38 KiB
Dridex - Cyber Threat Intelligence
These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Dridex. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.
Live data and more analysis capabilities are available at https://vuldb.com/?actor.dridex
Countries
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Dridex:
There are 15 more country items available. Please use our online service to access the data.
IOC - Indicator of Compromise
These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Dridex.
ID | IP address | Hostname | Campaign | Confidence |
---|---|---|---|---|
1 | 1.234.20.244 | - | - | High |
2 | 1.234.21.73 | - | - | High |
3 | 1.235.193.138 | - | - | High |
4 | 2.58.16.87 | - | - | High |
5 | 2.80.178.251 | bl19-178-251.dsl.telepac.pt | - | High |
6 | 2.138.111.86 | 86.red-2-138-111.dynamicip.rima-tde.net | - | High |
7 | 3.6.11.148 | ec2-3-6-11-148.ap-south-1.compute.amazonaws.com | - | Medium |
8 | 3.223.115.185 | ec2-3-223-115-185.compute-1.amazonaws.com | - | Medium |
9 | 5.2.70.173 | - | - | High |
10 | 5.9.14.91 | es6-pr-no9.icpacs.eu | - | High |
11 | 5.9.44.37 | static.37.44.9.5.clients.your-server.de | - | High |
12 | 5.9.188.148 | mta5.offerteora.com | - | High |
13 | 5.39.99.208 | - | - | High |
14 | 5.39.222.84 | - | - | High |
15 | 5.39.222.87 | - | - | High |
16 | 5.39.222.102 | insideappple.com | - | High |
17 | 5.44.45.177 | miha922.ru | - | High |
18 | 5.45.179.186 | - | - | High |
19 | 5.79.75.41 | hosted-by.leaseweb.com | - | High |
20 | 5.83.45.48 | - | - | High |
21 | 5.100.228.233 | vps.hegeman.com | - | High |
22 | 5.135.167.231 | ks3321292.kimsufi.com | - | High |
23 | 5.135.182.4 | git.dev-sixtrone.com | - | High |
24 | 5.149.248.19 | bmc.srv18.swdc.ams1.nl.fortunix.net | - | High |
25 | 5.181.158.4 | no-rdns.mivocloud.com | - | High |
26 | 5.181.158.185 | eptgaconvic.arveanrackfli.nginpu185tcpy.cyclegakemtirebe.com | - | High |
27 | 5.181.158.186 | iveclot186hefry.salvecra.vedescribeoff.cyclegakemtirebe.com | - | High |
28 | 5.181.158.187 | thrivebeau.ywringimmateg.espen187dsca.cyclegakemtirebe.com | - | High |
29 | 5.189.144.136 | box.wellspring.ltd | - | High |
30 | 5.189.150.29 | vmi40990.contabo.host | - | High |
31 | 5.189.181.107 | vmi354699.contaboserver.net | - | High |
32 | 5.189.190.214 | vmi810936.contaboserver.net | - | High |
33 | 5.196.204.251 | front4.ziofix.net | - | High |
34 | 5.196.213.55 | nas.iris-it.fr | - | High |
35 | 5.199.162.48 | mail.nusipirkti.lt | - | High |
36 | 5.199.174.90 | shared111.mvps.eu | - | High |
37 | 8.4.9.152 | host-8-4-9-152.onlinehorizons.net | - | High |
38 | 8.210.53.215 | - | - | High |
39 | 8.248.159.254 | - | - | High |
40 | 8.249.217.254 | - | - | High |
41 | 8.249.223.254 | - | - | High |
42 | 8.249.233.254 | - | - | High |
43 | 8.253.45.214 | - | - | High |
44 | 8.253.45.249 | - | - | High |
45 | 8.253.131.120 | - | - | High |
46 | 8.253.131.121 | - | - | High |
47 | 8.253.132.120 | - | - | High |
48 | 8.253.156.121 | - | - | High |
49 | 12.52.64.10 | - | - | High |
50 | 13.32.240.71 | server-13-32-240-71.ams50.r.cloudfront.net | - | High |
51 | 13.224.102.99 | server-13-224-102-99.zrh50.r.cloudfront.net | - | High |
52 | 13.224.195.149 | server-13-224-195-149.fra2.r.cloudfront.net | - | High |
53 | 13.225.87.14 | server-13-225-87-14.fra2.r.cloudfront.net | - | High |
54 | 13.226.211.115 | server-13-226-211-115.lax50.r.cloudfront.net | - | High |
55 | 14.98.183.4 | static-4.183.98.14-tataidc.co.in | - | High |
56 | 18.195.23.231 | ec2-18-195-23-231.eu-central-1.compute.amazonaws.com | - | Medium |
57 | 23.3.13.88 | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High |
58 | 23.3.13.153 | a23-3-13-153.deploy.static.akamaitechnologies.com | - | High |
59 | 23.3.13.154 | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High |
60 | 23.3.13.155 | a23-3-13-155.deploy.static.akamaitechnologies.com | - | High |
61 | 23.3.13.160 | a23-3-13-160.deploy.static.akamaitechnologies.com | - | High |
