{"version":"1.0","provider_name":"Infoblox Blog","provider_url":"https:\/\/www.infoblox.com\/blog","author_name":"Infoblox Threat Intel","author_url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/","title":"Zloader Campaign Uses Excel 4.0 Macros","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"uPBUfL7PLw\"><a href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/zloader-campaign-uses-excel-4-0-macros\/\">Zloader Campaign Uses Excel 4.0 Macros<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/zloader-campaign-uses-excel-4-0-macros\/embed\/#?secret=uPBUfL7PLw\" width=\"600\" height=\"338\" title=\"&#8220;Zloader Campaign Uses Excel 4.0 Macros&#8221; &#8212; Infoblox Blog\" data-secret=\"uPBUfL7PLw\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script type=\"text\/javascript\">\n\/* <![CDATA[ *\/\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/\/# sourceURL=https:\/\/www.infoblox.com\/blog\/wp-includes\/js\/wp-embed.min.js\n\/* ]]> *\/\n<\/script>\n","thumbnail_url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-higher-ed-optimize-automate-cybersecurity.jpg","thumbnail_width":383,"thumbnail_height":254,"description":"In mid-April, we observed a malicious spam (malspam) campaign using Microsoft Excel documents to deliver Zloader malware via Excel 4.0 macros, also known as XLM macros. Excel 4.0 macros are the precursor to VBA macros and contain similar functionality. Threat actors use Excel 4.0 macros due to their:"}