Researchers have observed the cybercrime group back in action, now using a new tactic for distributing malware. Researchers observed emails from the cybercriminal gang utilizing HTML redirectors. When opened, the HTML leads to the download Dudear, a malicious macro-laden Excel file that drops the payload. The final payload is the GraceWire trojan, an infostealer. The group is best-known for deploying the banking trojan Dridex (also known as Bugat and Cridex), sent via emails.
Source: https://threatpost.com/evil-corp-returns-with-new-malware-infection-tactic/152430/