62 | 23.21.48.44 | ec2-23-21-48-44.compute-1.amazonaws.com | - | Medium |
63 | 23.46.238.194 | a23-46-238-194.deploy.static.akamaitechnologies.com | - | High |
64 | 23.46.239.17 | a23-46-239-17.deploy.static.akamaitechnologies.com | - | High |
65 | 23.46.239.18 | a23-46-239-18.deploy.static.akamaitechnologies.com | - | High |
66 | 23.148.145.208 | geo1n3.yourtekpro.com | - | High |
67 | 23.160.192.125 | unknown.ip-xfer.net | - | High |
68 | 23.199.71.136 | a23-199-71-136.deploy.static.akamaitechnologies.com | - | High |
69 | 23.199.71.147 | a23-199-71-147.deploy.static.akamaitechnologies.com | - | High |
70 | 23.199.71.169 | a23-199-71-169.deploy.static.akamaitechnologies.com | - | High |
71 | 23.199.71.185 | a23-199-71-185.deploy.static.akamaitechnologies.com | - | High |
72 | 23.199.71.208 | a23-199-71-208.deploy.static.akamaitechnologies.com | - | High |
73 | 23.227.202.174 | 23-227-202-174.static.hvvc.us | - | High |
74 | 23.227.203.228 | 23-227-203-228.static.hvvc.us | - | High |
75 | 23.227.203.229 | 23-227-203-229.static.hvvc.us | - | High |
76 | 23.246.204.126 | 7e.cc.f617.ip4.static.sl-reverse.com | - | High |
77 | 23.253.208.162 | - | - | High |
78 | 23.254.211.213 | client-23-254-211-213.hostwindsdns.com | - | High |
79 | 23.254.215.238 | hwsrv-900801.hostwindsdns.com | - | High |
80 | 23.254.217.168 | client-23-254-217-168.hostwindsdns.com | - | High |
81 | 23.254.247.5 | hwsrv-936430.hostwindsdns.com | - | High |
82 | 23.254.247.55 | client-23-254-247-55.hostwindsdns.com | - | High |
83 | 24.40.243.66 | 24-40-243-66.fidnet.com | - | High |
84 | 24.229.3.146 | - | - | High |
85 | 27.60.164.164 | - | - | High |
86 | 31.14.41.212 | a856-motor.variouloco.com | - | High |
87 | 31.14.41.213 | gain-compress.variouloco.com | - | High |
88 | 31.14.41.214 | a277-exist.variouloco.com | - | High |
89 | 31.14.41.215 | dubaibuildings.com | - | High |
90 | 31.24.30.65 | - | - | High |
91 | 31.24.158.56 | bm.servidoresdedicados.com | - | High |
92 | 31.41.45.197 | andrewhrenov.example.com | - | High |
93 | 31.42.177.51 | antiques.managerpray.uk | - | High |
94 | 31.42.177.52 | touch.managerpray.uk | - | High |
95 | 31.220.49.39 | - | - | High |
96 | 37.1.208.21 | - | - | High |
97 | 37.1.215.144 | - | - | High |
98 | 37.34.58.210 | 37-34-58-210.colo.transip.net | - | High |
99 | 37.49.230.49 | - | - | High |
100 | 37.59.52.64 | ns3265174.ip-37-59-52.eu | - | High |
101 | 37.59.74.180 | - | - | High |
102 | 37.59.103.148 | 148.ip-37-59-103.eu | - | High |
103 | 37.120.222.56 | - | - | High |
104 | 37.120.239.185 | - | - | High |
105 | 37.187.114.15 | ns328458.ip-37-187-114.eu | - | High |
106 | 37.187.115.122 | ns328855.ip-37-187-115.eu | - | High |
107 | 37.205.9.252 | s1.ithelp24.eu | - | High |
108 | 37.247.35.130 | earthquake.kenic.nl | - | High |
109 | 37.247.35.132 | ns2.djhost.nl | - | High |
110 | 37.247.35.137 | klanten.kenic.nl | - | High |
111 | 40.122.160.14 | - | - | High |
112 | 41.76.108.46 | - | - | High |
113 | 42.112.35.46 | - | - | High |
114 | 43.229.206.212 | 212.subnet43-229-206.static.inet.net.id | - | High |
115 | 43.229.206.214 | 214.subnet43-229-206.static.inet.net.id | - | High |
116 | 43.229.206.244 | 244.subnet43-229-206.static.inet.net.id | - | High |
117 | 45.32.243.209 | 45.32.243.209.vultrusercontent.com | - | High |
118 | 45.33.20.41 | 45-33-20-41.ip.linodeusercontent.com | - | High |
119 | 45.33.33.91 | 45-33-33-91.ip.linodeusercontent.com | - | High |
120 | 45.33.94.33 | 45-33-94-33.ip.linodeusercontent.com | - | High |
121 | 45.55.134.126 | - | - | High |
122 | 45.55.154.235 | - | - | High |
123 | 45.55.180.84 | - | - | High |
124 | 45.56.121.87 | 45-56-121-87.ip.linodeusercontent.com | - | High |
125 | 45.58.56.12 | - | - | High |
126 | 45.63.36.79 | 45.63.36.79.vultrusercontent.com | - | High |
127 | 45.73.148.28 | - | - | High |
128 | 45.76.176.10 | 45.76.176.10.vultrusercontent.com | - | High |
129 | 45.77.0.96 | 45.77.0.96.vultrusercontent.com | - | High |
