| SYMBOL | COMMON_NAME | aka. SYNONYMS |
win.dridex (Back to overview)
Dridex
Actor(s): Evil Corp, INDRIK SPIDER, TA505
OxCERT blog describes Dridex as "an evasive, information-stealing malware variant; its goal is to acquire as many credentials as possible and return them via an encrypted tunnel to a Command-and-Control (C&C) server. These C&C servers are numerous and scattered all over the Internet, if the malware cannot reach one server it will try another. For this reason, network-based measures such as blocking the C&C IPs is effective only in the short-term."
According to MalwareBytes, "Dridex uses an older tactic of infection by attaching a Word document that utilizes macros to install malware. However, once new versions of Microsoft Office came out and users generally updated, such a threat subsided because it was no longer simple to infect a user with this method."
IBM X-Force discovered "a new version of the Dridex banking Trojan that takes advantage of a code injection technique called AtomBombing to infect systems. AtomBombing is a technique for injecting malicious code into the 'atom tables' that almost all versions of Windows uses to store certain application data. It is a variation of typical code injection attacks that take advantage of input validation errors to insert and to execute malicious code in a legitimate process or application. Dridex v4 is the first malware that uses the AtomBombing process to try and infect systems."
References
| 2024-02-12
⋅
Estrellas's Blog
⋅
Unveiling custom packers: A comprehensive guide Dridex Simda |
| 2023-02-27
⋅
PRODAFT Threat Intelligence
⋅
RIG Exploit Kit: In-Depth Analysis Dridex IcedID ISFB PureCrypter Raccoon RecordBreaker RedLine Stealer Royal Ransom Silence SmokeLoader Zloader |
| 2022-10-31
⋅
paloalto Netoworks: Unit42
⋅
Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure Dridex Kronos TrickBot Zeus |
| 2022-10-13
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2022 FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm |
| 2022-09-01
⋅
IBM
⋅
Raspberry Robin and Dridex: Two Birds of a Feather Dridex Raspberry Robin |
| 2022-08-24
⋅
Github (rad9800)
⋅
Malware Madness: EXCEPTION edition Dridex |
| 2022-07-09
⋅
Artik Blue
⋅
Malware analysis with IDA/Radare2 - Basic Unpacking (Dridex first stage) Dridex |
| 2022-06-13
⋅
Jorge Testa
⋅
Killing The Bear - Evil Corp FAKEUPDATES Babuk Blister DoppelPaymer Dridex Entropy FriedEx Hades Macaw Phoenix Locker WastedLoader WastedLocker |
| 2022-06-02
⋅
Mandiant
⋅
To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions FAKEUPDATES Blister Cobalt Strike DoppelPaymer Dridex FriedEx Hades LockBit Macaw MimiKatz Phoenix Locker WastedLocker |
| 2022-05-24
⋅
Deep instinct
⋅
Blame the Messenger: 4 Types of Dropper Malware in Microsoft Office & How to Detect Them Dridex Emotet |
| 2022-05-19
⋅
Palo Alto Networks Unit 42
⋅
Weaponization of Excel Add-Ins Part 2: Dridex Infection Chain Case Studies Dridex |
| 2022-05-10
⋅
RiskIQ
⋅
RiskIQ: Identifying Dridex C2 via SSL Certificate Patterns Dridex |
| 2022-04-27
⋅
