In December 2018, the 360 ​​Threat Intelligence Center captured multiple samples of attacks against banking institutions using Excel 4.0 macros. The phishing document is an Office Excel document carrying a malicious Excel 4.0 macro and is used to download and execute the final backdoor program. The use of Excel 4.0 macros is conducive to avoiding the detection of security software. We have done relevant detailed research on this, the relevant report can refer to: https://ti.360.net/blog/articles/excel-macro-technology-to- Evade-detection .

https://ti.360.net/blog/articles/excel-4.0-macro-utilized-by-ta505-to-target-financial-institutions-recently/