DarkHydrus Hacking Group Uses Macro-Enabled Excel Document that Delivers RogueRobin Malware

From gbhackers.com


DarkHydruns APT Group targets government entities in the middle eats with weaponized excel documents that delivers a new variant of RogueRobin trojan and can establish communication with C2 server through DNS tunnel and Google Drive API.

The campaign uses a weaponized Excel document with macro enabled(xlsm) to deliver the malware, once the user open the document and after clicking “Enable Content” the macro executes immediately.

Read more…