Threat researcher Brad Duncan came across an example that kicks off with an Excel file exploiting CVE-2017-11882 to use what seems like ModiLoader (also known as DBatLoader).

 

Click here to read the full article.