From gbhackers.com
DarkHydruns APT Group targets government entities in the middle eats with weaponized excel documents that delivers a new variant of RogueRobin trojan and can establish communication with C2 server through DNS tunnel and Google Drive API.
The campaign uses a weaponized Excel document with macro enabled(xlsm) to deliver the malware, once the user open the document and after clicking “Enable Content” the macro executes immediately.