Dridex XLSM Documents using 4.0 Macrosheets and bypassing vendors today.
The XLSM 4.0 Macrosheets technique can be further reviewed from our blog post from last week:: ZLoader 4.0 Macrosheets Evolution
Indicators
| Date Observed | Indicator Type | Indicator | Notes |
|---|---|---|---|
| 5/11/2020 | XLSM Document | ba6d52ced38594fd44ba6beb0bd50e5d83319b7a435958ed4c7dc33770561abd | Dridex,4.0 Macrosheets |
| 5/11/2020 | Domain | geundik.com | A record 8.208.3.5 |
| 5/11/2020 | Registrant | Robin Crume bre@thegroomingnetwork.com | No other domain names associated (yet) |
| 5/11/2020 | IP | 8.208.3.5 | AS45102 CN CNNIC-ALIBABA-US-NET |
| 5/11/2020 | Binary | 4fae283ae2323e49f1a95871e773e3a2bfe54dc151cd7c11cbe41a36fd83bb14 | One of many Binaries from this run |
