For hackers that want to target a specific group, or just unsuspecting users, they can pay for a malicious actor to set up a Simple Mail Transfer Protocol (SMTP) server, scam webpage or provide high quality mailing lists. Each of these things can cost anywhere from $15 to $40. Another popular offering that pairs well with a phishing attack toolkit is “weaponized documents”, these malicious files look like a regular Microsoft Office documents such as Word, XLS, PPT, etc. that exploit inherent vulnerabilities in MS Office package to download malware on the end-user’s systems. The downloaded malware can be ransomware, remote access toolkit (RAT), etc. depending on the choice and requirement of the crimeware seller. Today, Office exploits (PPT, WORD, XLS), known CVE or Nth Day (not 0days) can cost around $2,000 to $5,000.