130 | 45.79.8.25 | li1107-25.members.linode.com | - | High |
131 | 45.79.33.48 | li1132-48.members.linode.com | - | High |
132 | 45.79.80.198 | 45-79-80-198.ip.linodeusercontent.com | - | High |
133 | 45.79.91.89 | li1190-89.members.linode.com | - | High |
134 | 45.79.248.254 | 45-79-248-254.ip.linodeusercontent.com | - | High |
135 | 45.80.173.80 | host80-173-80-45.convergenze.it | - | High |
136 | 45.122.223.13 | mx22313.vhost.vn | - | High |
137 | 45.123.40.54 | - | - | High |
138 | 45.129.96.9 | 647972-vds-gavenkoa.gmhost.pp.ua | - | High |
139 | 45.153.241.113 | - | - | High |
140 | 45.177.120.36 | mail.netlimit.net.br | - | High |
141 | 45.184.36.10 | - | - | High |
142 | 46.4.83.131 | websrv.inforlandia.pt | - | High |
143 | 46.4.232.200 | static.200.232.4.46.clients.your-server.de | - | High |
144 | 46.36.217.227 | - | - | High |
145 | 46.41.130.218 | - | - | High |
146 | 46.55.222.10 | - | - | High |
147 | 46.101.90.205 | - | - | High |
148 | 46.101.98.60 | - | - | High |
149 | 46.101.142.214 | - | - | High |
150 | 46.101.175.170 | - | - | High |
151 | 46.101.182.168 | - | - | High |
152 | 46.101.216.218 | - | - | High |
153 | 46.105.131.65 | - | - | High |
154 | 46.105.131.73 | dns2.adven.fr | - | High |
155 | 46.105.131.78 | mysql.adven.fr | - | High |
156 | 46.231.204.10 | anb.dnh.net | - | High |
157 | 50.21.183.143 | mail.coopvr.com | - | High |
158 | 50.28.35.36 | lprod03.ilsols.com | - | High |
159 | 50.116.27.97 | 50-116-27-97.ip.linodeusercontent.com | - | High |
160 | 50.116.54.215 | 50-116-54-215.ip.linodeusercontent.com | - | High |
161 | 50.116.62.25 | inserthero2.inserthero.com | - | High |
162 | 50.116.109.66 | van.vanrise.com | - | High |
163 | 50.116.111.64 | car.careerraiser.com | - | High |
164 | 50.243.30.51 | 50-243-30-51-static.hfc.comcastbusiness.net | - | High |
165 | 50.249.212.98 | 50-249-212-98-static.hfc.comcastbusiness.net | - | High |
166 | 51.15.176.55 | stockage.chapaux.cloud | - | High |
167 | 51.38.124.206 | 206.ip-51-38-124.eu | - | High |
168 | 51.68.138.110 | 110.ip-51-68-138.eu | - | High |
169 | 51.75.24.85 | 85.ip-51-75-24.eu | - | High |
170 | 51.75.77.27 | vps-4ba9229f.vps.ovh.net | - | High |
171 | 51.75.162.188 | vps-9a7ec249.vps.ovh.net | - | High |
172 | 51.77.82.110 | web001.xwebsrv.de | - | High |
173 | 51.79.50.122 | adriana.mentyx.com | - | High |
174 | 51.79.166.3 | vps-66c10039.vps.ovh.ca | - | High |
175 | 51.81.254.89 | - | - | High |
176 | 51.83.3.52 | shde-2c579.serverlet.com | - | High |
177 | 51.83.47.27 | vps-769ce14c.vps.ovh.net | - | High |
178 | 51.91.76.89 | 89.ip-51-91-76.eu | - | High |
179 | 51.91.156.39 | 39.ip-51-91-156.eu | - | High |
180 | 51.159.52.196 | 51-159-52-196.rev.poneytelecom.eu | - | High |
181 | 51.178.161.32 | srv-web.ffconsulting.com | - | High |
182 | 51.254.95.252 | ip252.ip-51-254-95.eu | - | High |
183 | 51.254.140.238 | 238.ip-51-254-140.eu | - | High |
184 | 51.255.165.160 | 160.ip-51-255-165.eu | - | High |
185 | 52.73.70.149 | ec2-52-73-70-149.compute-1.amazonaws.com | - | Medium |
186 | 52.114.132.73 | - | - | High |
187 | 52.222.136.27 | server-52-222-136-27.ams50.r.cloudfront.net | - | High |
188 | 52.222.136.102 | server-52-222-136-102.ams50.r.cloudfront.net | - | High |
189 | 52.222.136.174 | server-52-222-136-174.ams50.r.cloudfront.net | - | High |
190 | ... | ... | ... | ... |
There are 757 more IOC items available. Please use our online service to access the data.
TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Dridex. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence |
---|---|---|---|---|
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-28 | Pathname Traversal | High |
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High |
3 | T1055 | CWE-74 | Injection | High |
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High |
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High |
6 | ... | ... | ... | ... |
There are 19 more TTP items available. Please use our online service to access the data.
