Microsoft issued a warning about an active spam campaign that tries to infect Korean targets with a FlawedAmmyy RAT malware distributed via malicious XLS attachments. Microsoft Security Intelligence said the campaign “employs a complex infection chain to download and run the notorious Flawed ammyy malware directly in memory”” The malware is one of the favorite tools of a cybercriminal group named TA505 by Proofpoint which started dropping as part of spam campaigns targeting retailers and financial institutions. Microsoft also issued another warning on June 7 about a malspam campaign delivering RTF attachments designed to exploit the Microsoft Office and Wordpad CVE-2017-11882 vulnerability.”
Source: https://www.bleepingcomputer.com/news/security/microsoft-warns-of-campaign-dropping-flawedammyy-rat-in-memory/