure 1 below shows an example snapshot of a malspam email containing an ISO file as an attachment.
We first noticed these malspam campaigns when our outbr