IOA - Indicator of Attack
These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Dridex. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence |
---|---|---|---|
1 | File | /?p=products |
Medium |
2 | File | /admin.php/accessory/filesdel.html |
High |
3 | File | /admin/?page=user/manage |
High |
4 | File | /admin/add-new.php |
High |
5 | File | /admin/doctors.php |
High |
6 | File | /admin/submit-articles |
High |
7 | File | /alphaware/summary.php |
High |
8 | File | /api/ |
Low |
9 | File | /api/admin/store/product/list |
High |
10 | File | /api/stl/actions/search |
High |
11 | File | /api/sys_username_passwd.cmd |
High |
12 | File | /api/v2/cli/commands |
High |
13 | File | /apply.cgi |
Medium |
14 | File | /attachments |
Medium |
15 | File | /bin/ate |
Medium |
16 | File | /boat/login.php |
High |
17 | File | /booking/show_bookings/ |
High |
18 | File | /bsms_ci/index.php/book |
High |
19 | File | /cgi-bin |
Medium |
20 | File | /cgi-bin/supervisor/PwdGrp.cgi |
High |
21 | File | /cgi-bin/wlogin.cgi |
High |
22 | File | /context/%2e/WEB-INF/web.xml |
High |
23 | File | /debug/pprof |
Medium |
24 | File | /env |
Low |
25 | File | /etc/hosts |
Medium |
26 | File | /eval/admin/manage_class.php |
High |
27 | File | /forum/away.php |
High |
28 | File | /medicines/profile.php |
High |
29 | File | /modules/caddyhttp/rewrite/rewrite.go |
High |
30 | File | /php-sms/admin/?page=user/manage_user |
High |
31 | File | /proxy |
Low |
32 | File | /reservation/add_message.php |
High |
33 | File | /spip.php |
Medium |
34 | File | /tmp |
Low |
35 | File | /user/updatePwd |
High |
36 | File | /vendor/htmlawed/htmlawed/htmLawedTest.php |
High |
37 | File | /video-sharing-script/watch-video.php |
High |
38 | ... | ... | ... |
There are 323 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
References
The following list contains external sources which discuss the actor and the associated activities:
- https://bazaar.abuse.ch/sample/0a1e917be7ffa997f003bf18267e8e5c2bc986111b84dae89afb834747e86f8a/
- https://bazaar.abuse.ch/sample/0af19354eb543e39ac5f595ecd41d79ded7e87c5d4371dccbe488257108fdb81/
- https://bazaar.abuse.ch/sample/0c14e5c758ad428056a2007eb537c4f389ee9f0794b40c07c2b82229d3584298/
- https://bazaar.abuse.ch/sample/0ccc1ea2dc07c5d01ffbcdf63a94f5bf52fac32ab3d9075204cd07b2d0455126/
- https://bazaar.abuse.ch/sample/0186ed5e1eeb88d98e6d8686e0ed26ed76f8dec80ef3fd1bf3f366aac87f44b2/
- https://bazaar.abuse.ch/sample/03b842f01c0fcffe65528c0cda2b41426a01f1e005da63bdae4ce96aa0469a76/
- https://bazaar.abuse.ch/sample/03e67145339e945177a8340a54e2d4a63f1784c78b3e7e0074f2a1486bab9f25/
- https://bazaar.abuse.ch/sample/03320c0e48e17229f28f912c23976da02fe9d683c6bcdda2eebcd9d6dab0971e/
- https://bazaar.abuse.ch/sample/0376f97c21d2f00bc9c0919ce108ef14a2b3b1b356b2caa502a6cae81c7798f2/
- https://bazaar.abuse.ch/sample/095f83e97512fea78239a6bd94ae41a679b5de1c5c1cee61c053d691f9e7eee2/
- https://bazaar.abuse.ch/sample/1b8bca9df2ce17770075563a17faa0aa0906c1a89ca127738acf7f0bd9530664/
- https://bazaar.abuse.ch/sample/1c7221d77aa0958f77bc4796b0b1c09f4c781e877ee18a3c9627c440ef72233d/
- https://bazaar.abuse.ch/sample/1d778359ab155cb190b9f2a7086c3bcb4082aa195ff8f754dae2d665fd20aa05/
- https://bazaar.abuse.ch/sample/2a1b3b5edfee83cc8ef6af4ac8e286de27d59eccfce7744b66edcdc5d3fd585c/
- https://bazaar.abuse.ch/sample/2fef01ec46bc56992c5719d335add15e15b3329790b943f52df9c340a1b6b369/
- https://bazaar.abuse.ch/sample/4c92ddcbfc260c83541b452e0a807d7012819981adb82c14e9737ade7802e286/
- https://bazaar.abuse.ch/sample/4de87302bc33a613b54efca735080ec1705f35accf03e9d6a7a92b417024369b/
- https://bazaar.abuse.ch/sample/4e2d4a2facd8b4ce451fadb79d36772c66034e0848a7619d32b62a7114d97bbe/
- https://bazaar.abuse.ch/sample/4fccd38f504290cf5c70e7336071a90a064303c7fdf5c17f7c38001768bce115/
