S!Ri#Dridex http://vxvault.net/ViriList.php?MD5=1EA07053F68A1B64F30BE95526860B95 It uses the same tricks as the last year big locky campaign (.wsf script via spam, PE is xored)
High-Volume Dridex Campaigns Return, First to Hit Millions Since June 2016 https://www.proofpoint.com/us/threat-insight/post/high-volume-dridex-campaigns-return
k1LL_sw17ch@siri_urz Looks like mainly in Europe... Wondering when it will migrate to the US. Been on the look out for it since it's re-emergence.