In November 2018 we followed up on a tweet mentioning a potential malicious code disseminated in CHM (Microsoft Compiled HTML Help). A preliminary analysis caught the attention of our Threat Analysis and Intelligence team as it yielded interesting data that, among other things, shows that the attack campaign was targeting employees from financial entities, specifically …