The Elastic Security Intelligence & Analytics Team conducted a detailed investigation into the FORMBOOK information-stealing campaign, emphasizing its use of the MSHTML exploit chain and its evolution into a broader phishing campaign. The research highlighted the rapid release of proof-of-concept codes following the identification of vulnerabilities, underlining the necessity for proactive threat hunting and patch management. The FORMBOOK campaign was notable for linking testing and production phases through shared infrastructure, shifting tactics to traditional phishing as patches mitigated the MSHTML exploit's effectiveness. Elastic's analysis provides comprehensive insights into the campaign's phases and indicators of compromise, helping organizations detect and defend against such threats. Further research is ongoing as more about FORMBOOK's impact is uncovered, with Elastic offering resources to bolster cybersecurity defenses.