CVE-2019-0820, CVE-2020-15522 and CVE-2021-43569 can be exploited by a remote non-authenticated attacker via the Internet. Update the systems!
Technical analysis by the Malware Hunter JAMESWT
Dridex global campaign via xlsm and Cutwail. False xlsm invoice, distributed by the botnet, contacts a random link from an internal list and download the dll with starts malware infection
Dridex exploits a false xlsm invoice to spread itself in a global malspam campaign.
The file, if opened, contacts a random link from an internal list and downloads the DLL, which starts the malware infection chain.
Furthermore, as cybersecurity researcher moto_sato discovered, malicious documents are distributed by the Cutwail botnet. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.