MVISION Insights: Specially Crafted Excel Document Being Used to Spread Dridex Variant
Technical Articles ID:
KB95155
Last Modified: 1/13/2022
Last Modified: 1/13/2022
MVISION Insights: Specially Crafted Excel Document Being Used to Spread Dridex Variant
Technical Articles ID:
KB95155
Last Modified: 1/13/2022 Environment
IMPORTANT: This Knowledge Base article discusses a specific threat that is being automatically tracked by MVISION Insights technology. The content is intended for use by MVISION Insights users, but is provided for general knowledge to all customers. Contact us for more information about MVISION Insights.
SummaryA phishing campaign delivering an Excel document has been identified delivering a modified version of the Dridex information stealer malware. The recipient is made to believe the Excel document is regarding "Import Tariffs" and instructed to enable macros. If successful, the document will run code contained in the document that initiates communication with the adversaries C2 server to obtain the Dridex malware, set persistence as well as receive additional modules and to exfiltrate collected data. The McAfee Enterprise ATR Team gathers and analyzes information from multiple open and closed sources before disseminating intelligence reports. This campaign was researched by Fortinet and shared publicly here. How to use this article:
This Knowledge Base article discusses a specific threat that is being tracked. The list of IOCs will change over time; check MVISION Insights for the latest IOCs. Campaign IOC
Minimum Content Versions:
Detection Summary
Affected Products |
|