⋅
ANSSI
⋅
LE GROUPE CYBERCRIMINEL FIN7 Bateleur BELLHOP Griffon SQLRat POWERSOURCE Andromeda BABYMETAL BlackCat BlackMatter BOOSTWRITE Carbanak Cobalt Strike DNSMessenger Dridex DRIFTPIN Gameover P2P MimiKatz Murofet Qadars Ranbyus SocksBot |
| 2022-03-13
⋅
Malcat
⋅
Cutting corners against a Dridex downloader Dridex |
| 2022-03-01
⋅
VirusTotal
⋅
VirusTotal's 2021 Malware Trends Report Anubis AsyncRAT BlackMatter Cobalt Strike DanaBot Dridex Khonsari MimiKatz Mirai Nanocore RAT Orcus RAT |
| 2022-02-23
⋅
Sentinel LABS
⋅
Sanctions Be Damned | From Dridex to Macaw, The Evolution of Evil Corp Dridex WastedLocker |
| 2022-02-23
⋅
SophosLabs Uncut
⋅
Dridex bots deliver Entropy ransomware in recent attacks Cobalt Strike Dridex Entropy |
| 2022-02-08
⋅
Intel 471
⋅
PrivateLoader: The first step in many malware schemes Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos SmokeLoader STOP Tofsee TrickBot Vidar |
| 2022-02-01
⋅
Sentinel LABS
⋅
Sanctions be Damned | From Dridex To Macaw, The Evolution of Evil Corp Dridex FriedEx Hades Phoenix Locker WastedLocker |
| 2022-01-18
⋅
Recorded Future
⋅
2021 Adversary Infrastructure Report BazarBackdoor Cobalt Strike Dridex IcedID QakBot TrickBot |
| 2022-01-14
⋅
RiskIQ
⋅
RiskIQ: Unique SSL Certificates and JARM Hash Connected to Emotet and Dridex C2 Servers Dridex Emotet |
| 2022-01-11
⋅
muha2xmad
⋅
Unpacking Dridex malware Dridex |
| 2022-01-09
⋅
Atomic Matryoshka
⋅
Malware Headliners: Dridex Dridex |
| 2021-12-23
⋅
Symantec
⋅
Log4j Vulnerabilities: Attack Insights Tsunami Conti Dridex Khonsari Orcus RAT TellYouThePass |
| 2021-12-20
⋅
InQuest
⋅
(Don't) Bring Dridex Home for the Holidays DoppelDridex Dridex |
| 2021-11-21
⋅
Cyber-Anubis
⋅
Dridex Trojan | Defeating Anti-Analysis | Strings Decryption | C&C Extraction DoppelDridex Dridex |
| 2021-11-16
⋅
Yoroi
⋅
Office Documents: May the XLL technique change the threat Landscape in 2022? Agent Tesla Dridex Formbook |
| 2021-11-12
⋅
Recorded Future
⋅
The Business of Fraud: Botnet Malware Dissemination Mozi Dridex IcedID QakBot TrickBot |
| 2021-09-15
⋅
Palo Alto Networks Unit 42
⋅
Phishing Eager Travelers Dridex |
| 2021-09-03
⋅
Trend Micro
⋅
The State of SSL/TLS Certificate Usage in Malware C&C Communications AdWind ostap AsyncRAT BazarBackdoor BitRAT Buer Chthonic CloudEyE Cobalt Strike DCRat Dridex FindPOS GootKit Gozi IcedID ISFB Nanocore RAT Orcus RAT PandaBanker Qadars QakBot Quasar RAT Rockloader ServHelper Shifu SManager TorrentLocker TrickBot Vawtrak Zeus Zloader |
| 2021-08-19
⋅
Blackberry
⋅
BlackBerry Prevents: Threat Actor Group TA575 and Dridex Malware Cobalt Strike Dridex TA575 |
| 2021-07-30
⋅
HP
⋅
Detecting TA551 domains Valak Dridex IcedID ISFB QakBot |
| 2021-07-02
⋅
MalwareBookReports
⋅
Skip the Middleman: Dridex Document to Cobalt Strike Cobalt Strike Dridex |
| 2021-06-22
⋅
Twitter (@Cryptolaemus1)
⋅
Tweet on TA575, a Dridex affiliate delivering cobaltstrike (packed withe Cryptone) directly via the macro docs Cobalt Strike Dridex |
| 2021-06-08
⋅
Intel 471
⋅
The blurry boundaries between nation-state actors and the cybercrime underground Dridex Gameover P2P |
