At InQuest Labs, multiple high-volume data streams are ingested daily. We take every password-protected document and attempt to crack with a dictionary list, followed by brute-forcing.
Over the last few weeks, InQuest Lab's telemetry has identified multiple Dridex campaigns utilizing password-protected Excel documents. Due to their encryption, traditional AV products have not achieved adequate detection. The cracked passwords are then added to the on-product dictionary list for known maldoc passwords.
Recent Dridex samples on InQuest Labs!