SYMBOL | COMMON_NAME | aka. SYNONYMS |
Actor(s): TA505, INDRIK SPIDER
URLhausOxCERT blog describes Dridex as "an evasive, information-stealing malware variant; its goal is to acquire as many credentials as possible and return them via an encrypted tunnel to a Command-and-Control (C&C) server. These C&C servers are numerous and scattered all over the Internet, if the malware cannot reach one server it will try another. For this reason, network-based measures such as blocking the C&C IPs is effective only in the short-term."
According to MalwareBytes, "Dridex uses an older tactic of infection by attaching a Word document that utilizes macros to install malware. However, once new versions of Microsoft Office came out and users generally updated, such a threat subsided because it was no longer simple to infect a user with this method."
IBM X-Force discovered "a new version of the Dridex banking Trojan that takes advantage of a code injection technique called AtomBombing to infect systems. AtomBombing is a technique for injecting malicious code into the 'atom tables' that almost all versions of Windows uses to store certain application data. It is a variation of typical code injection attacks that take advantage of input validation errors to insert and to execute malicious code in a legitimate process or application. Dridex v4 is the first malware that uses the AtomBombing process to try and infect systems."
2021-01-04 ⋅ Check Point ⋅ DRIDEX Stopping Serial Killer: Catching the Next Strike Dridex |
2020-12-10 ⋅ US-CERT ⋅ Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim Ransomware REvil Ryuk Zeus |
2020-11-20 ⋅ ZDNet ⋅ The malware that usually installs ransomware and you need to remove right away Avaddon Ransomware BazarBackdoor Buer Clop Cobalt Strike Conti Ransomware DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader |
2020-11-18 ⋅ Sophos ⋅ SOPHOS 2021 THREAT REPORT Navigating cybersecurity in an uncertain world Agent Tesla Dridex TrickBot Zloader |
2020-10-29 ⋅ CERT-FR ⋅ LE MALWARE-AS-A-SERVICE EMOTET Dridex Emotet ISFB QakBot |
2020-10-15 ⋅ Department of Justice ⋅ Officials Announce International Operation Targeting Transnational Criminal Organization QQAAZZ that Provided Money Laundering Services to High-Level Cybercriminals Dridex ISFB TrickBot |
2020-10-03 ⋅ Wikipedia ⋅ Wikipedia Page: Maksim Yakubets Dridex Feodo Evil Corp |
2020-09-18 ⋅ AppGate ⋅ Reverse Engineering Dridex and Automating IOC Extraction Dridex |
2020-09-10 ⋅ SANS ISC InfoSec Forums ⋅ Recent Dridex activity Dridex |
2020-09-07 ⋅ Github (pan-unit42) ⋅ Collection of recent Dridex IOCs Cutwail Dridex |
2020-08-21 ⋅ Palo Alto Networks Unit 42 ⋅ Wireshark Tutorial: Decrypting HTTPS Traffic Dridex |
2020-08-20 ⋅ CERT-FR ⋅ Development of the Activity of the TA505 Cybercriminal Group AndroMut Bart Clop Dridex FlawedAmmyy FlawedGrace Get2 Locky Marap QuantLoader SDBbot ServHelper tRat TrickBot |
2020-08-03 ⋅ Dridex – From Word to Domain Dominance Dridex |
2020-07-17 ⋅ CERT-FR ⋅ The Malware Dridex: Origins and Uses Andromeda CryptoLocker Cutwail DoppelPaymer Dridex Emotet FriedEx Gameover P2P Gandcrab ISFB Murofet Necurs Predator The Thief Zeus |
2020-06-24 ⋅ Morphisec ⋅ Obfuscated VBScript Drops Zloader, Ursnif, Qakbot, Dridex Dridex ISFB QakBot Zloader |
2020-06-22 ⋅ CERT-FR ⋅ Évolution De Lactivité du Groupe Cybercriminel TA505 Amadey AndroMut Bart Clop Dridex FlawedGrace Gandcrab Get2 GlobeImposter Jaff Locky Marap Philadephia Ransom QuantLoader Scarab Ransomware SDBbot ServHelper Silence tRat TrickBot |
