The massive email campaign is on March 5 and 6, 2018 that contains zipped Url attachments that downloads and executes the javascript from attackers server. It was sent from spoofed email address subjected as Receipt No 1234567 (random digits and first word could also be Bill or Invoice) and matching attachments in the zip file. FlawedAmmyy remote control rat trojan is based on the leaked source code of remote desktop support tool Ammyy Admin.”]
Source: https://gbhackers.com/remote-control-rat-flawedammyy/

