Last month, 360 Threat Intelligence Center captured multiple phishing emails sent by TA505 Group to target financial institutions. These phishing emails contain Excel attachments with Excel 4.0 Macro embedded and download Backdoor at last. This approach could bypass antivirus detections and we have published another report to explain it in detail: https://ti.360.net/blog/articles/excel-macro-technology-to-evade-detection.

https://ti.360.net/blog/articles/excel-4.0-macro-utilized-by-ta505-to-target-financial-institutions-recently-en/