2020-06-19 ⋅ Reaqta ⋅ Dridex: the secret in a PostMessage() Dridex |
2020-06-05 ⋅ Votiro ⋅ Anatomy of a Well-Crafted UPS, FedEx, and DHL Phishing Email During COVID-19 Dridex |
2020-05-27 ⋅ GAIS-CERT ⋅ Dridex Banking Trojan Technical Analysis Report Dridex |
2020-05-25 ⋅ CERT-FR ⋅ Le Code Malveillant Dridex: Origines et Usages Dridex |
2020-05-25 ⋅ CERT-FR ⋅ INDICATEURS DE COMPROMISSION DU CERT-FR - Objet: Le code malveillant Dridex Dridex |
2020-05-21 ⋅ Intel 471 ⋅ A brief history of TA505 AndroMut Bart Dridex FlawedAmmyy FlawedGrace Gandcrab Get2 GlobeImposter Jaff Kegotip Locky Necurs Philadephia Ransom Pony QuantLoader Rockloader SDBbot ServHelper Shifu Snatch TrickBot |
2020-03-30 ⋅ Intezer ⋅ Fantastic payloads and where we find them Dridex Emotet ISFB TrickBot |
2020-03-05 ⋅ Microsoft ⋅ Human-operated ransomware attacks: A preventable disaster Dharma DoppelPaymer Dridex EternalPetya Gandcrab Hermes LockerGoga MegaCortex MimiKatz REvil RobinHood Ryuk SamSam TrickBot WannaCryptor |
2020-03-04 ⋅ CrowdStrike ⋅ 2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Ransomware Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot vidar Winnti ANTHROPOID SPIDER Anunak APT31 APT39 BlackTech BuhTrap Charming Kitten CLOCKWORD SPIDER DOPPEL SPIDER Gamaredon Group Leviathan MONTY SPIDER Mustang Panda NARWHAL SPIDER NOCTURNAL SPIDER Pinchy Spider Pirate Panda Salty Spider SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER |
2020-03-03 ⋅ PWC UK ⋅ Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare Axiom |
2020-02-18 ⋅ Sophos Labs ⋅ Nearly a quarter of malware now communicates using TLS Dridex IcedID TrickBot |
2020-01-31 ⋅ Virus Bulletin ⋅ Rich Headers: leveraging this mysterious artifact of the PE format Dridex Exaramel Industroyer Neutrino RCS Sathurbot |
2020 ⋅ Secureworks ⋅ GOLD DRAKE Dridex Empire Downloader FriedEx Koadic MimiKatz |
2020 ⋅ Secureworks ⋅ GOLD HERON DoppelPaymer Dridex Empire Downloader |
2019-12-19 ⋅ KrebsOnSecurity ⋅ Inside ‘Evil Corp,’ a $100M Cybercrime Menace Dridex Gameover P2P Zeus Evil Corp |
2019-09-09 ⋅ McAfee ⋅ Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study Cutwail Dridex Dyre Kovter Locky Phorpiex Simda |
2019-08-13 ⋅ Adalogics ⋅ The state of advanced code injections Dridex Emotet Tinba |
2019-07-12 ⋅ CrowdStrike ⋅ BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0 DoppelPaymer Dridex FriedEx |
2019-05-14 ⋅ GovCERT.ch ⋅ The Rise of Dridex and the Role of ESPs Dridex |
2018-12-18 ⋅ Trend Micro ⋅ URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader Dridex Emotet FriedEx ISFB |
2018-01-26 ⋅ ESET Research ⋅ FriedEx: BitPaymer ransomware the work of Dridex authors Dridex FriedEx |
2017-08-01 ⋅ Panda Security ⋅ Malware Report: Dridex Version 4 Dridex |
2017-07-25 ⋅ Github (viql) ⋅ Dridex Loot Dridex |
2017-07-18 ⋅ Elastic ⋅ Ten process injection techniques: A technical survey of common and trending process injection techniques Cryakl CyberGate Dridex FinFisher RAT Locky |
2017-02-28 ⋅ Security Intelligence ⋅ Dridex’s Cold War: Enter AtomBombing Dridex |
2017-01-26 ⋅ Flashpoint ⋅ Dridex Banking Trojan Returns, Leverages New UAC Bypass Method Dridex |
2016-02-16 ⋅ Symantec ⋅ Dridex: Tidal waves of spam pushing dangerous financial Trojan Dridex |
2015-11-10 ⋅ CERT.PL ⋅ Talking to Dridex (part 0) – inside the dropper Dridex |
2015-10-26 ⋅ Blueliv ⋅ Chasing cybercrime: network insights of Dyre and Dridex Trojan bankers Dridex Dyre |
2015-10-15 ⋅ BitSight ⋅ Dridex: Chasing a botnet from the inside Dridex |
2015-10-13 ⋅ Secureworks ⋅ Dridex (Bugat v5) Botnet Takeover Operation Dridex |