- https://bazaar.abuse.ch/sample/6dd691de8fde45048114ef90b481ca7160fe39ab182e727b073f3fda3e2f3259/
- https://bazaar.abuse.ch/sample/6df3e9aef37c9d227428dc5d745fb5ef79120ad0439120e68b00b0b4daa63da6/
- https://bazaar.abuse.ch/sample/6ea2ac1b53a24f7163d9e5dcd85c446eeb0ab28d29ca946c11acdf0393ebcde5/
- https://bazaar.abuse.ch/sample/7b38b9c14389d7c57591a3aa4ae8a8f847ff7314f40e9cd2987ee5d4d22e84e9/
- https://bazaar.abuse.ch/sample/8d00cb0248e3933ec12d2e303c058d0dd83eea88fc9191c4ad6a9afaeeb092dd/
- https://bazaar.abuse.ch/sample/8fe046c2fb961ded114076c5dfcbd8459a82baad6fbad34c04a08b920ee6290a/
- https://bazaar.abuse.ch/sample/9e5b2c5dbdaaebb8571121e82cefaa015ab39c25360035eea4ddd3a44695c34b/
- https://bazaar.abuse.ch/sample/9e7156a3ee3d864ea24daa5db9c90bc9505e034ed45dab8115490fda05c113d9/
- https://bazaar.abuse.ch/sample/13c5b33339522f8f96d091708e7a8a64b0939daa6225732352fbe44cb2950e67/
- https://bazaar.abuse.ch/sample/19cbabae648cfba0c00da360fbbd3bd9e5e94833cfe96d9eae8ba8f664097da1/
- https://bazaar.abuse.ch/sample/27b6c3c4715196458a2a348b8267fdb92ef46e19064e0c30d5aaa97a82b3ca63/
- https://bazaar.abuse.ch/sample/32d52214cf5e988fcea03d7edc9f775b22da0a886c75f37ceebd9a0b054a1391/
- https://bazaar.abuse.ch/sample/33b91e977a00e51d468fa76278f66735cf0c250d0f0f5e6936f78b0b65a40b29/
- https://bazaar.abuse.ch/sample/34fa8c8e97d69ecd42569b994e1933b451976958e0fb8174d6ca6483c2aef070/
- https://bazaar.abuse.ch/sample/39c47b42df4d66fe9b9e4cb03f486a6a8a11770010dd6537c55d2899b2e2021a/
- https://bazaar.abuse.ch/sample/40b96cf1d718a7f4d1e4f9b2d60b9587deac947ca62e2395b7ede5a746e18dae/
- https://bazaar.abuse.ch/sample/40bec49fd0d5749a0e5d2326090ddda77230606b9f126b3f76b5475e0df132db/
- https://bazaar.abuse.ch/sample/42c76a91495daed3287bb01d657c022825cc396a690cccdd709369221726acfd/
- https://bazaar.abuse.ch/sample/42fa7812c5bf7c9cc67c255e753e028e1a4f52f1c5f7a680409f6db37382258c/
- https://bazaar.abuse.ch/sample/43ef2ed6c4ee2e7bdc2d73dcaa282ab908f8021636c47a0b8be83b6a135029f6/
- https://bazaar.abuse.ch/sample/49b240bca4cd10a3fa1537f926fdaca286a42dadf8b1b97c4f7da5fb19f0edc2/
- https://bazaar.abuse.ch/sample/53ce752aa18d36320fc8a1c0fa6993dc866416bccc613a4fef80f2427d224824/
- https://bazaar.abuse.ch/sample/63abc500d2a9f12692276d1cd2becc0ce16719ab69a69ea9827bd411f12b4291/
- https://bazaar.abuse.ch/sample/75af70e23da2b599da4494660650ed0cf042caacd80749f3015b4cb323b57b8f/
- https://bazaar.abuse.ch/sample/81ef9551c56bd71d298df6c1fb1852e1370ca47e48727c65479b631091992119/
- https://bazaar.abuse.ch/sample/96ecd091b6b12ad0966904231bc429c459f9858b5693b9fa1a2f96805b405a16/
- https://bazaar.abuse.ch/sample/111b6f11369a55f2fd33d7d87f8340d276513ff01a096610bfc3941b9637004f/
- https://bazaar.abuse.ch/sample/137a3b1d2ae58f70052f259434e04a9cbf8d10e54533ef3f9359c03fc4ccb56f/
- https://bazaar.abuse.ch/sample/305dd29a31e93aa15f0957262ac215d0e9f7b1db52d08633b036c65df670bc6e/
- https://bazaar.abuse.ch/sample/581ee1b37d2931e58dc238a7e9a4b0f2baa42c31c1dfd847b7983ab5c75dd732/
- https://bazaar.abuse.ch/sample/594bb2ed8db58f342ea2a9a6cd9f87b102b78538e2e45757a6fa0c83b37b4b38/
- https://bazaar.abuse.ch/sample/644a49eba6bfb78a69f38503558548790aea76c4218a4c13d104d2f85a78d59c/
- https://bazaar.abuse.ch/sample/851c23c1e7511cae9134da4086116a84a8c28405a0ba05f1a9654a518e2cd64d/
- https://bazaar.abuse.ch/sample/908f65a11475183af23d5295a67212a600490fb45c925f052dc6ffecff8d39e6/
- https://bazaar.abuse.ch/sample/945de16b7780b22c96087724a576577b397716a1731dc2e540bce2f21f07c175/
- https://bazaar.abuse.ch/sample/968cb247819512b9dec68ae6c1ad475e562f412fd74917652f50f934749b7de1/
- https://bazaar.abuse.ch/sample/1811c903465ee50c48b4c268cc55731bff21ffb25ed11e238f87aae8a2df6824/
- https://bazaar.abuse.ch/sample/5434a061b9d434051c8c7417b0d6c500937e1818c0a7ae76a16c77f5b90c7dee/
