A new malware downloader delivered via multiple campaigns uses detection evasion techniques and Microsoft SQL queries to drop malicious payloads onto compromised machines. The malware, dubbed WhiteShadow by researchers at Proofpoint Threat Insight Team, comes in the form of a set of Microsoft Office macros designed to work together to infect targets with a large array of malware strains. WhiteShadow is delivered via malspam emails containing malicious URLs or Microsoft Word and Microsoft Excel attachments that bundle malicious the downloader’s. macros will install the malware payloads after execution.
Source: https://www.bleepingcomputer.com/news/security/new-whiteshadow-downloader-uses-mssql-servers-for-malware-delivery/