{"id":2540,"date":"2018-06-08T20:31:49","date_gmt":"2018-06-08T20:31:49","guid":{"rendered":"https:\/\/kasperskycontenthub.com\/threatpost\/?p=132695"},"modified":"2018-06-08T20:31:49","modified_gmt":"2018-06-08T20:31:49","slug":"creative-spam-thinks-outside-the-macro-with-iqy-attachments","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\/","title":{"rendered":"Creative Spam Thinks Outside the Macro with .IQY Attachments"},"content":{"rendered":"<div class=\"media_block\"><\/div>\n<p>The Necurs botnet is driving a fresh spam campaign that uses Excel Web Query (.IQY) file attachments to skim under the antivirus radar. If successful, the attack ultimately delivers the remote access trojan (RAT) known as FlawedAmmyy.<\/p>\n<p>This is the third wave in an offensive that started in late May. The emails, posing as internal company communications regarding an \u201cunpaid invoice,\u201d are part of one of the first prolific campaigns in the wild to use .IQY attachments, according to Barkly researchers.<\/p>\n<p>Unlike full Excel spreadsheets, which are usually inspected by AV engines when they come in as email attachments, the comparatively diminutive .IQY files aren\u2019t usually indexed by AV software. This is likely because they\u2019ve <a href=\"http:\/\/www.labofapenetrationtester.com\/2015\/08\/abusing-web-query-iqy-files.html\" target=\"_blank\" rel=\"noopener\">never really been weaponized<\/a> in the past, plus, they\u2019re lightweight affairs from a size perspective, being simple, plaintext files.<\/p>\n<p>As a result, this week\u2019s campaign has had remarkably low detections, according to <a href=\"https:\/\/www.virustotal.com\/en\/file\/ca0da220f7691059b3174b2de14bd41ddb96bf3f02a2824b2b8c103215c7403c\/analysis\/\" target=\"_blank\" rel=\"noopener\">VirusTotal<\/a>.<\/p>\n<p>Researcher Derek Knight (@dvk01uk), who spotted the first campaign, <a href=\"https:\/\/myonlinesecurity.co.uk\/necurs-delivering-flawed-ammy-rat-via-iqy-excel-web-query-files\/\" target=\"_blank\" rel=\"noopener\">pointed out<\/a> that \u201cThese blow past all antiviruses because they have no malicious content.\u201d<\/p>\n<p>However, .IQY files are deceptive, because they act as downloaders. \u201cThey\u2019re extremely simple (just a few lines of text), but also powerful,\u201d said Barkly researchers, in <a href=\"https:\/\/blog.barkly.com\/iqy-file-attack-malware-flawedammyy\" target=\"_blank\" rel=\"noopener\">an analysis<\/a> this week. \u201cThe .IQY files used in these campaigns download a PowerShell script, which is launched via Excel and kicks off a chain of malicious downloads.\u201d<\/p>\n<p>When opened, the .IQY file launches via Excel (its default program) and attempts to pull data from the URL included inside. In the case of the Necurs spam, that data happens to be a malicious PowerShell script.<\/p>\n<p>Barkly researchers added, \u201cThe ability of these files to open Excel and (if users choose to ignore warnings) download any data from the internet makes them extremely dangerous.\u201d<\/p>\n<p><strong>The Payload and the Botnet<\/strong><\/p>\n<p>Built from leaked source code of the popular remote desktop software Ammyy Admin, FlawedAmmyy first drew attention to itself in March. Proofpoint researchers <a href=\"https:\/\/www.proofpoint.com\/us\/threat-insight\/post\/leaked-source-code-ammyy-admin-turned-flawedammyy-rat\" target=\"_blank\" rel=\"noopener\">discovered<\/a> at the time that the previously undocumented RAT had actually been used since the beginning of 2016.<\/p>\n<p>It\u2019s been used in two types of campaigns: highly targeted email attacks against the automotive industry, among others; and massive, multi-million message campaigns that Proofpoint researchers said appear to be associated with threat actor TA505, which has been active for the last four years.<\/p>\n<p>FlawedAmmy offers the same bells and whistles as the legitimate version: complete access to victim machines. That allows them to steal files and credentials, hijack computers to send out more spam emails, and more.<\/p>\n<p>Meanwhile, the choice of Necurs as a delivery mechanism makes for a wide attack surface. Over the past five years it has become the Scarface of spam, working its way up from nothing to sit atop a massive criminal enterprise.<\/p>\n<p>Cisco Talos <a href=\"https:\/\/blog.talosintelligence.com\/2018\/01\/the-many-tentacles-of-necurs-botnet.html\" target=\"_blank\" rel=\"noopener\">analysis<\/a> shows it to be the world\u2019s largest spambot, accounting for more than 90 percent of the daily spam seen by the firm. Its evaluation of Necurs traffic between August and November of last year detected more than 2.1 million spam messages, sent from almost 1.2 million distinct sending IP addresses, in over 200 countries and territories.<\/p>\n<p><strong>Mitigation<\/strong><\/p>\n<p>Barkly pointed out that as long as Microsoft Office is configured to block external content (which is the default), when Excel launches users will be presented with a warning prompt, and users must actively choose to enable the macros:<\/p>\n<p><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/31\/2018\/06\/08160229\/IQY-alert.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-132696\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/31\/2018\/06\/08160229\/IQY-alert-300x160.png\" alt=\"\" width=\"300\" height=\"160\"\/><\/a><\/p>\n<p>Even if a user clicks \u201cyes,\u201d another prompt shows up:<\/p>\n<p><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/31\/2018\/06\/08160254\/IQY-alert-2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-132697\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/31\/2018\/06\/08160254\/IQY-alert-2-300x47.png\" alt=\"\" width=\"300\" height=\"47\"\/><\/a><\/p>\n<p>For IT admins that don\u2019t want to leave protection to user awareness, Barkly suggests adjusting the firewall settings and email filtering to block .IQY files altogether unless they\u2019re actively used in the business.