Mandiant cybersecurity experts: The APT (aka UNC2452) also shows two distinct clusters of activity, UNC3004 and UNC2652.
Technical analysis by the Malware Hunter JAMESWT
The Dridex campaign via Freightquote is back. The email xlsm attachment contacts a random link from an internal list and downloads the DLL, which starts the malware infection chain
The Freightquote invoice-themed global Dridex campaign is back. The bait is always a false message from the courier.
The email xlsm attachment, if opened, contacts a random link from an internal list and downloads the DLL, which starts the malware infection chain. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.