Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-14RiskIQJordan Herman
@online{herman:20220114:riskiq:f4f5b68, author = {Jordan Herman}, title = {{RiskIQ: Unique SSL Certificates and JARM Hash Connected to Emotet and Dridex C2 Servers}}, date = {2022-01-14}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/2cd1c003}, language = {English}, urldate = {2022-01-18} } RiskIQ: Unique SSL Certificates and JARM Hash Connected to Emotet and Dridex C2 Servers
Dridex Emotet
2021-12-20InQuestNick Chalard
@online{chalard:20211220:dont:0aad3db, author = {Nick Chalard}, title = {{(Don't) Bring Dridex Home for the Holidays}}, date = {2021-12-20}, organization = {InQuest}, url = {https://inquest.net/blog/2021/12/20/dont-bring-dridex-home-holidays}, language = {English}, urldate = {2021-12-22} } (Don't) Bring Dridex Home for the Holidays
DoppelDridex Dridex
2021-12-20Bleeping ComputerLawrence Abrams
@online{abrams:20211220:log4j:1a80230, author = {Lawrence Abrams}, title = {{Log4j vulnerability now used to install Dridex banking malware}}, date = {2021-12-20}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/log4j-vulnerability-now-used-to-install-dridex-banking-malware/}, language = {English}, urldate = {2021-12-21} } Log4j vulnerability now used to install Dridex banking malware
DoppelDridex Meterpreter
2021-11-21Cyber-AnubisNidal Fikri
@online{fikri:20211121:dridex:b9218fa, author = {Nidal Fikri}, title = {{Dridex Trojan | Defeating Anti-Analysis | Strings Decryption | C&C Extraction}}, date = {2021-11-21}, organization = {Cyber-Anubis}, url = {https://cyber-anubis.github.io/malware%20analysis/dridex/}, language = {English}, urldate = {2021-12-01} } Dridex Trojan | Defeating Anti-Analysis | Strings Decryption | C&C Extraction
DoppelDridex Dridex
2021-10-28ProofpointAxel F, Selena Larson
@online{f:20211028:ta575:c1cfdd7, author = {Axel F and Selena Larson}, title = {{TA575 Uses ‘Squid Game’ Lures to Distribute Dridex malware}}, date = {2021-10-28}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/ta575-uses-squid-game-lures-distribute-dridex-malware}, language = {English}, urldate = {2021-11-03} } TA575 Uses ‘Squid Game’ Lures to Distribute Dridex malware
DoppelDridex
2021-10-260ffset BlogChuong Dong
@online{dong:20211026:dridex:e054dc4, author = {Chuong Dong}, title = {{DRIDEX: Analysing API Obfuscation Through VEH}}, date = {2021-10-26}, organization = {0ffset Blog}, url = {https://www.0ffset.net/reverse-engineering/malware-analysis/dridex-veh-api-obfuscation/}, language = {English}, urldate = {2021-11-03} } DRIDEX: Analysing API Obfuscation Through VEH
DoppelDridex
2021-09-27Security Soup BlogRyan Campbell
@online{campbell:20210927:doppeldridex:daa5f69, author = {Ryan Campbell}, title = {{DoppelDridex Delivered via Slack and Discord}}, date = {2021-09-27}, organization = {Security Soup Blog}, url = {https://security-soup.net/doppeldridex-delivered-via-slack-and-discord/}, language = {English}, urldate = {2021-09-29} } DoppelDridex Delivered via Slack and Discord
DoppelDridex
2021-09-10FortinetXiaopeng Zhang
@online{zhang:20210910:new:25d8475, author = {Xiaopeng Zhang}, title = {{New Dridex Variant Being Spread By Crafted Excel Document}}, date = {2021-09-10}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/new-dridex-variant-being-spread-by-crafted-excel-document?&web_view=true}, language = {English}, urldate = {2021-09-12} } New Dridex Variant Being Spread By Crafted Excel Document
DoppelDridex
2021-08-19BlackberryBlackBerry Research & Intelligence Team
@online{team:20210819:blackberry:2eec433, author = {BlackBerry Research & Intelligence Team}, title = {{BlackBerry Prevents: Threat Actor Group TA575 and Dridex Malware}}, date = {2021-08-19}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/08/blackberry-prevents-threat-actor-group-ta575-and-dridex-malware}, language = {English}, urldate = {2021-08-23} } BlackBerry Prevents: Threat Actor Group TA575 and Dridex Malware
Cobalt Strike Dridex
2021-08-05Red CanaryTony Lambert, Brian Donohue, Dan Cotton
@online{lambert:20210805:when:aeb7b10, author = {Tony Lambert and Brian Donohue and Dan Cotton}, title = {{When Dridex and Cobalt Strike give you Grief}}, date = {2021-08-05}, organization = {Red Canary}, url = {https://redcanary.com/blog/grief-ransomware/}, language = {English}, urldate = {2021-09-10} } When Dridex and Cobalt Strike give you Grief