- https://bazaar.abuse.ch/sample/5933ccf82bd952e5b576a91833105cba0074d6992344f423cb984c89b03cc055/
- https://bazaar.abuse.ch/sample/6096bc655163c70c043779aaa2b38c245eb21e4968ef5c293985e983a32e1541/
- https://bazaar.abuse.ch/sample/6878b5e139b743a2a6c9cc23c3837d4e935cdf8d4283a33c56358b9408c6960a/
- https://bazaar.abuse.ch/sample/11090f4036f624159e33416ad929c54a5a8081a7cc071702d1e61cc121c37e59/
- https://bazaar.abuse.ch/sample/84335aac46b5b746dbcace6e04e4d3af2e7f7bda72da361a6777091ad9dfc09f/
- https://bazaar.abuse.ch/sample/5921361d5de06736873ff6f05b8f21a8af2a9ad8081f021ce33953f4a7f9e418/
- https://bazaar.abuse.ch/sample/6232728af29302ef0a4675b3c5a255b5e9ee800c221823ecb4d4cab8cc0f7edb/
- https://bazaar.abuse.ch/sample/6362084f61fa6a41b8b01b7c62215ad41a2623b69572ce558c33bffaa21f0af9/
- https://bazaar.abuse.ch/sample/85179261d96dc79f1f6521f62b75437f522500107184d2bfe060756cbebe2d66/
- https://bazaar.abuse.ch/sample/224377231dd24c7ae4b4e6ccbecfde5bb420b8c417d55f47214160fdbfaee130/
- https://bazaar.abuse.ch/sample/255995667a9a05831875a40be90deb7249afc94628b9a1676d9c4b859968b3f9/
- https://bazaar.abuse.ch/sample/437275776c30ea1da5305f31a1d9a07567b2df3c6f41229782afdcf46343cbed/
- https://bazaar.abuse.ch/sample/741087126c1c7edec3d0a3bc3f490723a4f410e9a278444c812e7f79013bb996/
- https://bazaar.abuse.ch/sample/4902830374b401c3a75fe1567c3e9a7a3efbdb2da587f0d97d3fd3fe17e50c80/
- https://bazaar.abuse.ch/sample/402248568342650b6599bc65a78247c24c4e81a435c374f2f5260c524a4b8581/
- https://bazaar.abuse.ch/sample/a5fc669f505c4e801fbe0859af1db44e55462bc59d78d5d6c90b7d3a78701728/
- https://bazaar.abuse.ch/sample/a16fce2955ac93ba1e3b7fff5755b943601260d5574d1165e8592f3a2caf109a/
- https://bazaar.abuse.ch/sample/a44becb6f8b4f8ebe74fbcd27c2da5e05af9eed2cacc281ba7412757a9041d83/
- https://bazaar.abuse.ch/sample/a62adbb90784d770dbeb78ff1824d644f9649ca4cb3410946f6a7a66d71c2697/
- https://bazaar.abuse.ch/sample/a63d5af0c6d5817dd92a3efad5233a75704268b37194f4a36765af2d753dbf6e/
- https://bazaar.abuse.ch/sample/a463f9a8842a5c947abaa2bff1b621835ff35f65f9d3272bf1fa5197df9f07d0/
- https://bazaar.abuse.ch/sample/a1388cb3e6ae68a6130ae12f9db4881238c97718875a3362b6bc5788e61c6663/
- https://bazaar.abuse.ch/sample/aa273a0d181ce95a4c27507000f9d961b975fc66ec321038a1c79e7fcc3bec8e/
- https://bazaar.abuse.ch/sample/aadb5217c4c9316b90ce4eb5f2b52f72d34d426d66ce00c9addaef1654853acf/
- https://bazaar.abuse.ch/sample/acbcd5ce1579a43148eee9b867f035cd0bc16f237a4790322467a0dac23ce7c6/
- https://bazaar.abuse.ch/sample/adbfe3ab87bdb320c3ef08a99550da2b188dfabe822b90519806e5f399732b69/
- https://bazaar.abuse.ch/sample/af158f524186d5bb8f0cd61679c2c0b7a874261ae23251c45b0054789e60156e/
- https://bazaar.abuse.ch/sample/b0e818d387d5216d3c549b5963d8325f743f9a61a11c77f6f26836a0b28a1815/
- https://bazaar.abuse.ch/sample/b2bad32850acffb04cbe49e905316b242b97f3e4d143a603faa9d7e76ced677c/
- https://bazaar.abuse.ch/sample/b3e3c4008841cbaaa9a0c26b143f7a7ea1a9b6ec5bd66486a1ce694fba603750/
- https://bazaar.abuse.ch/sample/b4fec3ea96a5ee3857c55982bf35cb4f359b3d6e67b3c442e449aaeda97374d2/
- https://bazaar.abuse.ch/sample/b5c6166788cfb3c57723ec0d2c9d95c1c52b8115044574a181cea21fe5deaee4/
- https://bazaar.abuse.ch/sample/b9bb671587f2dad8a3df83d6bd0b7b8327edf93fadbefe8b6aa7eabe6698ae88/
- https://bazaar.abuse.ch/sample/b25e2a9b4e658c038dacab83460dfaa656623cbec82b4e276cc7e3722f71089d/
- https://bazaar.abuse.ch/sample/b40a11dcea513d7f8119735975a133c896592a804f003074e735015e35f43468/
- https://bazaar.abuse.ch/sample/b61f624589d5ad3584e09f3174f8e3e1ac38958f260eee526b0abaf7389d7932/
- https://bazaar.abuse.ch/sample/b608e81d6c6a42e1c2f39b484697362ca1a1835b3a13ed878a350841aa9806ae/
- https://bazaar.abuse.ch/sample/b9355d4ca0b24bfcf7d9ce77e037c67e37005502b6e069d001962fafeda98e30/