| 2021-06-03
⋅
YouTube (FIRST)
⋅
Breaking Dridex Malware Dridex |
| 2021-05-26
⋅
DeepInstinct
⋅
A Deep Dive into Packing Software CryptOne Cobalt Strike Dridex Emotet Gozi ISFB Mailto QakBot SmokeLoader WastedLocker Zloader |
| 2021-04-21
⋅
SophosLabs Uncut
⋅
Nearly half of malware now use TLS to conceal communications Agent Tesla Cobalt Strike Dridex SystemBC |
| 2021-04-15
⋅
Twitter (@felixw3000)
⋅
Tweet on Dridex's evasion technique Dridex |
| 2021-04-15
⋅
Proofpoint
⋅
Threat Actors Pair Tax-Themed Lures With COVID-19, Healthcare Themes Dridex TrickBot |
| 2021-04-12
⋅
PTSecurity
⋅
PaaS, or how hackers evade antivirus software Amadey Bunitu Cerber Dridex ISFB KPOT Stealer Mailto Nemty Phobos Pony Predator The Thief QakBot Raccoon RTM SmokeLoader Zloader |
| 2021-04-06
⋅
Lexfo
⋅
Dridex Loader Analysis Dridex |
| 2021-03-31
⋅
Red Canary
⋅
2021 Threat Detection Report Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot |
| 2021-03-29
⋅
VMWare Carbon Black
⋅
Dridex Reloaded: Analysis of a New Dridex Campaign Dridex |
| 2021-03-18
⋅
PRODAFT Threat Intelligence
⋅
SilverFish GroupThreat Actor Report Cobalt Strike Dridex Koadic |
| 2021-03-17
⋅
HP
⋅
Threat Insights Report Q4-2020 Agent Tesla BitRAT ComodoSec Dridex Emotet Ficker Stealer Formbook Zloader |
| 2021-03-11
⋅
IBM
⋅
Dridex Campaign Propelled by Cutwail Botnet and Poisonous PowerShell Scripts Cutwail Dridex |
| 2021-03-01
⋅
Group-IB
⋅
Ransomware Uncovered 2020/2021 RansomEXX BazarBackdoor Buer Clop Conti DoppelPaymer Dridex Egregor IcedID Maze PwndLocker QakBot RansomEXX REvil Ryuk SDBbot TrickBot Zloader |
| 2021-02-23
⋅
CrowdStrike
⋅
2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
| 2021-02-15
⋅
Medium s2wlab
⋅
Operation SyncTrek AbaddonPOS Azorult Clop DoppelDridex DoppelPaymer Dridex PwndLocker |
| 2021-02-07
⋅
Technical Blog of Ali Aqeel
⋅
Dridex Malware Analysis Dridex |
| 2021-02-02
⋅
Twitter (@TheDFIRReport)
⋅
Tweet on recent dridex post infection activity Cobalt Strike Dridex |
| 2021-02-02
⋅
⋅
CRONUP
⋅
De ataque con Malware a incidente de Ransomware Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader |
| 2021-02-01
⋅
Microsoft
⋅
What tracking an attacker email infrastructure tells us about persistent cybercriminal operations Dridex Emotet Makop Ransomware SmokeLoader TrickBot |
| 2021-01-19
⋅
HP
⋅
Dridex Malicious Document Analysis: Automating the Extraction of Payload URLs Dridex |
| 2021-01-09
⋅
Marco Ramilli's Blog
⋅
Command and Control Traffic Patterns ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot |
| 2021-01-04
⋅
Check Point
⋅
DRIDEX Stopping Serial Killer: Catching the Next Strike Dridex |
| 2021-01-01
⋅
Threat Profile: GOLD DRAKE Cobalt Strike Dridex FriedEx Koadic MimiKatz WastedLocker Evil Corp |
| 2021-01-01
⋅
Secureworks
⋅
Threat Profile: GOLD HERON DoppelPaymer Dridex Empire Downloader DOPPEL SPIDER |
| 2020-12-10
⋅
US-CERT
⋅
Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus |
| 2020-11-20
⋅
ZDNet
⋅
