explo1t

Recently, in a spam campaign targeted towards Bulgarian users, malicious JavaScript based Dreambot downloader was sent inside an archive file. The theme of the emails was related to "Notification of changes to Regulation for NRA" . NRA is the National Revenue Agency in Bulgaria (in Bulgarian it is: Национална агенция за приходите). http://www.pwncode.club/2017/09/dreambot-targeting-bulgarian-users.html

Interesting method! Always useful to perform such tasks purely through assembly language instead of calling some API

Nice writeup on Retefe Banking Trojan which is being spread through Word Documents to Swiss users. The article also describes in detail how Retefe Banking Trojan deploys TOR and Socat on the machine to setup a SOCKS proxy as a backdoor. http://www.pwncode.club/2017/09/deep-dive-into-retefe-banking-trojan.html

An interesting writeup on an RTF variant of Document exploiting CVE-2017-8759. It shows different steps of analysis from basic analysis of the Exploit File to payload. http://www.pwncode.club/2017/09/rtf-based-variant-of-cve-2017-8759.html

Interesting, this sounds very useful especially for analysing malwares which perform evasion based on the Environment they are executing in.