The specific Excel document used in the recent wave of attacks is using XLM macros to download and execute its payload.
The latest update also saw a major change in its first stage loading mechanism.

By admin