On the 18 Dec 2018 I received two emails from the forum.
I deleted the posts as soon as possible.
I have conducted threat hunting activities and found the email contained an attachment showing suspicious activity using PowerShell with obfuscation. Further analysis identified that this PowerShell script was ran from a Word document.
DO NOT OPEN if you have this email. Simply delete.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
On the 18 Dec 2018 I received two emails from the forum.
I deleted the posts as soon as possible.
I have conducted threat hunting activities and found the email contained an attachment showing suspicious activity using PowerShell with obfuscation. Further analysis identified that this PowerShell script was ran from a Word document.
DO NOT OPEN if you have this email. Simply delete.