DanDrop

Description

(SecureWorks) The threat actors use this malicious macro to extract the DanBot payload from the weaponized document and then Base64-decode and install the malware using a scheduled task. The basic form and function of the macro have remained constant across analyzed samples, but the threat actors have made incremental improvements to obfuscate the macro and refactor some of the functionality.

Names

Name
DanDrop

Type

Dropper

Information

https://www.secureworks.com/blog/lyceum-takes-center-stage-in-middle-east-campaign

Other Information

Uuid

580fa928-850c-4a8e-9b58-406a68f57e13

Last Card Change

2020-04-20

Threat Intelligence Garden

Explorer

DanDrop

DanDrop

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks