INDRIK SPIDER is a sophisticated eCrime group that has been operating Dridex since June 2014. In 2015 and 2016, Dridex was one of the most prolific eCrime banking trojans on the market and, since 2014, those efforts are thought to have netted INDRIK SPIDER millions of dollars in criminal profits. Throughout its years of operation, Dridex has received multiple updates with new modules developed and new anti-analysis features added to the malware.
In August 2017, a new ransomware variant identified as BitPaymer was reported to have ransomed the U.K.’s National Health Service (NHS), with a high ransom demand of 53 BTC (approximately $200,000 USD). The targeting of an organization rather than individuals, and the high ransom demands, made BitPaymer stand out from other contemporary ransomware at the time. Though the encryption and ransom functionality of BitPaymer was not technically sophisticated, the malware contained multiple anti-analysis features that overlapped with Dridex. Later technical analysis of BitPaymer indicated that it had been developed by INDRIK SPIDER, suggesting the group had expanded its criminal operation to include ransomware as a monetization strategy.
2023-03-06 ⋅ Landeskriminalamt NRW ⋅ Landeskriminalamt NRW @online{nrw:20230306:schlag:5e5d84b,
author = {Landeskriminalamt NRW},
title = {{Schlag gegen international agierendes Netzwerk von Cyber-Kriminellen}},
date = {2023-03-06},
organization = {Landeskriminalamt NRW},
url = {https://lka.polizei.nrw/presse/schlag-gegen-international-agierendes-netzwerk-von-cyber-kriminellen},
language = {German},
urldate = {2023-03-23}
}
Schlag gegen international agierendes Netzwerk von Cyber-Kriminellen DoppelPaymer Entropy FriedEx |
2023-02-27 ⋅ PRODAFT Threat Intelligence ⋅ PRODAFT @techreport{prodaft:20230227:rig:72076aa,
author = {PRODAFT},
title = {{RIG Exploit Kit: In-Depth Analysis}},
date = {2023-02-27},
institution = {PRODAFT Threat Intelligence},
url = {https://www.prodaft.com/m/reports/RIG___TLP_CLEAR-1.pdf},
language = {English},
urldate = {2023-05-08}
}
RIG Exploit Kit: In-Depth Analysis Dridex IcedID ISFB PureCrypter Raccoon RecordBreaker RedLine Stealer Royal Ransom Silence SmokeLoader Zloader |
2022-10-31 ⋅ paloalto Netoworks: Unit42 ⋅ Or Chechik @online{chechik:20221031:banking:c421ac8,
author = {Or Chechik},
title = {{Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure}},
date = {2022-10-31},
organization = {paloalto Netoworks: Unit42},
url = {https://unit42.paloaltonetworks.com/banking-trojan-techniques/},
language = {English},
urldate = {2022-10-31}
}
Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure Dridex Kronos TrickBot Zeus |
2022-10-13 ⋅ Spamhaus ⋅ Spamhaus Malware Labs @techreport{labs:20221013:spamhaus:43e3190,
author = {Spamhaus Malware Labs},
title = {{Spamhaus Botnet Threat Update Q3 2022}},
date = {2022-10-13},
institution = {Spamhaus},
url = {https://info.spamhaus.com/hubfs/Botnet%20Reports/2022%20Q3%20Botnet%20Threat%20Update.pdf},
language = {English},
urldate = {2022-12-29}
}
Spamhaus Botnet Threat Update Q3 2022 FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm |
2022-09-01 ⋅ IBM ⋅ Kevin Henson, Emmy Ebanks @online{henson:20220901:raspberry:b5b5946,
author = {Kevin Henson and Emmy Ebanks},
title = {{Raspberry Robin and Dridex: Two Birds of a Feather}},
date = {2022-09-01},
organization = {IBM},
url = {https://securityintelligence.com/posts/raspberry-robin-worm-dridex-malware/},
language = {English},
urldate = {2022-09-06}
}
Raspberry Robin and Dridex: Two Birds of a Feather Dridex Raspberry Robin |
2022-08-24 ⋅ Github (rad9800) ⋅ Rad Kawar @techreport{kawar:20220824:malware:2eeaafb,
author = {Rad Kawar},
title = {{Malware Madness: EXCEPTION edition}},
date = {2022-08-24},
institution = {Github (rad9800)},
url = {https://github.com/rad9800/talks/blob/main/MALWARE_MADNESS.pdf},
language = {English},
urldate = {2022-08-28}
}
Malware Madness: EXCEPTION edition Dridex |
2022-07-09 ⋅ Artik Blue ⋅ Artik Blue @online{blue:20220709:malware:be9282b,
author = {Artik Blue},
title = {{Malware analysis with IDA/Radare2 - Basic Unpacking (Dridex first stage)}},
date = {2022-07-09},
organization = {Artik Blue},
url = {https://artik.blue/malware3},
language = {English},
urldate = {2022-07-15}
}
Malware analysis with IDA/Radare2 - Basic Unpacking (Dridex first stage) Dridex |
2022-06-13 ⋅ Jorge Testa ⋅ Jorge Testa @online{testa:20220613:killing:36e9385,
author = {Jorge Testa},
title = {{Killing The Bear - Evil Corp}},
date = {2022-06-13},
organization = {Jorge Testa},
url = {https://killingthebear.jorgetesta.tech/actors/evil-corp},
language = {English},
urldate = {2022-07-01}
}
Killing The Bear - Evil Corp FAKEUPDATES Babuk Blister DoppelPaymer Dridex Entropy FriedEx Hades Macaw Phoenix Locker WastedLoader WastedLocker |
2022-06-02 ⋅ Mandiant ⋅ Mandiant Intelligence @online{intelligence:20220602:to:e15831c,
author = {Mandiant Intelligence},
title = {{To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions}},
date = {2022-06-02},
organization = {Mandiant},
url = {https://www.mandiant.com/resources/unc2165-shifts-to-evade-sanctions},
language = {English},
urldate = {2022-06-04}
}
To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions FAKEUPDATES Blister Cobalt Strike DoppelPaymer Dridex FriedEx Hades LockBit Macaw MimiKatz Phoenix Locker WastedLocker |
2022-05-24 ⋅ Deep instinct ⋅ Bar Block @online{block:20220524:blame:9f45829,
author = {Bar Block},
title = {{Blame the Messenger: 4 Types of Dropper Malware in Microsoft Office & How to Detect Them}},
date = {2022-05-24},
organization = {Deep instinct},
url = {https://www.deepinstinct.com/blog/types-of-dropper-malware-in-microsoft-office},
language = {English},
urldate = {2022-05-29}
}
Blame the Messenger: 4 Types of Dropper Malware in Microsoft Office & How to Detect Them Dridex Emotet |
2022-05-19 ⋅ Palo Alto Networks Unit 42 ⋅ Saqib Khanzada @online{khanzada:20220519:weaponization:969a179,
author = {Saqib Khanzada},
title = {{Weaponization of Excel Add-Ins Part 2: Dridex Infection Chain Case Studies}},
date = {2022-05-19},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/excel-add-ins-dridex-infection-chain},
language = {English},
urldate = {2022-05-23}
}
Weaponization of Excel Add-Ins Part 2: Dridex Infection Chain Case Studies Dridex |
2022-05-10 ⋅ RiskIQ ⋅ RiskIQ @online{riskiq:20220510:riskiq:0de1fcf,
author = {RiskIQ},
title = {{RiskIQ: Identifying Dridex C2 via SSL Certificate Patterns}},
date = {2022-05-10},
organization = {RiskIQ},
url = {https://community.riskiq.com/article/e4fb7245},
language = {English},
urldate = {2022-05-17}
}
RiskIQ: Identifying Dridex C2 via SSL Certificate Patterns Dridex |
2022-04-27 ⋅ ANSSI ⋅ ANSSI @techreport{anssi:20220427:le:5d47343,
author = {ANSSI},
title = {{LE GROUPE CYBERCRIMINEL FIN7}},
date = {2022-04-27},
institution = {ANSSI},
url = {https://cert.ssi.gouv.fr/uploads/20220427_NP_TLPWHITE_ANSSI_FIN7.pdf},
language = {French},
urldate = {2022-05-05}
}
LE GROUPE CYBERCRIMINEL FIN7 Bateleur BELLHOP Griffon SQLRat POWERSOURCE Andromeda BABYMETAL BlackCat BlackMatter BOOSTWRITE Carbanak Cobalt Strike DNSMessenger Dridex DRIFTPIN Gameover P2P MimiKatz Murofet Qadars Ranbyus SocksBot |
2022-03-13 ⋅ Malcat ⋅ malcat team @online{team:20220313:cutting:f4878c8,
author = {malcat team},
title = {{Cutting corners against a Dridex downloader}},
date = {2022-03-13},
organization = {Malcat},
url = {https://malcat.fr/blog/cutting-corners-against-a-dridex-downloader/},
language = {English},
urldate = {2022-03-14}
}
Cutting corners against a Dridex downloader Dridex |
2022-03 ⋅ VirusTotal ⋅ VirusTotal @techreport{virustotal:202203:virustotals:c6af9c1,
author = {VirusTotal},
title = {{VirusTotal's 2021 Malware Trends Report}},
date = {2022-03},
institution = {VirusTotal},
url = {https://assets.virustotal.com/reports/2021trends.pdf},
language = {English},
urldate = {2022-04-13}
}
VirusTotal's 2021 Malware Trends Report Anubis AsyncRAT BlackMatter Cobalt Strike DanaBot Dridex Khonsari MimiKatz Mirai Nanocore RAT Orcus RAT |
2022-02-23 ⋅ SophosLabs Uncut ⋅ Andrew Brandt @online{brandt:20220223:dridex:c1d4784,
author = {Andrew Brandt},
title = {{Dridex bots deliver Entropy ransomware in recent attacks}},
date = {2022-02-23},
organization = {SophosLabs Uncut},
url = {https://news.sophos.com/en-us/2022/02/23/dridex-bots-deliver-entropy-ransomware-in-recent-attacks/},
language = {English},
urldate = {2022-03-01}
}
Dridex bots deliver Entropy ransomware in recent attacks Cobalt Strike Dridex Entropy |
2022-02-23 ⋅ Sentinel LABS ⋅ Antonio Pirozzi, Antonis Terefos, Idan Weizman @online{pirozzi:20220223:sanctions:aae1c98,
author = {Antonio Pirozzi and Antonis Terefos and Idan Weizman},
title = {{Sanctions Be Damned | From Dridex to Macaw, The Evolution of Evil Corp}},
date = {2022-02-23},
organization = {Sentinel LABS},
url = {https://www.sentinelone.com/labs/sanctions-be-damned-from-dridex-to-macaw-the-evolution-of-evil-corp/},
language = {English},
urldate = {2022-02-26}
}
Sanctions Be Damned | From Dridex to Macaw, The Evolution of Evil Corp Dridex WastedLocker |
2022-02-08 ⋅ Intel 471 ⋅ Intel 471 @online{471:20220208:privateloader:5e226cd,
author = {Intel 471},
title = {{PrivateLoader: The first step in many malware schemes}},
date = {2022-02-08},
organization = {Intel 471},
url = {https://intel471.com/blog/privateloader-malware},
language = {English},
urldate = {2022-05-09}
}
PrivateLoader: The first step in many malware schemes Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos SmokeLoader STOP Tofsee TrickBot Vidar |
2022-02 ⋅ Sentinel LABS ⋅ Antonio Pirozzi, Antonis Terefos, Idan Weizman @techreport{pirozzi:202202:sanctions:2213742,
author = {Antonio Pirozzi and Antonis Terefos and Idan Weizman},
title = {{Sanctions be Damned | From Dridex To Macaw, The Evolution of Evil Corp}},
date = {2022-02},
institution = {Sentinel LABS},
url = {https://www.sentinelone.com/wp-content/uploads/2022/02/S1_-SentinelLabs_SanctionsBeDamned_final_02.pdf},
language = {English},
urldate = {2022-05-17}
}
Sanctions be Damned | From Dridex To Macaw, The Evolution of Evil Corp Dridex FriedEx Hades Phoenix Locker WastedLocker |
2022-01-18 ⋅ Recorded Future ⋅ Insikt Group® @techreport{group:20220118:2021:9cff6fc,
author = {Insikt Group®},
title = {{2021 Adversary Infrastructure Report}},
date = {2022-01-18},
institution = {Recorded Future},
url = {https://go.recordedfuture.com/hubfs/reports/cta-2022-0118.pdf},
language = {English},
urldate = {2022-01-24}
}
2021 Adversary Infrastructure Report BazarBackdoor Cobalt Strike Dridex IcedID QakBot TrickBot |
2022-01-14 ⋅ RiskIQ ⋅ Jordan Herman @online{herman:20220114:riskiq:f4f5b68,
author = {Jordan Herman},
title = {{RiskIQ: Unique SSL Certificates and JARM Hash Connected to Emotet and Dridex C2 Servers}},
date = {2022-01-14},
organization = {RiskIQ},
url = {https://community.riskiq.com/article/2cd1c003},
language = {English},
urldate = {2022-01-18}
}
RiskIQ: Unique SSL Certificates and JARM Hash Connected to Emotet and Dridex C2 Servers Dridex Emotet |
2022-01-11 ⋅ muha2xmad ⋅ Muhammad Hasan Ali @online{ali:20220111:unpacking:2fe091c,
author = {Muhammad Hasan Ali},
title = {{Unpacking Dridex malware}},
date = {2022-01-11},
organization = {muha2xmad},
url = {https://muha2xmad.github.io/unpacking/dridex/},
language = {English},
urldate = {2022-01-25}
}
Unpacking Dridex malware Dridex |
2022-01-09 ⋅ Atomic Matryoshka ⋅ z3r0day_504 @online{z3r0day504:20220109:malware:81e38aa,
author = {z3r0day_504},
title = {{Malware Headliners: Dridex}},
date = {2022-01-09},
organization = {Atomic Matryoshka},
url = {https://www.atomicmatryoshka.com/post/malware-headliners-dridex},
language = {English},
urldate = {2022-02-01}
}
Malware Headliners: Dridex Dridex |
2022-01-05 ⋅ ARMOR ⋅ Armor @online{armor:20220105:threat:178f0e9,
author = {Armor},
title = {{Threat Intelligence Report: The Evolution of Doppel Spider from BitPaymer to Grief Ransomware}},
date = {2022-01-05},
organization = {ARMOR},
url = {https://www.armor.com/resources/threat-intelligence/the-evolution-of-doppel-spider-from-bitpaymer-to-grief-ransomware/},
language = {English},
urldate = {2022-01-12}
}
Threat Intelligence Report: The Evolution of Doppel Spider from BitPaymer to Grief Ransomware DoppelPaymer FriedEx |
2021-12-23 ⋅ Symantec ⋅ Siddhesh Chandrayan @online{chandrayan:20211223:log4j:58ea562,
author = {Siddhesh Chandrayan},
title = {{Log4j Vulnerabilities: Attack Insights}},
date = {2021-12-23},
organization = {Symantec},
url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/log4j-vulnerabilities-attacks},
language = {English},
urldate = {2022-01-25}
}
Log4j Vulnerabilities: Attack Insights Tsunami Conti Dridex Khonsari Orcus RAT TellYouThePass |
2021-12-20 ⋅ InQuest ⋅ Nick Chalard @online{chalard:20211220:dont:0aad3db,
author = {Nick Chalard},
title = {{(Don't) Bring Dridex Home for the Holidays}},
date = {2021-12-20},
organization = {InQuest},
url = {https://inquest.net/blog/2021/12/20/dont-bring-dridex-home-holidays},
language = {English},
urldate = {2021-12-22}
}
(Don't) Bring Dridex Home for the Holidays DoppelDridex Dridex |
2021-11-21 ⋅ Cyber-Anubis ⋅ Nidal Fikri @online{fikri:20211121:dridex:b9218fa,
author = {Nidal Fikri},
title = {{Dridex Trojan | Defeating Anti-Analysis | Strings Decryption | C&C Extraction}},
date = {2021-11-21},
organization = {Cyber-Anubis},
url = {https://cyber-anubis.github.io/malware%20analysis/dridex/},
language = {English},
urldate = {2021-12-01}
}
Dridex Trojan | Defeating Anti-Analysis | Strings Decryption | C&C Extraction DoppelDridex Dridex |
2021-11-16 ⋅ Yoroi ⋅ Luigi Martire, Carmelo Ragusa, Luca Mella @online{martire:20211116:office:2dba65a,
author = {Luigi Martire and Carmelo Ragusa and Luca Mella},
title = {{Office Documents: May the XLL technique change the threat Landscape in 2022?}},
date = {2021-11-16},
organization = {Yoroi},
url = {https://yoroi.company/research/office-documents-may-the-xll-technique-change-the-threat-landscape-in-2022/},
language = {English},
urldate = {2021-11-17}
}
Office Documents: May the XLL technique change the threat Landscape in 2022? Agent Tesla Dridex Formbook |
2021-11-12 ⋅ Recorded Future ⋅ Insikt Group® @techreport{group:20211112:business:6d6cffa,
author = {Insikt Group®},
title = {{The Business of Fraud: Botnet Malware Dissemination}},
date = {2021-11-12},
institution = {Recorded Future},
url = {https://go.recordedfuture.com/hubfs/reports/cta-2021-1112.pdf},
language = {English},
urldate = {2021-11-17}
}
The Business of Fraud: Botnet Malware Dissemination Mozi Dridex IcedID QakBot TrickBot |
2021-09-15 ⋅ Palo Alto Networks Unit 42 ⋅ Anna Chung, Swetha Balla @online{chung:20210915:phishing:15f054e,
author = {Anna Chung and Swetha Balla},
title = {{Phishing Eager Travelers}},
date = {2021-09-15},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/travel-themed-phishing/},
language = {English},
urldate = {2021-09-19}
}
Phishing Eager Travelers Dridex |
2021-09-03 ⋅ Trend Micro ⋅ Mohamad Mokbel @techreport{mokbel:20210903:state:df86499,
author = {Mohamad Mokbel},
title = {{The State of SSL/TLS Certificate Usage in Malware C&C Communications}},
date = {2021-09-03},
institution = {Trend Micro},
url = {https://www.trendmicro.com/content/dam/trendmicro/global/en/research/21/i/ssl-tls-technical-brief/ssl-tls-technical-brief.pdf},
language = {English},
urldate = {2021-09-19}
}
The State of SSL/TLS Certificate Usage in Malware C&C Communications AdWind ostap AsyncRAT BazarBackdoor BitRAT Buer Chthonic CloudEyE Cobalt Strike DCRat Dridex FindPOS GootKit Gozi IcedID ISFB Nanocore RAT Orcus RAT PandaBanker Qadars QakBot Quasar RAT Rockloader ServHelper Shifu SManager TorrentLocker TrickBot Vawtrak Zeus Zloader |
2021-08-19 ⋅ Blackberry ⋅ BlackBerry Research & Intelligence Team @online{team:20210819:blackberry:2eec433,
author = {BlackBerry Research & Intelligence Team},
title = {{BlackBerry Prevents: Threat Actor Group TA575 and Dridex Malware}},
date = {2021-08-19},
organization = {Blackberry},
url = {https://blogs.blackberry.com/en/2021/08/blackberry-prevents-threat-actor-group-ta575-and-dridex-malware},
language = {English},
urldate = {2021-08-23}
}
BlackBerry Prevents: Threat Actor Group TA575 and Dridex Malware Cobalt Strike Dridex |
2021-08-15 ⋅ Symantec ⋅ Threat Hunter Team @techreport{team:20210815:ransomware:f799696,
author = {Threat Hunter Team},
title = {{The Ransomware Threat}},
date = {2021-08-15},
institution = {Symantec},
url = {https://symantec.broadcom.com/hubfs/The_Ransomware_Threat_September_2021.pdf},
language = {English},
urldate = {2021-12-15}
}
The Ransomware Threat Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker |
2021-08-05 ⋅ KrebsOnSecurity ⋅ Brian Krebs @online{krebs:20210805:ransomware:0962b82,
author = {Brian Krebs},
title = {{Ransomware Gangs and the Name Game Distraction}},
date = {2021-08-05},
organization = {KrebsOnSecurity},
url = {https://krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/},
language = {English},
urldate = {2021-12-13}
}
Ransomware Gangs and the Name Game Distraction DarkSide RansomEXX Babuk Cerber Conti DarkSide DoppelPaymer Egregor FriedEx Gandcrab Hermes Maze RansomEXX REvil Ryuk Sekhmet |
2021-07-30 ⋅ HP ⋅ Patrick Schläpfer @online{schlpfer:20210730:detecting:2291323,
author = {Patrick Schläpfer},
title = {{Detecting TA551 domains}},
date = {2021-07-30},
organization = {HP},
url = {https://threatresearch.ext.hp.com/detecting-ta551-domains/},
language = {English},
urldate = {2021-08-02}
}
Detecting TA551 domains Valak Dridex IcedID ISFB QakBot |
2021-07-02 ⋅ MalwareBookReports ⋅ muzi @online{muzi:20210702:skip:09c3cd8,
author = {muzi},
title = {{Skip the Middleman: Dridex Document to Cobalt Strike}},
date = {2021-07-02},
organization = {MalwareBookReports},
url = {https://malwarebookreports.com/cryptone-cobalt-strike/},
language = {English},
urldate = {2021-07-06}
}
Skip the Middleman: Dridex Document to Cobalt Strike Cobalt Strike Dridex |
2021-06-22 ⋅ Twitter (@Cryptolaemus1) ⋅ Cryptolaemus, Kirk Sayre, dao ming si @online{cryptolaemus:20210622:ta575:895ac37,
author = {Cryptolaemus and Kirk Sayre and dao ming si},
title = {{Tweet on TA575, a Dridex affiliate delivering cobaltstrike (packed withe Cryptone) directly via the macro docs}},
date = {2021-06-22},
organization = {Twitter (@Cryptolaemus1)},
url = {https://twitter.com/Cryptolaemus1/status/1407135648528711680},
language = {English},
urldate = {2021-06-22}
}
Tweet on TA575, a Dridex affiliate delivering cobaltstrike (packed withe Cryptone) directly via the macro docs Cobalt Strike Dridex |
2021-06-08 ⋅ Intel 471 ⋅ Intel 471 @online{471:20210608:blurry:5b278e5,
author = {Intel 471},
title = {{The blurry boundaries between nation-state actors and the cybercrime underground}},
date = {2021-06-08},
organization = {Intel 471},
url = {https://www.intel471.com/blog/cybercrime-russia-china-iran-nation-state},
language = {English},
urldate = {2021-06-16}
}
The blurry boundaries between nation-state actors and the cybercrime underground Dridex Gameover P2P |
2021-06-06 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20210606:new:8c47cad,
author = {Lawrence Abrams},
title = {{New Evil Corp ransomware mimics PayloadBin gang to evade US sanctions}},
date = {2021-06-06},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/new-evil-corp-ransomware-mimics-payloadbin-gang-to-evade-us-sanctions/},
language = {English},
urldate = {2021-06-16}
}
New Evil Corp ransomware mimics PayloadBin gang to evade US sanctions Babuk FriedEx PayloadBIN WastedLocker |
2021-06-03 ⋅ YouTube (FIRST) ⋅ Felipe Domingues, Gustavo Palazolo @online{domingues:20210603:breaking:69967e5,
author = {Felipe Domingues and Gustavo Palazolo},
title = {{Breaking Dridex Malware}},
date = {2021-06-03},
organization = {YouTube (FIRST)},
url = {https://www.youtube.com/watch?v=1VB15_HgUkg},
language = {English},
urldate = {2021-06-16}
}
Breaking Dridex Malware Dridex |
2021-05-26 ⋅ DeepInstinct ⋅ Ron Ben Yizhak @online{yizhak:20210526:deep:c123a19,
author = {Ron Ben Yizhak},
title = {{A Deep Dive into Packing Software CryptOne}},
date = {2021-05-26},
organization = {DeepInstinct},
url = {https://www.deepinstinct.com/2021/05/26/deep-dive-packing-software-cryptone/},
language = {English},
urldate = {2021-06-22}
}
A Deep Dive into Packing Software CryptOne Cobalt Strike Dridex Emotet Gozi ISFB Mailto QakBot SmokeLoader WastedLocker Zloader |
2021-04-21 ⋅ SophosLabs Uncut ⋅ Sean Gallagher, Suriya Natarajan, Anand Aijan, Michael Wood, Sivagnanam Gn, Markel Picado, Andrew Brandt @online{gallagher:20210421:nearly:53964a7,
author = {Sean Gallagher and Suriya Natarajan and Anand Aijan and Michael Wood and Sivagnanam Gn and Markel Picado and Andrew Brandt},
title = {{Nearly half of malware now use TLS to conceal communications}},
date = {2021-04-21},
organization = {SophosLabs Uncut},
url = {https://news.sophos.com/en-us/2021/04/21/nearly-half-of-malware-now-use-tls-to-conceal-communications/},
language = {English},
urldate = {2021-04-28}
}
Nearly half of malware now use TLS to conceal communications Agent Tesla Cobalt Strike Dridex SystemBC |
2021-04-15 ⋅ Proofpoint ⋅ Selena Larson @online{larson:20210415:threat:cdfef32,
author = {Selena Larson},
title = {{Threat Actors Pair Tax-Themed Lures With COVID-19, Healthcare Themes}},
date = {2021-04-15},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/blog/security-briefs/threat-actors-pair-tax-themed-lures-covid-19-healthcare-themes},
language = {English},
urldate = {2021-08-23}
}
Threat Actors Pair Tax-Themed Lures With COVID-19, Healthcare Themes Dridex TrickBot |
2021-04-15 ⋅ Twitter (@felixw3000) ⋅ Felix @online{felix:20210415:dridexs:a39e123,
author = {Felix},
title = {{Tweet on Dridex's evasion technique}},
date = {2021-04-15},
organization = {Twitter (@felixw3000)},
url = {https://twitter.com/felixw3000/status/1382614469713530883?s=20},
language = {English},
urldate = {2021-05-25}
}
Tweet on Dridex's evasion technique Dridex |
2021-04-12 ⋅ PTSecurity ⋅ PTSecurity @online{ptsecurity:20210412:paas:1d06836,
author = {PTSecurity},
title = {{PaaS, or how hackers evade antivirus software}},
date = {2021-04-12},
organization = {PTSecurity},
url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/paas-or-how-hackers-evade-antivirus-software/},
language = {English},
urldate = {2021-04-12}
}
PaaS, or how hackers evade antivirus software Amadey Bunitu Cerber Dridex ISFB KPOT Stealer Mailto Nemty Phobos Pony Predator The Thief QakBot Raccoon RTM SmokeLoader Zloader |
2021-04-06 ⋅ Lexfo ⋅ Lexfo @online{lexfo:20210406:dridex:a3b6f4f,
author = {Lexfo},
title = {{Dridex Loader Analysis}},
date = {2021-04-06},
organization = {Lexfo},
url = {https://blog.lexfo.fr/dridex-malware.html},
language = {English},
urldate = {2021-04-09}
}
Dridex Loader Analysis Dridex |
2021-03-31 ⋅ Red Canary ⋅ Red Canary @techreport{canary:20210331:2021:cd81f2d,
author = {Red Canary},
title = {{2021 Threat Detection Report}},
date = {2021-03-31},
institution = {Red Canary},
url = {https://resource.redcanary.com/rs/003-YRU-314/images/2021-Threat-Detection-Report.pdf},
language = {English},
urldate = {2021-04-06}
}
2021 Threat Detection Report Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot |
2021-03-29 ⋅ VMWare Carbon Black ⋅ Jason Zhang, Oleg Boyarchuk, Giovanni Vigna @online{zhang:20210329:dridex:7692f65,
author = {Jason Zhang and Oleg Boyarchuk and Giovanni Vigna},
title = {{Dridex Reloaded: Analysis of a New Dridex Campaign}},
date = {2021-03-29},
organization = {VMWare Carbon Black},
url = {https://blogs.vmware.com/networkvirtualization/2021/03/analysis-of-a-new-dridex-campaign.html/},
language = {English},
urldate = {2021-04-09}
}
Dridex Reloaded: Analysis of a New Dridex Campaign Dridex |
2021-03-18 ⋅ PRODAFT Threat Intelligence ⋅ PRODAFT @techreport{prodaft:20210318:silverfish:f203208,
author = {PRODAFT},
title = {{SilverFish GroupThreat Actor Report}},
date = {2021-03-18},
institution = {PRODAFT Threat Intelligence},
url = {https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf},
language = {English},
urldate = {2021-04-06}
}
SilverFish GroupThreat Actor Report Cobalt Strike Dridex Koadic |
2021-03-17 ⋅ CrowdStrike ⋅ Adam Podlosky, Brendon Feeley @online{podlosky:20210317:indrik:65d1f3f,
author = {Adam Podlosky and Brendon Feeley},
title = {{INDRIK SPIDER Supersedes WastedLocker with Hades Ransomware to Circumvent OFAC Sanctions}},
date = {2021-03-17},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/hades-ransomware-successor-to-indrik-spiders-wastedlocker/},
language = {English},
urldate = {2021-03-19}
}
INDRIK SPIDER Supersedes WastedLocker with Hades Ransomware to Circumvent OFAC Sanctions FriedEx WastedLocker |
2021-03-17 ⋅ HP ⋅ HP Bromium @techreport{bromium:20210317:threat:3aed551,
author = {HP Bromium},
title = {{Threat Insights Report Q4-2020}},
date = {2021-03-17},
institution = {HP},
url = {https://threatresearch.ext.hp.com/wp-content/uploads/2021/03/HP_Bromium_Threat_Insights_Report_Q4_2020.pdf},
language = {English},
urldate = {2021-03-19}
}
Threat Insights Report Q4-2020 Agent Tesla BitRAT ComodoSec Dridex Emotet Ficker Stealer Formbook Zloader |
2021-03-11 ⋅ IBM ⋅ Dave McMillen, Limor Kessem @online{mcmillen:20210311:dridex:1140b01,
author = {Dave McMillen and Limor Kessem},
title = {{Dridex Campaign Propelled by Cutwail Botnet and Poisonous PowerShell Scripts}},
date = {2021-03-11},
organization = {IBM},
url = {https://securityintelligence.com/dridex-campaign-propelled-by-cutwail-botnet-and-powershell/},
language = {English},
urldate = {2021-03-12}
}
Dridex Campaign Propelled by Cutwail Botnet and Poisonous PowerShell Scripts Cutwail Dridex |
2021-03 ⋅ Group-IB ⋅ Oleg Skulkin, Roman Rezvukhin, Semyon Rogachev @techreport{skulkin:202103:ransomware:992ca10,
author = {Oleg Skulkin and Roman Rezvukhin and Semyon Rogachev},
title = {{Ransomware Uncovered 2020/2021}},
date = {2021-03},
institution = {Group-IB},
url = {https://web.archive.org/web/20210305181115/https://cisoclub.ru/doc/otchet-kompanii-group-ib-ransomware-uncovered-2020-2021/?bp-attachment=group-ib_ransomware_uncovered_2020-2021.pdf},
language = {English},
urldate = {2021-06-16}
}
Ransomware Uncovered 2020/2021 RansomEXX BazarBackdoor Buer Clop Conti DoppelPaymer Dridex Egregor IcedID Maze PwndLocker QakBot RansomEXX REvil Ryuk SDBbot TrickBot Zloader |
2021-02-28 ⋅ PWC UK ⋅ PWC UK @techreport{uk:20210228:cyber:bd780cd,
author = {PWC UK},
title = {{Cyber Threats 2020: A Year in Retrospect}},
date = {2021-02-28},
institution = {PWC UK},
url = {https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf},
language = {English},
urldate = {2021-03-04}
}
Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Tonto Team |
2021-02-23 ⋅ CrowdStrike ⋅ CrowdStrike @techreport{crowdstrike:20210223:2021:bf5bc4f,
author = {CrowdStrike},
title = {{2021 Global Threat Report}},
date = {2021-02-23},
institution = {CrowdStrike},
url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf},
language = {English},
urldate = {2021-02-25}
}
2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader KNOCKOUT SPIDER OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
2021-02-15 ⋅ Medium s2wlab ⋅ Sojun Ryu @online{ryu:20210215:operation:b0712b0,
author = {Sojun Ryu},
title = {{Operation SyncTrek}},
date = {2021-02-15},
organization = {Medium s2wlab},
url = {https://medium.com/s2wlab/operation-synctrek-e5013df8d167},
language = {English},
urldate = {2021-09-02}
}
Operation SyncTrek AbaddonPOS Azorult Clop DoppelDridex DoppelPaymer Dridex PwndLocker |
2021-02-07 ⋅ Technical Blog of Ali Aqeel ⋅ Ali Aqeel @online{aqeel:20210207:dridex:871b7d0,
author = {Ali Aqeel},
title = {{Dridex Malware Analysis}},
date = {2021-02-07},
organization = {Technical Blog of Ali Aqeel},
url = {https://aaqeel01.wordpress.com/2021/02/07/dridex-malware-analysis/},
language = {English},
urldate = {2021-02-09}
}
Dridex Malware Analysis Dridex |
2021-02-02 ⋅ CRONUP ⋅ Germán Fernández @online{fernndez:20210202:de:6ff4f3a,
author = {Germán Fernández},
title = {{De ataque con Malware a incidente de Ransomware}},
date = {2021-02-02},
organization = {CRONUP},
url = {https://www.cronup.com/post/de-ataque-con-malware-a-incidente-de-ransomware},
language = {Spanish},
urldate = {2021-03-02}
}
De ataque con Malware a incidente de Ransomware Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader |
2021-02-02 ⋅ Twitter (@TheDFIRReport) ⋅ The DFIR Report @online{report:20210202:recent:5272ed0,
author = {The DFIR Report},
title = {{Tweet on recent dridex post infection activity}},
date = {2021-02-02},
organization = {Twitter (@TheDFIRReport)},
url = {https://twitter.com/TheDFIRReport/status/1356729371931860992},
language = {English},
urldate = {2021-02-04}
}
Tweet on recent dridex post infection activity Cobalt Strike Dridex |
2021-02-01 ⋅ Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team @online{team:20210201:what:2e12897,
author = {Microsoft 365 Defender Threat Intelligence Team},
title = {{What tracking an attacker email infrastructure tells us about persistent cybercriminal operations}},
date = {2021-02-01},
organization = {Microsoft},
url = {https://www.microsoft.com/security/blog/2021/02/01/what-tracking-an-attacker-email-infrastructure-tells-us-about-persistent-cybercriminal-operations/},
language = {English},
urldate = {2021-02-02}
}
What tracking an attacker email infrastructure tells us about persistent cybercriminal operations Dridex Emotet Makop Ransomware SmokeLoader TrickBot |
2021-01-19 ⋅ HP ⋅ Patrick Schläpfer @online{schlpfer:20210119:dridex:a8b3da4,
author = {Patrick Schläpfer},
title = {{Dridex Malicious Document Analysis: Automating the Extraction of Payload URLs}},
date = {2021-01-19},
organization = {HP},
url = {https://threatresearch.ext.hp.com/dridex-malicious-document-analysis-automating-the-extraction-of-payload-urls/},
language = {English},
urldate = {2021-01-21}
}
Dridex Malicious Document Analysis: Automating the Extraction of Payload URLs Dridex |
2021-01-09 ⋅ Marco Ramilli's Blog ⋅ Marco Ramilli @online{ramilli:20210109:command:d720b27,
author = {Marco Ramilli},
title = {{Command and Control Traffic Patterns}},
date = {2021-01-09},
organization = {Marco Ramilli's Blog},
url = {https://marcoramilli.com/2021/01/09/c2-traffic-patterns-personal-notes/},
language = {English},
urldate = {2021-05-17}
}
Command and Control Traffic Patterns ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot |
2021-01-04 ⋅ Check Point ⋅ Check Point Research @online{research:20210104:dridex:2741eba,
author = {Check Point Research},
title = {{DRIDEX Stopping Serial Killer: Catching the Next Strike}},
date = {2021-01-04},
organization = {Check Point},
url = {https://research.checkpoint.com/2021/stopping-serial-killer-catching-the-next-strike/},
language = {English},
urldate = {2021-01-05}
}
DRIDEX Stopping Serial Killer: Catching the Next Strike Dridex |
2021 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2021:threat:98f1049,
author = {SecureWorks},
title = {{Threat Profile: GOLD HERON}},
date = {2021},
organization = {Secureworks},
url = {http://www.secureworks.com/research/threat-profiles/gold-heron},
language = {English},
urldate = {2021-05-31}
}
Threat Profile: GOLD HERON DoppelPaymer Dridex Empire Downloader DOPPEL SPIDER |
2021 ⋅ SecureWorks @online{secureworks:2021:threat:dbd7ed7,
author = {SecureWorks},
title = {{Threat Profile: GOLD DRAKE}},
date = {2021},
url = {http://www.secureworks.com/research/threat-profiles/gold-drake},
language = {English},
urldate = {2021-05-28}
}
Threat Profile: GOLD DRAKE Cobalt Strike Dridex FriedEx Koadic MimiKatz WastedLocker Evil Corp |
2020-12-10 ⋅ US-CERT ⋅ US-CERT, FBI, MS-ISAC @online{uscert:20201210:alert:a5ec77e,
author = {US-CERT and FBI and MS-ISAC},
title = {{Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data}},
date = {2020-12-10},
organization = {US-CERT},
url = {https://us-cert.cisa.gov/ncas/alerts/aa20-345a},
language = {English},
urldate = {2020-12-11}
}
Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus |
2020-11-20 ⋅ ZDNet ⋅ Catalin Cimpanu @online{cimpanu:20201120:malware:0b8ff59,
author = {Catalin Cimpanu},
title = {{The malware that usually installs ransomware and you need to remove right away}},
date = {2020-11-20},
organization = {ZDNet},
url = {https://www.zdnet.com/article/the-malware-that-usually-installs-ransomware-and-you-need-to-remove-right-away/},
language = {English},
urldate = {2020-11-23}
}
The malware that usually installs ransomware and you need to remove right away Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader |
2020-11-18 ⋅ Sophos ⋅ Sophos @techreport{sophos:20201118:sophos:8fd201e,
author = {Sophos},
title = {{SOPHOS 2021 THREAT REPORT Navigating cybersecurity in an uncertain world}},
date = {2020-11-18},
institution = {Sophos},
url = {https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2021-threat-report.pdf},
language = {English},
urldate = {2020-11-19}
}
SOPHOS 2021 THREAT REPORT Navigating cybersecurity in an uncertain world Agent Tesla Dridex TrickBot Zloader |
2020-10-29 ⋅ CERT-FR ⋅ CERT-FR @techreport{certfr:20201029:le:d296223,
author = {CERT-FR},
title = {{LE MALWARE-AS-A-SERVICE EMOTET}},
date = {2020-10-29},
institution = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-010.pdf},
language = {English},
urldate = {2020-11-04}
}
LE MALWARE-AS-A-SERVICE EMOTET Dridex Emotet ISFB QakBot |
2020-10-15 ⋅ Department of Justice ⋅ Department of Justice @online{justice:20201015:officials:b340951,
author = {Department of Justice},
title = {{Officials Announce International Operation Targeting Transnational Criminal Organization QQAAZZ that Provided Money Laundering Services to High-Level Cybercriminals}},
date = {2020-10-15},
organization = {Department of Justice},
url = {https://www.justice.gov/opa/pr/officials-announce-international-operation-targeting-transnational-criminal-organization},
language = {English},
urldate = {2020-10-23}
}
Officials Announce International Operation Targeting Transnational Criminal Organization QQAAZZ that Provided Money Laundering Services to High-Level Cybercriminals Dridex ISFB TrickBot |
2020-10-03 ⋅ Wikipedia ⋅ Wikpedia @online{wikpedia:20201003:wikipedia:70dbf1e,
author = {Wikpedia},
title = {{Wikipedia Page: Maksim Yakubets}},
date = {2020-10-03},
organization = {Wikipedia},
url = {https://en.wikipedia.org/wiki/Maksim_Yakubets},
language = {English},
urldate = {2020-11-02}
}
Wikipedia Page: Maksim Yakubets Dridex Feodo Evil Corp |
2020-09-29 ⋅ PWC UK ⋅ Andy Auld @online{auld:20200929:whats:2782a62,
author = {Andy Auld},
title = {{What's behind the increase in ransomware attacks this year?}},
date = {2020-09-29},
organization = {PWC UK},
url = {https://www.pwc.co.uk/issues/cyber-security-services/insights/what-is-behind-ransomware-attacks-increase.html},
language = {English},
urldate = {2021-05-25}
}
What's behind the increase in ransomware attacks this year? DarkSide Avaddon Clop Conti DoppelPaymer Dridex Emotet FriedEx Mailto PwndLocker QakBot REvil Ryuk SMAUG SunCrypt TrickBot WastedLocker |
2020-09-25 ⋅ CrowdStrike ⋅ The Crowdstrike Intel Team @online{team:20200925:double:fe3b093,
author = {The Crowdstrike Intel Team},
title = {{Double Trouble: Ransomware with Data Leak Extortion, Part 1}},
date = {2020-09-25},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-1/},
language = {English},
urldate = {2020-10-02}
}
Double Trouble: Ransomware with Data Leak Extortion, Part 1 DoppelPaymer FriedEx LockBit Maze MedusaLocker RagnarLocker REvil RobinHood SamSam WastedLocker MIMIC SPIDER PIZZO SPIDER TA2101 VIKING SPIDER |
2020-09-18 ⋅ AppGate ⋅ Gustavo Palazolo, Felipe Duarte @online{palazolo:20200918:reverse:689e4cb,
author = {Gustavo Palazolo and Felipe Duarte},
title = {{Reverse Engineering Dridex and Automating IOC Extraction}},
date = {2020-09-18},
organization = {AppGate},
url = {https://www.appgate.com/blog/reverse-engineering-dridex-and-automating-ioc-extraction},
language = {English},
urldate = {2020-09-25}
}
Reverse Engineering Dridex and Automating IOC Extraction Dridex |
2020-09-10 ⋅ SANS ISC InfoSec Forums ⋅ Brad Duncan @online{duncan:20200910:recent:f9e103f,
author = {Brad Duncan},
title = {{Recent Dridex activity}},
date = {2020-09-10},
organization = {SANS ISC InfoSec Forums},
url = {https://isc.sans.edu/forums/diary/Recent+Dridex+activity/26550/},
language = {English},
urldate = {2020-09-15}
}
Recent Dridex activity Dridex |
2020-09-07 ⋅ Github (pan-unit42) ⋅ Brad Duncan @online{duncan:20200907:collection:09ab7be,
author = {Brad Duncan},
title = {{Collection of recent Dridex IOCs}},
date = {2020-09-07},
organization = {Github (pan-unit42)},
url = {https://github.com/pan-unit42/tweets/blob/master/2020-09-07-Dridex-IOCs.txt},
language = {English},
urldate = {2020-09-15}
}
Collection of recent Dridex IOCs Cutwail Dridex |
2020-08-21 ⋅ Palo Alto Networks Unit 42 ⋅ Brad Duncan @online{duncan:20200821:wireshark:d98d5ed,
author = {Brad Duncan},
title = {{Wireshark Tutorial: Decrypting HTTPS Traffic}},
date = {2020-08-21},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/wireshark-tutorial-decrypting-https-traffic/},
language = {English},
urldate = {2020-08-25}
}
Wireshark Tutorial: Decrypting HTTPS Traffic Dridex |
2020-08-20 ⋅ CERT-FR ⋅ CERT-FR @techreport{certfr:20200820:development:d518522,
author = {CERT-FR},
title = {{Development of the Activity of the TA505 Cybercriminal Group}},
date = {2020-08-20},
institution = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-009.pdf},
language = {English},
urldate = {2020-08-28}
}
Development of the Activity of the TA505 Cybercriminal Group AndroMut Bart Clop Dridex FlawedAmmyy FlawedGrace Get2 Locky Marap QuantLoader SDBbot ServHelper tRat TrickBot |
2020-08-09 ⋅ F5 Labs ⋅ Remi Cohen, Debbie Walkowski @online{cohen:20200809:banking:8718999,
author = {Remi Cohen and Debbie Walkowski},
title = {{Banking Trojans: A Reference Guide to the Malware Family Tree}},
date = {2020-08-09},
organization = {F5 Labs},
url = {https://www.f5.com/labs/articles/education/banking-trojans-a-reference-guide-to-the-malware-family-tree},
language = {English},
urldate = {2021-06-29}
}
Banking Trojans: A Reference Guide to the Malware Family Tree BackSwap Carberp Citadel DanaBot Dridex Dyre Emotet Gozi Kronos PandaBanker Ramnit Shylock SpyEye Tinba TrickBot Vawtrak Zeus |
2020-08-03 ⋅ The DFIR Report @online{report:20200803:dridex:165cf39,
author = {The DFIR Report},
title = {{Dridex – From Word to Domain Dominance}},
date = {2020-08-03},
url = {https://thedfirreport.com/2020/08/03/dridex-from-word-to-domain-dominance/},
language = {English},
urldate = {2020-08-05}
}
Dridex – From Word to Domain Dominance Dridex |
2020-08 ⋅ Temple University ⋅ CARE @online{care:202008:critical:415c34d,
author = {CARE},
title = {{Critical Infrastructure Ransomware Attacks}},
date = {2020-08},
organization = {Temple University},
url = {https://sites.temple.edu/care/ci-rw-attacks/},
language = {English},
urldate = {2020-09-15}
}
Critical Infrastructure Ransomware Attacks CryptoLocker Cryptowall DoppelPaymer FriedEx Mailto Maze REvil Ryuk SamSam WannaCryptor |
2020-07-17 ⋅ CERT-FR ⋅ CERT-FR @techreport{certfr:20200717:malware:5c58cdf,
author = {CERT-FR},
title = {{The Malware Dridex: Origins and Uses}},
date = {2020-07-17},
institution = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-008.pdf},
language = {English},
urldate = {2020-07-20}
}
The Malware Dridex: Origins and Uses Andromeda CryptoLocker Cutwail DoppelPaymer Dridex Emotet FriedEx Gameover P2P Gandcrab ISFB Murofet Necurs Predator The Thief Zeus |
2020-06-24 ⋅ Morphisec ⋅ Arnold Osipov @online{osipov:20200624:obfuscated:74bfeed,
author = {Arnold Osipov},
title = {{Obfuscated VBScript Drops Zloader, Ursnif, Qakbot, Dridex}},
date = {2020-06-24},
organization = {Morphisec},
url = {https://blog.morphisec.com/obfuscated-vbscript-drops-zloader-ursnif-qakbot-dridex},
language = {English},
urldate = {2020-06-25}
}
Obfuscated VBScript Drops Zloader, Ursnif, Qakbot, Dridex Dridex ISFB QakBot Zloader |
2020-06-22 ⋅ CERT-FR ⋅ CERT-FR @techreport{certfr:20200622:volution:fba1cfa,
author = {CERT-FR},
title = {{Évolution De Lactivité du Groupe Cybercriminel TA505}},
date = {2020-06-22},
institution = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-006.pdf},
language = {French},
urldate = {2020-06-24}
}
Évolution De Lactivité du Groupe Cybercriminel TA505 Amadey AndroMut Bart Clop Dridex FlawedGrace Gandcrab Get2 GlobeImposter Jaff Locky Marap Philadephia Ransom QuantLoader Scarab Ransomware SDBbot ServHelper Silence tRat TrickBot |
2020-06-19 ⋅ Reaqta ⋅ Reaqta @online{reaqta:20200619:dridex:54f4dd5,
author = {Reaqta},
title = {{Dridex: the secret in a PostMessage()}},
date = {2020-06-19},
organization = {Reaqta},
url = {https://reaqta.com/2020/06/dridex-the-secret-in-a-postmessage/},
language = {English},
urldate = {2020-06-22}
}
Dridex: the secret in a PostMessage() Dridex |
2020-06-05 ⋅ Votiro ⋅ Votiro’s Research Team @online{team:20200605:anatomy:3047f6e,
author = {Votiro’s Research Team},
title = {{Anatomy of a Well-Crafted UPS, FedEx, and DHL Phishing Email During COVID-19}},
date = {2020-06-05},
organization = {Votiro},
url = {https://votiro.com/blog/anatomy-of-a-well-crafted-ups-fedex-and-dhl-phishing-email-during-covid-19/},
language = {English},
urldate = {2020-06-10}
}
Anatomy of a Well-Crafted UPS, FedEx, and DHL Phishing Email During COVID-19 Dridex |
2020-05-31 ⋅ Medium walmartglobaltech ⋅ Jason Reaves, Joshua Platt @online{reaves:20200531:wastedloader:c37b988,
author = {Jason Reaves and Joshua Platt},
title = {{WastedLoader or DridexLoader?}},
date = {2020-05-31},
organization = {Medium walmartglobaltech},
url = {https://medium.com/walmartglobaltech/wastedloader-or-dridexloader-4f47c9b3ae77},
language = {English},
urldate = {2021-06-09}
}
WastedLoader or DridexLoader? Dridex WastedLocker |
2020-05-27 ⋅ GAIS-CERT ⋅ GAIS-CERT @techreport{gaiscert:20200527:dridex:90bd3bd,
author = {GAIS-CERT},
title = {{Dridex Banking Trojan Technical Analysis Report}},
date = {2020-05-27},
institution = {GAIS-CERT},
url = {https://gaissecurity.com/uploads/csirt/EN-Dridex-banking-trojan.pdf},
language = {English},
urldate = {2020-06-24}
}
Dridex Banking Trojan Technical Analysis Report Dridex |
2020-05-25 ⋅ CERT-FR ⋅ CERT-FR @online{certfr:20200525:indicateurs:642332f,
author = {CERT-FR},
title = {{INDICATEURS DE COMPROMISSION DU CERT-FR - Objet: Le code malveillant Dridex}},
date = {2020-05-25},
organization = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/ioc/CERTFR-2020-IOC-003/},
language = {French},
urldate = {2020-06-03}
}
INDICATEURS DE COMPROMISSION DU CERT-FR - Objet: Le code malveillant Dridex Dridex |
2020-05-25 ⋅ CERT-FR ⋅ CERT-FR @techreport{certfr:20200525:le:ac94f72,
author = {CERT-FR},
title = {{Le Code Malveillant Dridex: Origines et Usages}},
date = {2020-05-25},
institution = {CERT-FR},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-005.pdf},
language = {French},
urldate = {2020-05-26}
}
Le Code Malveillant Dridex: Origines et Usages Dridex |
2020-05-21 ⋅ Intel 471 ⋅ Intel 471 @online{471:20200521:brief:048d164,
author = {Intel 471},
title = {{A brief history of TA505}},
date = {2020-05-21},
organization = {Intel 471},
url = {https://intel471.com/blog/a-brief-history-of-ta505},
language = {English},
urldate = {2022-02-14}
}
A brief history of TA505 AndroMut Bart Dridex FlawedAmmyy FlawedGrace Gandcrab Get2 GlobeImposter Jaff Kegotip Locky Necurs Philadephia Ransom Pony QuantLoader Rockloader SDBbot ServHelper Shifu Snatch TrickBot |
2020-03-30 ⋅ Intezer ⋅ Michael Kajiloti @online{kajiloti:20200330:fantastic:c01db60,
author = {Michael Kajiloti},
title = {{Fantastic payloads and where we find them}},
date = {2020-03-30},
organization = {Intezer},
url = {https://intezer.com/blog/intezer-analyze/fantastic-payloads-and-where-we-find-them},
language = {English},
urldate = {2020-04-07}
}
Fantastic payloads and where we find them Dridex Emotet ISFB TrickBot |
2020-03-05 ⋅ Microsoft ⋅ Microsoft Threat Protection Intelligence Team @online{team:20200305:humanoperated:d90a28e,
author = {Microsoft Threat Protection Intelligence Team},
title = {{Human-operated ransomware attacks: A preventable disaster}},
date = {2020-03-05},
organization = {Microsoft},
url = {https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/},
language = {English},
urldate = {2020-03-06}
}
Human-operated ransomware attacks: A preventable disaster Dharma DoppelPaymer Dridex EternalPetya Gandcrab Hermes LockerGoga MegaCortex MimiKatz REvil RobinHood Ryuk SamSam TrickBot WannaCryptor PARINACOTA |
2020-03-04 ⋅ CrowdStrike ⋅ CrowdStrike @techreport{crowdstrike:20200304:2020:818c85f,
author = {CrowdStrike},
title = {{2020 CrowdStrike Global Threat Report}},
date = {2020-03-04},
institution = {CrowdStrike},
url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf},
language = {English},
urldate = {2020-07-24}
}
2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER |
2020-03-03 ⋅ PWC UK ⋅ PWC UK @techreport{uk:20200303:cyber:1f1eef0,
author = {PWC UK},
title = {{Cyber Threats 2019:A Year in Retrospect}},
date = {2020-03-03},
institution = {PWC UK},
url = {https://www.pwc.co.uk/cyber-security/assets/cyber-threats-2019-retrospect.pdf},
language = {English},
urldate = {2020-03-03}
}
Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA |
2020-02-25 ⋅ RSA Conference ⋅ Joel DeCapua @online{decapua:20200225:feds:423f929,
author = {Joel DeCapua},
title = {{Feds Fighting Ransomware: How the FBI Investigates and How You Can Help}},
date = {2020-02-25},
organization = {RSA Conference},
url = {https://www.youtube.com/watch?v=LUxOcpIRxmg},
language = {English},
urldate = {2020-03-04}
}
Feds Fighting Ransomware: How the FBI Investigates and How You Can Help FastCash Cerber Defray Dharma FriedEx Gandcrab GlobeImposter Mamba Phobos Rapid Ransom REvil Ryuk SamSam Zeus |
2020-02-25 ⋅ Bleeping Computer ⋅ Lawrence Abrams @online{abrams:20200225:doppelpaymer:9ca20ab,
author = {Lawrence Abrams},
title = {{DoppelPaymer Ransomware Launches Site to Post Victim's Data}},
date = {2020-02-25},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-launches-site-to-post-victims-data/},
language = {English},
urldate = {2020-02-26}
}
DoppelPaymer Ransomware Launches Site to Post Victim's Data DoppelPaymer FriedEx |
2020-02-18 ⋅ Sophos Labs ⋅ Luca Nagy @online{nagy:20200218:nearly:8ff363f,
author = {Luca Nagy},
title = {{Nearly a quarter of malware now communicates using TLS}},
date = {2020-02-18},
organization = {Sophos Labs},
url = {https://news.sophos.com/en-us/2020/02/18/nearly-a-quarter-of-malware-now-communicates-using-tls/},
language = {English},
urldate = {2020-02-27}
}
Nearly a quarter of malware now communicates using TLS Dridex IcedID TrickBot |
2020-02-12 ⋅ McAfee ⋅ Christiaan Beek @online{beek:20200212:csi:4308ee0,
author = {Christiaan Beek},
title = {{CSI: Evidence Indicators for Targeted Ransomware Attacks – Part I}},
date = {2020-02-12},
organization = {McAfee},
url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/csi-evidence-indicators-for-targeted-ransomware-attacks/},
language = {English},
urldate = {2021-05-13}
}
CSI: Evidence Indicators for Targeted Ransomware Attacks – Part I FriedEx |
2020-01-31 ⋅ Virus Bulletin ⋅ Michal Poslušný, Peter Kálnai @online{poslun:20200131:rich:c25f156,
author = {Michal Poslušný and Peter Kálnai},
title = {{Rich Headers: leveraging this mysterious artifact of the PE format}},
date = {2020-01-31},
organization = {Virus Bulletin},
url = {https://www.virusbulletin.com/virusbulletin/2020/01/vb2019-paper-rich-headers-leveraging-mysterious-artifact-pe-format/},
language = {English},
urldate = {2020-02-03}
}
Rich Headers: leveraging this mysterious artifact of the PE format Dridex Exaramel Industroyer Neutrino RCS Sathurbot |
2020-01-29 ⋅ ANSSI ⋅ ANSSI @techreport{anssi:20200129:tat:3d59e6e,
author = {ANSSI},
title = {{État de la menace rançongiciel}},
date = {2020-01-29},
institution = {ANSSI},
url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-001.pdf},
language = {English},
urldate = {2020-02-03}
}
État de la menace rançongiciel Clop Dharma FriedEx Gandcrab LockerGoga Maze MegaCortex REvil RobinHood Ryuk SamSam |
2020-01-17 ⋅ Secureworks ⋅ Tamada Kiyotaka, Keita Yamazaki, You Nakatsuru @techreport{kiyotaka:20200117:is:969ff38,
author = {Tamada Kiyotaka and Keita Yamazaki and You Nakatsuru},
title = {{Is It Wrong to Try to Find APT Techniques in Ransomware Attack?}},
date = {2020-01-17},
institution = {Secureworks},
url = {https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_1_tamada-yamazaki-nakatsuru_en.pdf},
language = {English},
urldate = {2020-04-06}
}
Is It Wrong to Try to Find APT Techniques in Ransomware Attack? Defray Dharma FriedEx Gandcrab GlobeImposter Matrix Ransom MedusaLocker Phobos REvil Ryuk SamSam Scarab Ransomware |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:gold:b12ae49,
author = {SecureWorks},
title = {{GOLD HERON}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/gold-heron},
language = {English},
urldate = {2020-05-23}
}
GOLD HERON DoppelPaymer Dridex Empire Downloader |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:gold:0d8c853,
author = {SecureWorks},
title = {{GOLD DRAKE}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/gold-drake},
language = {English},
urldate = {2020-05-23}
}
GOLD DRAKE Dridex Empire Downloader FriedEx Koadic MimiKatz |
2019-12-19 ⋅ KrebsOnSecurity ⋅ Brian Krebs @online{krebs:20191219:inside:c7595ad,
author = {Brian Krebs},
title = {{Inside ‘Evil Corp,’ a $100M Cybercrime Menace}},
date = {2019-12-19},
organization = {KrebsOnSecurity},
url = {https://krebsonsecurity.com/2019/12/inside-evil-corp-a-100m-cybercrime-menace/},
language = {English},
urldate = {2020-11-02}
}
Inside ‘Evil Corp,’ a $100M Cybercrime Menace Dridex Gameover P2P Zeus Evil Corp |
2019-12-05 ⋅ U.S. Department of the Treasury ⋅ U.S. Department of the Treasury @online{treasury:20191205:treasury:81d8c3e,
author = {U.S. Department of the Treasury},
title = {{Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware}},
date = {2019-12-05},
organization = {U.S. Department of the Treasury},
url = {https://home.treasury.gov/news/press-releases/sm845},
language = {English},
urldate = {2021-04-06}
}
Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware Dridex |
2019-11-06 ⋅ Blueliv ⋅ Jose Miguel Esparza, Blueliv Team @online{esparza:20191106:spanish:eaf5520,
author = {Jose Miguel Esparza and Blueliv Team},
title = {{Spanish consultancy Everis suffers BitPaymer ransomware attack: a brief analysis}},
date = {2019-11-06},
organization = {Blueliv},
url = {https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/research/everis-bitpaymer-ransomware-attack-analysis-dridex/},
language = {English},
urldate = {2020-01-08}
}
Spanish consultancy Everis suffers BitPaymer ransomware attack: a brief analysis FriedEx |
2019-09-09 ⋅ McAfee ⋅ Thomas Roccia, Marc Rivero López, Chintan Shah @online{roccia:20190909:evolution:baf3b6c,
author = {Thomas Roccia and Marc Rivero López and Chintan Shah},
title = {{Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study}},
date = {2019-09-09},
organization = {McAfee},
url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/evolution-of-malware-sandbox-evasion-tactics-a-retrospective-study/},
language = {English},
urldate = {2020-08-30}
}
Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study Cutwail Dridex Dyre Kovter Locky Phorpiex Simda |
2019-08-13 ⋅ Adalogics ⋅ David Korczynski @online{korczynski:20190813:state:a4ad074,
author = {David Korczynski},
title = {{The state of advanced code injections}},
date = {2019-08-13},
organization = {Adalogics},
url = {https://adalogics.com/blog/the-state-of-advanced-code-injections},
language = {English},
urldate = {2020-01-13}
}
The state of advanced code injections Dridex Emotet Tinba |
2019-07-12 ⋅ CrowdStrike ⋅ Brett Stone-Gross, Sergei Frankoff, Bex Hartley @online{stonegross:20190712:bitpaymer:113a037,
author = {Brett Stone-Gross and Sergei Frankoff and Bex Hartley},
title = {{BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0}},
date = {2019-07-12},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/},
language = {English},
urldate = {2020-04-25}
}
BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0 DoppelPaymer Dridex FriedEx |
2019-05-14 ⋅ GovCERT.ch ⋅ GovCERT.ch @online{govcertch:20190514:rise:8fd8ef4,
author = {GovCERT.ch},
title = {{The Rise of Dridex and the Role of ESPs}},
date = {2019-05-14},
organization = {GovCERT.ch},
url = {https://www.govcert.admin.ch/blog/28/the-rise-of-dridex-and-the-role-of-esps},
language = {English},
urldate = {2020-01-09}
}
The Rise of Dridex and the Role of ESPs Dridex |
2019-04-15 ⋅ Trend Micro ⋅ Gilbert Sison, Ryan Maglaque @online{sison:20190415:account:6783792,
author = {Gilbert Sison and Ryan Maglaque},
title = {{Account With Admin Privileges Abused to Install BitPaymer Ransomware via PsExec}},
date = {2019-04-15},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/account-with-admin-privileges-abused-to-install-bitpaymer-ransomware-via-psexec},
language = {English},
urldate = {2020-01-08}
}
Account With Admin Privileges Abused to Install BitPaymer Ransomware via PsExec FriedEx |
2018-12-18 ⋅ Trend Micro ⋅ Trendmicro @online{trendmicro:20181218:ursnif:cc5ce31,
author = {Trendmicro},
title = {{URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader}},
date = {2018-12-18},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/ursnif-emotet-dridex-and-bitpaymer-gangs-linked-by-a-similar-loader/},
language = {English},
urldate = {2020-01-07}
}
URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader Dridex Emotet FriedEx ISFB |
2018-11-14 ⋅ CrowdStrike ⋅ Sergei Frankoff, Bex Hartley @online{frankoff:20181114:big:723025d,
author = {Sergei Frankoff and Bex Hartley},
title = {{Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware}},
date = {2018-11-14},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/},
language = {English},
urldate = {2019-12-20}
}
Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware FriedEx INDRIK SPIDER |
2018-09-11 ⋅ Sophos Naked Security ⋅ Mark Stockley @online{stockley:20180911:rise:3ecf259,
author = {Mark Stockley},
title = {{The Rise of Targeted Ransomware}},
date = {2018-09-11},
organization = {Sophos Naked Security},
url = {https://nakedsecurity.sophos.com/2018/09/11/the-rise-of-targeted-ransomware/},
language = {English},
urldate = {2022-03-22}
}
The Rise of Targeted Ransomware Dharma FriedEx SamSam |
2018-01-26 ⋅ ESET Research ⋅ Michal Poslušný @online{poslun:20180126:friedex:3c3f46b,
author = {Michal Poslušný},
title = {{FriedEx: BitPaymer ransomware the work of Dridex authors}},
date = {2018-01-26},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2018/01/26/friedex-bitpaymer-ransomware-work-dridex-authors/},
language = {English},
urldate = {2019-11-14}
}
FriedEx: BitPaymer ransomware the work of Dridex authors Dridex FriedEx |
2018-01-12 ⋅ Proofpoint ⋅ Proofpoint Staff @online{staff:20180112:holiday:b4225b8,
author = {Proofpoint Staff},
title = {{Holiday lull? Not so much}},
date = {2018-01-12},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/holiday-lull-not-so-much},
language = {English},
urldate = {2021-05-31}
}
Holiday lull? Not so much Dridex Emotet GlobeImposter ISFB Necurs PandaBanker UrlZone NARWHAL SPIDER |
2017-08-01 ⋅ Panda Security ⋅ Panda Security @techreport{security:20170801:malware:e92cd36,
author = {Panda Security},
title = {{Malware Report: Dridex Version 4}},
date = {2017-08-01},
institution = {Panda Security},
url = {https://www.pandasecurity.com/mediacenter/src/uploads/2017/10/Informe_Dridex_Revisado_FINAL_EN-2.pdf},
language = {English},
urldate = {2020-04-14}
}
Malware Report: Dridex Version 4 Dridex |
2017-07-25 ⋅ Github (viql) ⋅ Johannes Bader @online{bader:20170725:dridex:44f64d8,
author = {Johannes Bader},
title = {{Dridex Loot}},
date = {2017-07-25},
organization = {Github (viql)},
url = {https://viql.github.io/dridex/},
language = {English},
urldate = {2020-01-07}
}
Dridex Loot Dridex |
2017-07-18 ⋅ Elastic ⋅ Ashkan Hosseini @online{hosseini:20170718:ten:af036b3,
author = {Ashkan Hosseini},
title = {{Ten process injection techniques: A technical survey of common and trending process injection techniques}},
date = {2017-07-18},
organization = {Elastic},
url = {https://www.elastic.co/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process},
language = {English},
urldate = {2020-07-15}
}
Ten process injection techniques: A technical survey of common and trending process injection techniques Cryakl CyberGate Dridex FinFisher RAT Locky |
2017-05-25 ⋅ Kaspersky Labs ⋅ Nikita Slepogin @online{slepogin:20170525:dridex:90a70d9,
author = {Nikita Slepogin},
title = {{Dridex: A History of Evolution}},
date = {2017-05-25},
organization = {Kaspersky Labs},
url = {https://securelist.com/analysis/publications/78531/dridex-a-history-of-evolution/},
language = {English},
urldate = {2022-08-31}
}
Dridex: A History of Evolution Dridex Feodo |
2017-05-15 ⋅ Secureworks ⋅ Counter Threat Unit ResearchTeam @online{researchteam:20170515:evolution:d0e74ea,
author = {Counter Threat Unit ResearchTeam},
title = {{Evolution of the GOLD EVERGREEN Threat Group}},
date = {2017-05-15},
organization = {Secureworks},
url = {https://www.secureworks.com/research/evolution-of-the-gold-evergreen-threat-group},
language = {English},
urldate = {2021-05-28}
}
Evolution of the GOLD EVERGREEN Threat Group CryptoLocker Dridex Dyre Gameover P2P Murofet TrickBot Zeus GOLD EVERGREEN |
2017-02-28 ⋅ Security Intelligence ⋅ Magal Baz, Or Safran @online{baz:20170228:dridexs:f72a5ec,
author = {Magal Baz and Or Safran},
title = {{Dridex’s Cold War: Enter AtomBombing}},
date = {2017-02-28},
organization = {Security Intelligence},
url = {https://securityintelligence.com/dridexs-cold-war-enter-atombombing/},
language = {English},
urldate = {2019-12-16}
}
Dridex’s Cold War: Enter AtomBombing Dridex |
2017-01-26 ⋅ Flashpoint ⋅ Flashpoint @online{flashpoint:20170126:dridex:2ca4920,
author = {Flashpoint},
title = {{Dridex Banking Trojan Returns, Leverages New UAC Bypass Method}},
date = {2017-01-26},
organization = {Flashpoint},
url = {https://www.flashpoint-intel.com/blog-dridex-banking-trojan-returns/},
language = {English},
urldate = {2020-01-08}
}
Dridex Banking Trojan Returns, Leverages New UAC Bypass Method Dridex |
2016-02-16 ⋅ Symantec ⋅ Dick O'Brien @techreport{obrien:20160216:dridex:7abdc31,
author = {Dick O'Brien},
title = {{Dridex: Tidal waves of spam pushing dangerous financial Trojan}},
date = {2016-02-16},
institution = {Symantec},
url = {https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/dridex-financial-trojan.pdf},
language = {English},
urldate = {2020-01-08}
}
Dridex: Tidal waves of spam pushing dangerous financial Trojan Dridex |
2015-11-10 ⋅ CERT.PL ⋅ CERT.PL @online{certpl:20151110:talking:d93cf24,
author = {CERT.PL},
title = {{Talking to Dridex (part 0) – inside the dropper}},
date = {2015-11-10},
organization = {CERT.PL},
url = {https://www.cert.pl/en/news/single/talking-dridex-part-0-inside-the-dropper/},
language = {English},
urldate = {2020-01-06}
}
Talking to Dridex (part 0) – inside the dropper Dridex |
2015-10-26 ⋅ Blueliv ⋅ Blueliv @techreport{blueliv:20151026:chasing:975ef1a,
author = {Blueliv},
title = {{Chasing cybercrime: network insights of Dyre and Dridex Trojan bankers}},
date = {2015-10-26},
institution = {Blueliv},
url = {https://www.blueliv.com/downloads/documentation/reports/Network_insights_of_Dyre_and_Dridex_Trojan_bankers.pdf},
language = {English},
urldate = {2020-01-13}
}
Chasing cybercrime: network insights of Dyre and Dridex Trojan bankers Dridex Dyre |
2015-10-15 ⋅ BitSight ⋅ AnubisLabs @techreport{anubislabs:20151015:dridex:4dafca8,
author = {AnubisLabs},
title = {{Dridex: Chasing a botnet from the inside}},
date = {2015-10-15},
institution = {BitSight},
url = {https://cdn2.hubspot.net/hubfs/507516/ANB_MIR_Dridex_PRv7_final.pdf},
language = {English},
urldate = {2020-08-06}
}
Dridex: Chasing a botnet from the inside Dridex |
2015-10-13 ⋅ Secureworks ⋅ Brett Stone-Gross @online{stonegross:20151013:dridex:46d9a58,
author = {Brett Stone-Gross},
title = {{Dridex (Bugat v5) Botnet Takeover Operation}},
date = {2015-10-13},
organization = {Secureworks},
url = {https://www.secureworks.com/research/dridex-bugat-v5-botnet-takeover-operation},
language = {English},
urldate = {2020-01-08}
}
Dridex (Bugat v5) Botnet Takeover Operation Dridex Evil Corp |