- https://bazaar.abuse.ch/sample/b454160369a30dde38ca7df6193d2d459b29ff01f601aa86cb16dcb30f1e4e9d/
- https://bazaar.abuse.ch/sample/bd25be3dd306241eed548a129d213b34bd2c864d3c66dfa5ac57dc73023608ce/
- https://bazaar.abuse.ch/sample/c01cf4c72282024ad54859adf661e4a9484e63af4ef0e7f53132afeb8b9672e4/
- https://bazaar.abuse.ch/sample/c2feca835d3ef43bf5f97c6b32b59e63c39cc169fad1fb88174894b74708ff05/
- https://bazaar.abuse.ch/sample/c3f09c266461ecb0546e660caafbd91e4d05f58d8bc7291ee718e55b2767dcce/
- https://bazaar.abuse.ch/sample/c52da0b6dc88890a5897ab60295a1ab3c82417b461f9ddce2573cf9cd8336229/
- https://bazaar.abuse.ch/sample/c6772905c4d1c6509a898d76957a9561d97509f72f6c91bdfe0a183464e86a8d/
- https://bazaar.abuse.ch/sample/cae068c4c59a4082133d44bdc9db33444b759f8f465a24b37b84670243bd5104/
- https://bazaar.abuse.ch/sample/cd32a737fcba8198d43fed5a68348f983f7713f79574a710deb7759e5a1301eb/
- https://bazaar.abuse.ch/sample/ceec0ff35d3b1f525c0e4c6bc25e6758a59c8d3133e2f1c6089debc7985c27c8/
- https://bazaar.abuse.ch/sample/d3272e0e7a5ea32d4276901bcf10767f4293dd067d70393b305966e17f9e4ac9/
- https://bazaar.abuse.ch/sample/d66304251f3407d1840065b40662280acc909c3972fb93f99fa07a47c3221b77/
- https://bazaar.abuse.ch/sample/dc36f3eb6ee3a577f9feff86f8c6050b6d655d23c04bed124221fe67702e7165/
- https://bazaar.abuse.ch/sample/dd31f209d69ff7e0580253cd7c5978b1d619f696f915a98de72c84446da8393a/
- https://bazaar.abuse.ch/sample/ddb6ba574987bb5c09e49ccf8446d63b192b04297a902081a32e57cd86cf5000/
- https://bazaar.abuse.ch/sample/e3a711b39c8ea5767f4614db604149f00e15961e67290b72b5a4ffb568e5038c/
- https://bazaar.abuse.ch/sample/e25c4b955d14c772aac25d93ed66a343e7e64598da01d33fb683799dee69fad1/
- https://bazaar.abuse.ch/sample/e203ff7d35dd31b84a42961aaf43f7887980469247822c4acb0cfc53be5274ff/
- https://bazaar.abuse.ch/sample/e559d8d2e789cac8391fc3286b0c80efe0fc9a3bfaac15b124e7520ed0f0a02e/
- https://bazaar.abuse.ch/sample/e652e4656e036887ef4b145b2eb9bfd92e908889302e42a9ca74e66ed1ac64a7/
- https://bazaar.abuse.ch/sample/e8291c194029eedc2117c099b3089a252dfb940160530409df4b9ea85efc9033/
- https://bazaar.abuse.ch/sample/ead4628c8fa616f6d9c54cfd4351942693ca978fc273b34917c4055b1418f538/
- https://bazaar.abuse.ch/sample/eb038969c60d9ec7d12285601f108484afaf40d78c495d86d1c24292e99776d9/
- https://bazaar.abuse.ch/sample/edd5c9a776ab5864b62e9ee140d3474ee2fe4c46de591aa3a25bbd133a9f9fe8/
- https://bazaar.abuse.ch/sample/eebfb3d0367d2dad5db7477869bab47f183cbd7a58a48c0592c8e9aa5b38861f/
- https://bazaar.abuse.ch/sample/ef094c3df368b8cedb98e6047190f2bcefa309c136a8e6d5ef858ded6c82eaca/
- https://bazaar.abuse.ch/sample/f1d21cd76db645acbeab2c52be8411b3b29b892a905263d7fc3991dabeadea93/
- https://bazaar.abuse.ch/sample/f4d2673bd6c42c2d33f83ea67949b6a63fe423fd8225600ca9f163e0808b56c2/
- https://bazaar.abuse.ch/sample/f62e65a5b9edfeef3217d3e131f8eb63aac24cfdc325f50a4bcdcbb18236196a/
- https://bazaar.abuse.ch/sample/f418e50acd39dd9daf5a6f7ef7e18be397ee1850854333c6865d3ea0b6030111/
- https://bazaar.abuse.ch/sample/fa88b6a5ab9879364ce214e6356052acbabe535c47be3c066f9c3c952af83bbe/
- https://bazaar.abuse.ch/sample/fcd0abafdfecfaaed8d21ea0e8724600d0d76296bc2b31933cfc60041d710baf/
- https://bazaar.abuse.ch/sample/fdf50dbb288d2bd4a325783e72c1e5c598c87ed11725131f14f449dd6cc22cb1/
- https://bazaar.abuse.ch/sample/ffd6ae5e716b2cade6d3365fb9440a5a67f37d3c249d78bdea9e5ef3d39ce52c/
- https://blog.talosintelligence.com/2015/04/threat-spotlight-spam-served-with-side.html
- https://blog.talosintelligence.com/2019/06/threat-roundup-0614-0621.html
- https://blog.talosintelligence.com/2019/12/threat-roundup-1213-1220.html
- https://blog.talosintelligence.com/2020/05/threat-roundup-0424-0501.html
- https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html