The malware that usually installs ransomware and you need to remove right away Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader |
| 2020-11-18
⋅
Sophos
⋅
SOPHOS 2021 THREAT REPORT Navigating cybersecurity in an uncertain world Agent Tesla Dridex TrickBot Zloader |
| 2020-10-29
⋅
CERT-FR
⋅
LE MALWARE-AS-A-SERVICE EMOTET Dridex Emotet ISFB QakBot |
| 2020-10-15
⋅
Department of Justice
⋅
Officials Announce International Operation Targeting Transnational Criminal Organization QQAAZZ that Provided Money Laundering Services to High-Level Cybercriminals Dridex ISFB TrickBot |
| 2020-10-03
⋅
Wikipedia
⋅
Wikipedia Page: Maksim Yakubets Dridex Feodo Evil Corp |
| 2020-09-29
⋅
PWC UK
⋅
What's behind the increase in ransomware attacks this year? DarkSide Avaddon Clop Conti DoppelPaymer Dridex Emotet FriedEx Mailto PwndLocker QakBot REvil Ryuk SMAUG SunCrypt TrickBot WastedLocker |
| 2020-09-18
⋅
AppGate
⋅
Reverse Engineering Dridex and Automating IOC Extraction Dridex |
| 2020-09-10
⋅
SANS ISC InfoSec Forums
⋅
Recent Dridex activity Dridex |
| 2020-09-07
⋅
Github (pan-unit42)
⋅
Collection of recent Dridex IOCs Cutwail Dridex |
| 2020-08-21
⋅
Palo Alto Networks Unit 42
⋅
Wireshark Tutorial: Decrypting HTTPS Traffic Dridex |
| 2020-08-20
⋅
CERT-FR
⋅
Development of the Activity of the TA505 Cybercriminal Group AndroMut Bart Clop Dridex FlawedAmmyy FlawedGrace Get2 Locky Marap QuantLoader SDBbot ServHelper tRat TrickBot |
| 2020-08-09
⋅
F5 Labs
⋅
Banking Trojans: A Reference Guide to the Malware Family Tree BackSwap Carberp Citadel DanaBot Dridex Dyre Emotet Gozi Kronos PandaBanker Ramnit Shylock SpyEye Tinba TrickBot Vawtrak Zeus |
| 2020-08-03
⋅
Dridex – From Word to Domain Dominance Dridex |
| 2020-07-17
⋅
CERT-FR
⋅
The Malware Dridex: Origins and Uses Andromeda CryptoLocker Cutwail DoppelPaymer Dridex Emotet FriedEx Gameover P2P Gandcrab ISFB Murofet Necurs Predator The Thief Zeus |
| 2020-06-24
⋅
Morphisec
⋅
Obfuscated VBScript Drops Zloader, Ursnif, Qakbot, Dridex Dridex ISFB QakBot Zloader |
| 2020-06-22
⋅
⋅
CERT-FR
⋅
Évolution De Lactivité du Groupe Cybercriminel TA505 Amadey AndroMut Bart Clop Dridex FlawedGrace Gandcrab Get2 GlobeImposter Jaff Locky Marap Philadephia Ransom QuantLoader Scarab Ransomware SDBbot ServHelper Silence tRat TrickBot |
| 2020-06-19
⋅
Reaqta
⋅
Dridex: the secret in a PostMessage() Dridex |
| 2020-06-05
⋅
Votiro
⋅
Anatomy of a Well-Crafted UPS, FedEx, and DHL Phishing Email During COVID-19 Dridex |
| 2020-05-31
⋅
Medium walmartglobaltech
⋅
WastedLoader or DridexLoader? Dridex WastedLocker |
| 2020-05-27
⋅
GAIS-CERT
⋅
Dridex Banking Trojan Technical Analysis Report Dridex |
| 2020-05-25
⋅
⋅
CERT-FR
⋅
Le Code Malveillant Dridex: Origines et Usages Dridex |
| 2020-05-25
⋅
⋅
CERT-FR
⋅
INDICATEURS DE COMPROMISSION DU CERT-FR - Objet: Le code malveillant Dridex Dridex |
| 2020-05-21
⋅
Intel 471
⋅
A brief history of TA505 AndroMut Bart Dridex FlawedAmmyy FlawedGrace Gandcrab Get2 GlobeImposter Jaff Kegotip Locky Necurs Philadephia Ransom Pony QuantLoader Rockloader SDBbot ServHelper Shifu Snatch TrickBot |
| 2020-03-30
⋅
Intezer
⋅
