SYMBOL | COMMON_NAME | aka. SYNONYMS |
Actor(s): Evil Corp, INDRIK SPIDER, TA505
URLhausOxCERT blog describes Dridex as "an evasive, information-stealing malware variant; its goal is to acquire as many credentials as possible and return them via an encrypted tunnel to a Command-and-Control (C&C) server. These C&C servers are numerous and scattered all over the Internet, if the malware cannot reach one server it will try another. For this reason, network-based measures such as blocking the C&C IPs is effective only in the short-term."
According to MalwareBytes, "Dridex uses an older tactic of infection by attaching a Word document that utilizes macros to install malware. However, once new versions of Microsoft Office came out and users generally updated, such a threat subsided because it was no longer simple to infect a user with this method."
IBM X-Force discovered "a new version of the Dridex banking Trojan that takes advantage of a code injection technique called AtomBombing to infect systems. AtomBombing is a technique for injecting malicious code into the 'atom tables' that almost all versions of Windows uses to store certain application data. It is a variation of typical code injection attacks that take advantage of input validation errors to insert and to execute malicious code in a legitimate process or application. Dridex v4 is the first malware that uses the AtomBombing process to try and infect systems."
2021-04-12 ⋅ PTSecurity ⋅ PaaS, or how hackers evade antivirus software Amadey Bunitu Cerber Dridex ISFB KPOT Stealer Mailto Nemty Phobos Ransomware Pony Predator The Thief QakBot Raccoon RTM SmokeLoader Zeppelin Ransomware Zloader |
2021-04-06 ⋅ Lexfo ⋅ Dridex Loader Analysis Dridex |
2021-03-31 ⋅ Red Canary ⋅ 2021 Threat Detection Report Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot |
2021-03-29 ⋅ VMWare Carbon Black ⋅ Dridex Reloaded: Analysis of a New Dridex Campaign Dridex |
2021-03-18 ⋅ PRODAFT Threat Intelligence ⋅ SilverFish GroupThreat Actor Report Cobalt Strike Dridex Koadic |
2021-03-17 ⋅ HP ⋅ Threat Insights Report Q4-2020 Agent Tesla BitRAT ComodoSec Dridex Emotet Ficker Stealer Formbook Zloader |
2021-03-11 ⋅ IBM ⋅ Dridex Campaign Propelled by Cutwail Botnet and Poisonous PowerShell Scripts Cutwail Dridex |
2021-03 ⋅ Group-IB ⋅ RANSOMWARE UNCOVERED 2020—2021 RansomEXX BazarBackdoor Buer Clop Conti Ransomware DoppelPaymer Dridex Egregor IcedID Maze PwndLocker QakBot RansomEXX REvil Ryuk SDBbot TrickBot Zloader |
2021-02-23 ⋅ CrowdStrike ⋅ 2021 Global Threat Report RansomEXX Amadey Anchor Avaddon Ransomware BazarBackdoor Clop Cobalt Strike Conti Ransomware Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet Ransomware ShadowPad SmokeLoader Snake Ransomware SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader |
2021-02-07 ⋅ Technical Blog of Ali Aqeel ⋅ Dridex Malware Analysis Dridex |
2021-02-02 ⋅ Twitter (@TheDFIRReport) ⋅ Tweet on recent dridex post infection activity Cobalt Strike Dridex |
2021-02-02 ⋅ CRONUP ⋅ De ataque con Malware a incidente de Ransomware Avaddon Ransomware BazarBackdoor Buer Clop Cobalt Strike Conti Ransomware DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader |
2021-02-01 ⋅ Microsoft ⋅ What tracking an attacker email infrastructure tells us about persistent cybercriminal operations Dridex Emotet Makop Ransomware SmokeLoader TrickBot |
2021-01-19 ⋅ HP ⋅ Dridex Malicious Document Analysis: Automating the Extraction of Payload URLs Dridex |
2021-01-04 ⋅ Check Point ⋅ DRIDEX Stopping Serial Killer: Catching the Next Strike Dridex |
2020-12-10 ⋅ US-CERT ⋅ Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim Ransomware REvil Ryuk Zeus |
2020-11-20 ⋅ ZDNet ⋅ The malware that usually installs ransomware and you need to remove right away Avaddon Ransomware BazarBackdoor Buer Clop Cobalt Strike Conti Ransomware DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader |
2020-11-18 ⋅ Sophos ⋅ SOPHOS 2021 THREAT REPORT Navigating cybersecurity in an uncertain world Agent Tesla Dridex TrickBot Zloader |
2020-10-29 ⋅ CERT-FR ⋅ LE MALWARE-AS-A-SERVICE EMOTET Dridex Emotet ISFB QakBot |
2020-10-15 ⋅ Department of Justice ⋅ Officials Announce International Operation Targeting Transnational Criminal Organization QQAAZZ that Provided Money Laundering Services to High-Level Cybercriminals Dridex ISFB TrickBot |
2020-10-03 ⋅ Wikipedia ⋅ Wikipedia Page: Maksim Yakubets Dridex Feodo Evil Corp |
2020-09-18 ⋅ AppGate ⋅ Reverse Engineering Dridex and Automating IOC Extraction Dridex |
2020-09-10 ⋅ SANS ISC InfoSec Forums ⋅ Recent Dridex activity Dridex |
2020-09-07 ⋅ Github (pan-unit42) ⋅ Collection of recent Dridex IOCs Cutwail Dridex |
2020-08-21 ⋅ Palo Alto Networks Unit 42 ⋅ Wireshark Tutorial: Decrypting HTTPS Traffic Dridex |
2020-08-20 ⋅ CERT-FR ⋅ Development of the Activity of the TA505 Cybercriminal Group AndroMut Bart Clop Dridex FlawedAmmyy FlawedGrace Get2 Locky Marap QuantLoader SDBbot ServHelper tRat TrickBot |
2020-08-03 ⋅ Dridex – From Word to Domain Dominance Dridex |
2020-07-17 ⋅ CERT-FR ⋅ The Malware Dridex: Origins and Uses Andromeda CryptoLocker Cutwail DoppelPaymer Dridex Emotet FriedEx Gameover P2P Gandcrab ISFB Murofet Necurs Predator The Thief Zeus |
2020-06-24 ⋅ Morphisec ⋅ Obfuscated VBScript Drops Zloader, Ursnif, Qakbot, Dridex Dridex ISFB QakBot Zloader |
2020-06-22 ⋅ CERT-FR ⋅ Évolution De Lactivité du Groupe Cybercriminel TA505 Amadey AndroMut Bart Clop Dridex FlawedGrace Gandcrab Get2 GlobeImposter Jaff Locky Marap Philadephia Ransom QuantLoader Scarab Ransomware SDBbot ServHelper Silence tRat TrickBot |
2020-06-19 ⋅ Reaqta ⋅ Dridex: the secret in a PostMessage() Dridex |
2020-06-05 ⋅ Votiro ⋅ Anatomy of a Well-Crafted UPS, FedEx, and DHL Phishing Email During COVID-19 Dridex |
2020-05-27 ⋅ GAIS-CERT ⋅ Dridex Banking Trojan Technical Analysis Report Dridex |
2020-05-25 ⋅ CERT-FR ⋅ Le Code Malveillant Dridex: Origines et Usages Dridex |
2020-05-25 ⋅ CERT-FR ⋅ INDICATEURS DE COMPROMISSION DU CERT-FR - Objet: Le code malveillant Dridex Dridex |
2020-05-21 ⋅ Intel 471 ⋅ A brief history of TA505 AndroMut Bart Dridex FlawedAmmyy FlawedGrace Gandcrab Get2 GlobeImposter Jaff Kegotip Locky Necurs Philadephia Ransom Pony QuantLoader Rockloader SDBbot ServHelper Shifu Snatch TrickBot |