- https://blog.talosintelligence.com/2020/07/threat-roundup-0710-0717.html
- https://blog.talosintelligence.com/2020/09/threat-roundup-0904-0911.html
- https://blog.talosintelligence.com/2020/09/threat-roundup-0918-0925.html
- https://blog.talosintelligence.com/2020/10/threat-roundup-1009-1016.html
- https://blog.talosintelligence.com/2020/10/threat-roundup-1016-1023.html
- https://blog.talosintelligence.com/2020/10/threat-roundup-1023-1030.html
- https://blog.talosintelligence.com/2020/11/threat-roundup-1106-1113.html
- https://blog.talosintelligence.com/2020/12/threat-roundup-1204-1211.html
- https://blog.talosintelligence.com/2020/12/threat-roundup-1211-1218.html
- https://blog.talosintelligence.com/2021/02/threat-roundup-0219-0226.html
- https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.html
- https://blog.talosintelligence.com/2021/03/threat-roundup-0319-0326.html
- https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.html
- https://blog.talosintelligence.com/2021/04/threat-roundup-0423-0430.html
- https://blog.talosintelligence.com/2021/05/threat-roundup-0514-0521.html
- https://blog.talosintelligence.com/2021/05/threat-roundup-0521-0528.html
- https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.html
- https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
- https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
- https://blog.talosintelligence.com/2021/06/threat-roundup-0617-0624.html
- https://blog.talosintelligence.com/2021/07/threat-roundup-0625-0702.html
- https://blog.talosintelligence.com/2021/07/threat-roundup-for-july-9-to-july-16.html
- https://blog.talosintelligence.com/2021/08/threat-roundup-0730-0806.html
- https://blog.talosintelligence.com/2021/09/threat-roundup-0827-0903.html
- https://blog.talosintelligence.com/2021/09/threat-roundup-0903-0910.html
- https://blog.talosintelligence.com/2021/10/threat-roundup-1001-1008.html
- https://blog.talosintelligence.com/threat-roundup-0630-0707-2/
- https://community.blueliv.com/#!/s/602da0fd82df413ea934be3b
- https://feodotracker.abuse.ch/downloads/ipblocklist.csv
- https://gist.githubusercontent.com/BBcan177/bf29d47ea04391cb3eb0/raw/
- https://github.com/blackberry/threat-research-and-intelligence/blob/main/TA575-Dridex.csv
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-10-13%20Dridex%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-10-27%20Dridex%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-22%20Dridex%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-24%20Dridex%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-12-06%20Dridex2%20IOCs
6297513d67/Dridex_banking_trojan.xlsx
- https://isc.sans.edu/forums/diary/Dridex+malspam+seen+on+Monday+20170410/22280/
- https://isc.sans.edu/forums/diary/Malspam+with+links+to+zip+archives+pushes+Dridex+malware/26116/
- https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+Word+docs+pushing+Dridex/25042/
- https://isc.sans.edu/forums/diary/Recent+Dridex+activity/26550/
- https://mobile.twitter.com/pmmkowalczyk/status/1370422937426219014
- https://pastebin.com/0XNMhLP2
- https://thedfirreport.com/2020/08/03/dridex-from-word-to-domain-dominance/
- https://threatfox.abuse.ch
- https://tria.ge/211025-t3qmhsgdd3
- https://tria.ge/211213-va7k1afabq
- https://twitter.com/1ZRR4H/status/1473405358462930944
- https://twitter.com/JAMESWT_MHT/status/1338738853256065025
- https://us-cert.cisa.gov/ncas/alerts/aa19-339a
- https://vxug.fakedoma.in/archive/APTs/2021/2021.01.04(2)/Dridex.pdf
Literature
The following articles explain our unique predictive cyber threat intelligence:
- VulDB Cyber Threat Intelligence Documentation
- Cyber Threat Intelligence - Early Anticipation of Attacks
License
(c) 1997-2023 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!