From gbhackers.com
Microsoft uncovered a new campaign with a sophisticated infection chain delivering notorious FlawedAmmyy RAT as a final payload. The attack starts with an email that contains .XLS attachments and the contents of the email in the Korean language.
Previous campaigns that involve FlawedAmmyy RAT are carried out by TA505 threat actors, upon successful execution of backdoor let an attacker to control the machine remotely, manages the files, captures the screen.