On January 9, 2019, the 360 ​​Threat Intelligence Center captured a number of bait documents designed specifically for Arabic users. The phishing document is an Office Excel document carrying a malicious macro. The malicious macro code will eventually release a backdoor program written in C#, which uses complex DNS tunneling technology to communicate with C2 and execute instructions, and implements the file through the GoogleDrive API. Upload Download.

https://ti.360.net/blog/articles/latest-target-attack-of-darkhydruns-group-against-middle-east/