<\/p>\n<p>It\u2019s also possible to instruct Windows to always open .IQY files in Notepad so they can be inspected by IT before they launch.<\/p>\n<p>It\u2019s wise to have a plan, given that these specific campaigns are likely not the end of criminals using .IQY files.<\/p>\n<p>\u201cThe ease in which .IQY files can be created, combined with the ubiquity of Excel, could even put .IQY files roughly on par with macros in terms of potential for abuse,\u201d Barkly researchers said. \u201cThe fact that they are being utilized in multiple Necurs campaigns means the genie is completely out of the bottle and more widespread abuse is likely on the way.\u201d<\/p>\n<p> READ MORE <a href=\"https:\/\/threatpost.com\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\/132695\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The ability of these simple files to open Excel and download any data from the internet makes them extremely dangerous. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":2541,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[3],"tags":[1136,1137,1138,1139,1140,1141,356,254],"class_list":["post-2540","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threatpost","tag-antivirus-detection","tag-evasion","tag-excel","tag-flawedammyy","tag-iqy-attachments","tag-necurs","tag-spam","tag-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Creative Spam Thinks Outside the Macro with .IQY Attachments 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Creative Spam Thinks Outside the Macro with .IQY Attachments 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-06-08T20:31:49+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/creative-spam-thinks-outside-the-macro-with-iqy-attachments.png\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"160\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Creative Spam Thinks Outside the Macro with .IQY Attachments\",\"datePublished\":\"2018-06-08T20:31:49+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\\\/\"},\"wordCount\":722,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/06\\\/creative-spam-thinks-outside-the-macro-with-iqy-attachments.png\",\"keywords\":[\"antivirus detection\",\"evasion\",\"Excel\",\"flawedammyy\",\"iqy attachments\",\"Necurs\",\"spam\"],\"articleSection\":[\"Threatpost\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\\\/\",\"name\":\"Creative Spam Thinks Outside the Macro with .IQY Attachments 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/06\\\/creative-spam-thinks-outside-the-macro-with-iqy-attachments.png\",\"datePublished\":\"2018-06-08T20:31:49+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/06\\\/creative-spam-thinks-outside-the-macro-with-iqy-attachments.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/06\\\/creative-spam-thinks-outside-the-macro-with-iqy-attachments.png\",\"width\":300,\"height\":160},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"antivirus detection\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/antivirus-detection\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Creative Spam Thinks Outside the Macro with .IQY Attachments\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Creative Spam Thinks Outside the Macro with .IQY Attachments 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\/","og_locale":"en_US","og_type":"article","og_title":"Creative Spam Thinks Outside the Macro with .IQY Attachments 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-06-08T20:31:49+00:00","og_image":[{"width":300,"height":160,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/creative-spam-thinks-outside-the-macro-with-iqy-attachments.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Creative Spam Thinks Outside the Macro with .IQY Attachments","datePublished":"2018-06-08T20:31:49+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\/"},"wordCount":722,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/creative-spam-thinks-outside-the-macro-with-iqy-attachments.png","keywords":["antivirus detection","evasion","Excel","flawedammyy","iqy attachments","Necurs","spam"],"articleSection":["Threatpost"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\/","url":"https:\/\/www.threatshub.org\/blog\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\/","name":"Creative Spam Thinks Outside the Macro with .IQY Attachments 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/creative-spam-thinks-outside-the-macro-with-iqy-attachments.png","datePublished":"2018-06-08T20:31:49+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/creative-spam-thinks-outside-the-macro-with-iqy-attachments.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/creative-spam-thinks-outside-the-macro-with-iqy-attachments.png","width":300,"height":160},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/creative-spam-thinks-outside-the-macro-with-iqy-attachments\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"antivirus detection","item":"https:\/\/www.threatshub.org\/blog\/tag\/antivirus-detection\/"},{"@type":"ListItem","position":3,"name":"Creative Spam Thinks Outside the Macro with .IQY Attachments"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/2540","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=2540"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/2540\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/2541"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=2540"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=2540"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=2540"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}