At the beginning of February 2018, FortiGuard Labs collected an email. The email message contains an order tracking number with a fake hyperlink that downloads a jar malware. After a quick analysis, I was able to determine that it is the jRAT/Adwind malware.
Article Link: https://blog.fortinet.com/2018/02/16/new-jrat-adwind-variant-being-spread-by-ups-scam5a861017942e7