Malware distributors create Word and Excel documents that contain text and images stating that there is an issue displaying the document. It then prompts recipients to click ‘Enable Content’ or ‘Enable Editing’ to see the contents correctly. The combination of text and. images in these malicious. attachments are called ‘document templates’ These are used to trick users into downloading the malicious. Bazar loader/BazarBackdoor is an enterprise-targeting malware developed by the same group behind the TrickBot trojan. Dridex is an advanced and modular banking Trojan first spotted in 2014.
Source: https://www.bleepingcomputer.com/news/security/the-most-common-malicious-email-attachments-infecting-windows/