CVE-2019-0820, CVE-2020-15522 and CVE-2021-43569 can be exploited by a remote non-authenticated attacker via the Internet. Update the systems!
Cybercrime, Dridex global campaign via xlsm and Cutwail
Technical analysis by the Malware Hunter JAMESWT
Dridex global campaign via xlsm and Cutwail. False xlsm invoice, distributed by the botnet, contacts a random link from an internal list and download the dll with starts malware infection
Dridex exploits a false xlsm invoice to spread itself in a global malspam campaign.
The file, if opened, contacts a random link from an internal list and downloads the DLL, which starts the malware infection chain.
Furthermore, as cybersecurity researcher moto_sato discovered, malicious documents are distributed by the Cutwail botnet. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.