VERY IMPORTANT

TrickBot malware has been a relatively constant presence in the cyber threat landscape so far this year. With continued activity this week, and this SANS Handler's diary reviews a DocuSign themed malspam infection generated by security researcher Brad Duncan on Wednesday 2021-02-17. The infection chain of events proceeds as follows malicious spam DocuSign themed (malspam) --> attachment (Excel spreadsheet) --> enable macros --> URL for TrickBot DLL --> post-infection activity.