Contact Sales Get Support

Defend the Enterprise

Defend the Enterprise

Threat Prevention

Breach Detection

Threat Hunting

Data Loss Discovery

Whether it's inspecting data at-rest, in-motion or in-use, the InQuest platform provides complete network visibility and a file-centric view of your data through a variety of on-premises deployment scenarios utilizing a series of turnkey appliances.

Blog Newsletter White Papers InQuest Labs Support
Leverage the Cloud

Leverage the Cloud

Public/Private Cloud

SaaS

InQuest's Cloud deployment offerings mirror the capabilities of our on-premises counterparts and provide a cost-effective way for organizations to streamline their security services at scale and on demand.

Blog Newsletter White Papers InQuest Labs Support
Empower Your Operations

Empower Your Operations

Deep File Inspection

RetroHunt

Threat Intelligence

Intelligent Orchestration

From Deep File Inspection and RetroHunt to Threat Intelligence and Intelligent Orchestration we provide a wide range of services to empower your operations.

Blog Newsletter White Papers InQuest Labs Support
More

More

Company

Why InQuest?

Leadership

Press Releases

Events

Partners

Products and Services

Products

Services

Resources

Blog

InQuest Labs

Flash Alerts

Downloads

Newsletter

Use Cases

White Papers

Support

Global Priority Level Definitions and Target Initial Response Times

Blog Newsletter White Papers InQuest Labs Support

IQ-FA002: Dridex XLSM Documents using 4.0 Macrosheets

Dridex XLSM Documents using 4.0 Macrosheets and bypassing vendors today.

The XLSM 4.0 Macrosheets technique can be further reviewed from our blog post from last week:: ZLoader 4.0 Macrosheets Evolution

Indicators

Date Observed	Indicator Type	Indicator	Notes
5/11/2020	XLSM Document	ba6d52ced38594fd44ba6beb0bd50e5d83319b7a435958ed4c7dc33770561abd	Dridex,4.0 Macrosheets
5/11/2020	Domain	geundik.com	A record 8.208.3.5
5/11/2020	Registrant	Robin Crume bre@thegroomingnetwork.com	No other domain names associated (yet)
5/11/2020	IP	8.208.3.5	AS45102 CN CNNIC-ALIBABA-US-NET
5/11/2020	Binary	4fae283ae2323e49f1a95871e773e3a2bfe54dc151cd7c11cbe41a36fd83bb14	One of many Binaries from this run

Tags

All Flash Alerts