Two campaigns spotted leverage COVID-19 related lures to target employees. The first email spotted claims that an Excel attachment contains guidelines for preventing a Coronavirus outbreak. It leverages TTPs similar to an ongoing malspam campaign that uses these Excel documents to infect systems with Zloader. Zloader then downloads the Zeus banking Trojan onto the victim system as the final payload. The second email analyzed in the blog post uses a shipping-theme, claiming shipment delays because of Coronavirus. A link is provided to see more details; however, visiting this link leads to the download of an IMG file. This IMG file, in turn, infects the victim host with the Nanocore RAT, providing remote access to the attacker.