2020-03-30 ⋅ Intezer ⋅ Fantastic payloads and where we find them Dridex Emotet ISFB TrickBot |
2020-03-05 ⋅ Microsoft ⋅ Human-operated ransomware attacks: A preventable disaster Dharma DoppelPaymer Dridex EternalPetya Gandcrab Hermes LockerGoga MegaCortex MimiKatz REvil RobinHood Ryuk SamSam TrickBot WannaCryptor |
2020-03-04 ⋅ CrowdStrike ⋅ 2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Ransomware Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot vidar Winnti ANTHROPOID SPIDER Anunak APT31 APT39 BlackTech BuhTrap Charming Kitten CLOCKWORD SPIDER DOPPEL SPIDER Gamaredon Group Leviathan MONTY SPIDER Mustang Panda NARWHAL SPIDER NOCTURNAL SPIDER Pinchy Spider Pirate Panda Salty Spider SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER |
2020-03-03 ⋅ PWC UK ⋅ Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare Axiom |
2020-02-18 ⋅ Sophos Labs ⋅ Nearly a quarter of malware now communicates using TLS Dridex IcedID TrickBot |
2020-01-31 ⋅ Virus Bulletin ⋅ Rich Headers: leveraging this mysterious artifact of the PE format Dridex Exaramel Industroyer Neutrino RCS Sathurbot |
2020 ⋅ Secureworks ⋅ GOLD DRAKE Dridex Empire Downloader FriedEx Koadic MimiKatz |
2020 ⋅ Secureworks ⋅ GOLD HERON DoppelPaymer Dridex Empire Downloader |
2019-12-19 ⋅ KrebsOnSecurity ⋅ Inside ‘Evil Corp,’ a $100M Cybercrime Menace Dridex Gameover P2P Zeus Evil Corp |
2019-12-05 ⋅ U.S. Department of the Treasury ⋅ Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware Dridex |
2019-09-09 ⋅ McAfee ⋅ Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study Cutwail Dridex Dyre Kovter Locky Phorpiex Simda |
2019-08-13 ⋅ Adalogics ⋅ The state of advanced code injections Dridex Emotet Tinba |
2019-07-12 ⋅ CrowdStrike ⋅ BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0 DoppelPaymer Dridex FriedEx |
2019-05-14 ⋅ GovCERT.ch ⋅ The Rise of Dridex and the Role of ESPs Dridex |
2018-12-18 ⋅ Trend Micro ⋅ URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader Dridex Emotet FriedEx ISFB |
2018-01-26 ⋅ ESET Research ⋅ FriedEx: BitPaymer ransomware the work of Dridex authors Dridex FriedEx |
2017-08-01 ⋅ Panda Security ⋅ Malware Report: Dridex Version 4 Dridex |
2017-07-25 ⋅ Github (viql) ⋅ Dridex Loot Dridex |
2017-07-18 ⋅ Elastic ⋅ Ten process injection techniques: A technical survey of common and trending process injection techniques Cryakl CyberGate Dridex FinFisher RAT Locky |
2017-02-28 ⋅ Security Intelligence ⋅ Dridex’s Cold War: Enter AtomBombing Dridex |
2017-01-26 ⋅ Flashpoint ⋅ Dridex Banking Trojan Returns, Leverages New UAC Bypass Method Dridex |
2016-02-16 ⋅ Symantec ⋅ Dridex: Tidal waves of spam pushing dangerous financial Trojan Dridex |
2015-11-10 ⋅ CERT.PL ⋅ Talking to Dridex (part 0) – inside the dropper Dridex |
2015-10-26 ⋅ Blueliv ⋅ Chasing cybercrime: network insights of Dyre and Dridex Trojan bankers Dridex Dyre |
2015-10-15 ⋅ BitSight ⋅ Dridex: Chasing a botnet from the inside Dridex |
2015-10-13 ⋅ Secureworks ⋅ Dridex (Bugat v5) Botnet Takeover Operation Dridex |