Fantastic payloads and where we find them Dridex Emotet ISFB TrickBot |
| 2020-03-05
⋅
Microsoft
⋅
Human-operated ransomware attacks: A preventable disaster Dharma DoppelPaymer Dridex EternalPetya Gandcrab Hermes LockerGoga MegaCortex MimiKatz REvil RobinHood Ryuk SamSam TrickBot WannaCryptor PARINACOTA |
| 2020-03-04
⋅
CrowdStrike
⋅
2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER |
| 2020-03-03
⋅
PWC UK
⋅
Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle |
| 2020-02-18
⋅
Sophos Labs
⋅
Nearly a quarter of malware now communicates using TLS Dridex IcedID TrickBot |
| 2020-01-31
⋅
Virus Bulletin
⋅
Rich Headers: leveraging this mysterious artifact of the PE format Dridex Exaramel Industroyer Neutrino RCS Sathurbot |
| 2020-01-01
⋅
Secureworks
⋅
GOLD DRAKE Dridex Empire Downloader FriedEx Koadic MimiKatz |
| 2020-01-01
⋅
Secureworks
⋅
GOLD HERON DoppelPaymer Dridex Empire Downloader |
| 2019-12-19
⋅
KrebsOnSecurity
⋅
Inside ‘Evil Corp,’ a $100M Cybercrime Menace Dridex Gameover P2P Zeus Evil Corp |
| 2019-12-05
⋅
U.S. Department of the Treasury
⋅
Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware Dridex |
| 2019-09-09
⋅
McAfee
⋅
Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study Cutwail Dridex Dyre Kovter Locky Phorpiex Simda |
| 2019-08-13
⋅
Adalogics
⋅
The state of advanced code injections Dridex Emotet Tinba |
| 2019-07-12
⋅
CrowdStrike
⋅
BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0 DoppelDridex DoppelPaymer Dridex FriedEx |
| 2019-05-14
⋅
GovCERT.ch
⋅
The Rise of Dridex and the Role of ESPs Dridex |
| 2018-12-18
⋅
Trend Micro
⋅
URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader Dridex Emotet FriedEx ISFB |
| 2018-01-26
⋅
ESET Research
⋅
FriedEx: BitPaymer ransomware the work of Dridex authors Dridex FriedEx |
| 2018-01-12
⋅
Proofpoint
⋅
Holiday lull? Not so much Dridex Emotet GlobeImposter ISFB Necurs PandaBanker UrlZone NARWHAL SPIDER |
| 2017-08-01
⋅
Panda Security
⋅
Malware Report: Dridex Version 4 Dridex |
| 2017-07-25
⋅
Github (viql)
⋅
Dridex Loot Dridex |
| 2017-07-18
⋅
Elastic
⋅
Ten process injection techniques: A technical survey of common and trending process injection techniques Cryakl CyberGate Dridex FinFisher RAT Locky |
| 2017-05-25
⋅
Kaspersky Labs
⋅
Dridex: A History of Evolution Dridex Feodo |
| 2017-05-15
⋅
Secureworks
⋅
Evolution of the GOLD EVERGREEN Threat Group CryptoLocker Dridex Dyre Gameover P2P Murofet TrickBot Zeus GOLD EVERGREEN |
| 2017-02-28
⋅
Security Intelligence
⋅
Dridex’s Cold War: Enter AtomBombing Dridex |
| 2017-01-26
⋅
Flashpoint
⋅
Dridex Banking Trojan Returns, Leverages New UAC Bypass Method Dridex |
| 2016-02-16
⋅
Symantec
⋅
Dridex: Tidal waves of spam pushing dangerous financial Trojan Dridex |
| 2015-11-10
⋅
CERT.PL
⋅
Talking to Dridex (part 0) – inside the dropper Dridex |
| 2015-10-26
⋅
Blueliv
⋅
Chasing cybercrime: network insights of Dyre and Dridex Trojan bankers Dridex Dyre |
| 2015-10-15
⋅
BitSight
⋅
Dridex: Chasing a botnet from the inside Dridex |
| 2015-10-13
⋅
Secureworks
⋅
Dridex (Bugat v5) Botnet Takeover Operation Dridex Evil Corp |