Trellix Insights: Specially Crafted Excel Document Being Used to Spread Dridex Variant
Technical Articles ID:
KB95155
Last Modified: 2022-09-07 05:51:13 Etc/GMT
Last Modified: 2022-09-07 05:51:13 Etc/GMT
Loading...
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
Trellix Insights: Specially Crafted Excel Document Being Used to Spread Dridex Variant
Technical Articles ID:
KB95155
Last Modified: 2022-09-07 05:51:13 Etc/GMT Environment
IMPORTANT: This Knowledge Base article discusses a specific threat that is being automatically tracked by Trellix Insights technology. The content is intended for use by Trellix Insights users, but is provided for general knowledge to all customers. Contact us for more information about Trellix Insights.
SummaryA phishing campaign delivering an Excel document has been identified delivering a modified version of the Dridex information stealer malware. The recipient is made to believe that the Excel document is regarding "Import Tariffs" and is instructed to enable macros. If successful, the document runs the code contained in the document, which initiates communication with the adversary's C2 server to obtain the Dridex malware, set persistence, as well as receive additional modules and exfiltrate collected data. Our Threat Research team gathers and analyzes information from multiple open and closed sources before disseminating intelligence reports. This campaign was researched by Fortinet and shared publicly. How to use this article:
Campaign IOC
Minimum Content Versions
Detection Summary
Affected Products |
|
Question?