On June 30th, Dridex Excel documents were observed downloading Cobalt Strike packed with the CryptOne packer – skipping the typical in-between step of downloading Dridex. Filename: attachment_filenameUTF-8WO202825876.xlsb MD5: 56d9a0db8defe0857dd4bb7c9af97ee2 SHA1: abf0d796220d5e8ba7a5cc3f5ed2421411a5fb56 SHA256: a0747e6e54af1fde0586add639282d26b5e22a0bb4e4cca5d362c6eb6f6f3ed4 Excel...
Skip the Middleman: Dridex Document to Cobalt Strike
S