Cobalt Strike DoppelDridex DoppelPaymer
2021-07-02MalwareBookReportsmuzi
@online{muzi:20210702:skip:09c3cd8, author = {muzi}, title = {{Skip the Middleman: Dridex Document to Cobalt Strike}}, date = {2021-07-02}, organization = {MalwareBookReports}, url = {https://malwarebookreports.com/cryptone-cobalt-strike/}, language = {English}, urldate = {2021-07-06} } Skip the Middleman: Dridex Document to Cobalt Strike
Cobalt Strike Dridex
2021-06-30GuardicoreLiad Mordekoviz, Ophir Harpaz
@online{mordekoviz:20210630:smb:93a9547, author = {Liad Mordekoviz and Ophir Harpaz}, title = {{SMB Worm “Indexsinas” Uses Lateral Movement to Infect Whole Networks}}, date = {2021-06-30}, organization = {Guardicore}, url = {https://www.guardicore.com/labs/smb-worm-indexsinas/}, language = {English}, urldate = {2021-07-02} } SMB Worm “Indexsinas” Uses Lateral Movement to Infect Whole Networks
2021-06-22Twitter (@Cryptolaemus1)Cryptolaemus, Kirk Sayre, dao ming si
@online{cryptolaemus:20210622:ta575:895ac37, author = {Cryptolaemus and Kirk Sayre and dao ming si}, title = {{Tweet on TA575, a Dridex affiliate delivering cobaltstrike (packed withe Cryptone) directly via the macro docs}}, date = {2021-06-22}, organization = {Twitter (@Cryptolaemus1)}, url = {https://twitter.com/Cryptolaemus1/status/1407135648528711680}, language = {English}, urldate = {2021-06-22} } Tweet on TA575, a Dridex affiliate delivering cobaltstrike (packed withe Cryptone) directly via the macro docs
Cobalt Strike Dridex
2021-06-03YouTube (FIRST)Felipe Domingues, Gustavo Palazolo
@online{domingues:20210603:breaking:69967e5, author = {Felipe Domingues and Gustavo Palazolo}, title = {{Breaking Dridex Malware}}, date = {2021-06-03}, organization = {YouTube (FIRST)}, url = {https://www.youtube.com/watch?v=1VB15_HgUkg}, language = {English}, urldate = {2021-06-16} } Breaking Dridex Malware
Dridex
2021-04-15Twitter (@felixw3000)Felix
@online{felix:20210415:dridexs:a39e123, author = {Felix}, title = {{Tweet on Dridex's evasion technique}}, date = {2021-04-15}, organization = {Twitter (@felixw3000)}, url = {https://twitter.com/felixw3000/status/1382614469713530883?s=20}, language = {English}, urldate = {2021-05-25} } Tweet on Dridex's evasion technique
Dridex
2021-04-06LexfoLexfo
@online{lexfo:20210406:dridex:a3b6f4f, author = {Lexfo}, title = {{Dridex Loader Analysis}}, date = {2021-04-06}, organization = {Lexfo}, url = {https://blog.lexfo.fr/dridex-malware.html}, language = {English}, urldate = {2021-04-09} } Dridex Loader Analysis
Dridex
2021-03-29VMWare Carbon BlackJason Zhang, Oleg Boyarchuk, Giovanni Vigna
@online{zhang:20210329:dridex:7692f65, author = {Jason Zhang and Oleg Boyarchuk and Giovanni Vigna}, title = {{Dridex Reloaded: Analysis of a New Dridex Campaign}}, date = {2021-03-29}, organization = {VMWare Carbon Black}, url = {https://blogs.vmware.com/networkvirtualization/2021/03/analysis-of-a-new-dridex-campaign.html/}, language = {English}, urldate = {2021-04-09} } Dridex Reloaded: Analysis of a New Dridex Campaign
Dridex
2021-03-11IBMDave McMillen, Limor Kessem
@online{mcmillen:20210311:dridex:1140b01, author = {Dave McMillen and Limor Kessem}, title = {{Dridex Campaign Propelled by Cutwail Botnet and Poisonous PowerShell Scripts}}, date = {2021-03-11}, organization = {IBM}, url = {https://securityintelligence.com/dridex-campaign-propelled-by-cutwail-botnet-and-powershell/}, language = {English}, urldate = {2021-03-12} } Dridex Campaign Propelled by Cutwail Botnet and Poisonous PowerShell Scripts
Cutwail Dridex
2021-03-02HispasecHispasec Sistemas
@techreport{sistemas:20210302:campaa:7faa602, author = {Hispasec Sistemas}, title = {{Campaña Fedex Banker}}, date = {2021-03-02}, institution = {Hispasec}, url = {https://hispasec.com/resources/FedexBanker.pdf}, language = {Spanish}, urldate = {2021-06-29} } Campaña Fedex Banker
FluBot
2021-02-24IBMIBM SECURITY X-FORCE
@online{xforce:20210224:xforce:ac9a90e, author = {IBM SECURITY X-FORCE}, title = {{X-Force Threat Intelligence Index 2021}}, date = {2021-02-24}, organization = {IBM}, url = {https://ibm.ent.box.com/s/hs5pcayhbbhjvj8di5sqdpbbd88tsh89}, language = {English}, urldate = {2021-03-02} } X-Force Threat Intelligence Index 2021
Emotet QakBot Ramnit REvil TrickBot