otx.alienvault.com Open in urlscan Pro
13.224.193.63  Public Scan

URL: https://otx.alienvault.com/pulse/613f6300579c7f3eb8e8e907?source=email_notification
Submission: On September 13 via api from US — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

×

On Friday, September 10th, 2021 at 5pm US/Central time, OTX will be undergoing
an internal migration. It is not expected that there will be any downtime, but
all such migrations come with some risk. If you see any unexpected behavior,
please report it to otx-support@alienvault.com. Screenshots and error messages,
if available, would be very useful to diagnose problems.

   
 * Browse
 * Scan Endpoints
 * Create Pulse
 * Submit Sample
 * API Integration
   
   
 * Login | Sign Up
   

All
   
 * Login | Sign Up
   
 * 
   


Share
Actions
Subscribers (157518)
Suggest Edit
Clone
Embed
Download
Report Spam



NEW DRIDEX VARIANT BEING SPREAD BY CRAFTED EXCEL DOCUMENT

   
 * Created 1 hour ago by AlienVault
 * Public
 * TLP: White

Dridex is a Trojan malware, also known as Bugat or Cridex, which is capable of
stealing sensitive information from infected machines and delivering and
executing malicious modules (dll). FortiGuard Labs recently captured new
phishing email campaigns in the wild that included a specially crafted Excel
document attachment. They did a deep research on one of them and discovered that
once the malicious Excel document is opened on a victim’s machine, it downloads
a new variant of Dridex.

Reference:
https://www.fortinet.com/blog/threat-research/new-dridex-variant-being-spread-by-crafted-excel-document
Tags:
Dridex, Malicious document, Phishing
Malware Family:
Dridex
Att&ck IDs:
T1566 - Phishing , T1106 - Native API , T1218 - Signed Binary Proxy Execution ,
T1053 - Scheduled Task/Job , T1102 - Web Service , T1049 - System Network
Connections Discovery , T1083 - File and Directory Discovery , T1140 -
Deobfuscate/Decode Files or Information , T1027 - Obfuscated Files or
Information , T1055 - Process Injection , T1204.002 - Malicious File , T1137.001
- Office Template Macros

Endpoint Security
Scan your endpoints for IOCs from this Pulse!
Learn more
 * Indicators of Compromise (22)
 * Related Pulses (14)
 * Comments (0)
 * History (0)

URL (10)FileHash-SHA256 (3)IPv4 (3)FileHash-SHA1 (3)FileHash-MD5 (3)

TYPES OF INDICATORS

United Kingdom (1)Germany (1)Thailand (1)

THREAT INFRASTRUCTURE

Show
10 25 50 100
entries
Search:

type

indicator

Role

title

Added

Active

related Pulses

IPv4165.22.28.242Sep 13, 2021, 2:41:05 PM43

IPv4103.75.201.2Sep 13, 2021, 2:41:05 PM47

FileHash-SHA256c8065bd2a1443ff988e9ba95022554f6ee302e9bcb4082c3d9b2b8d74c5a4be5Sep
13, 2021, 2:41:05 PM4

FileHash-SHA2566556e4029cf50c9538f4e02d0bcca5356f28e6870e62838e164020a31b3df096Win.Trojan.Zusy-9885000-0Sep
13, 2021, 2:41:05 PM3

FileHash-SHA25659c8d87a450f0647bea930eba1aa692b75d82def1358f1601c4fe9a561b4707eSep
13, 2021, 2:41:05 PM4

FileHash-SHA1f0d33f475438f65d5119deef2d9833bdb239f506Win.Trojan.Zusy-9885000-0Sep
13, 2021, 2:41:05 PM1

FileHash-SHA1bb455aea06905ff7465af9979662f14b186b1bddSep 13, 2021, 2:41:05 PM4

FileHash-SHA14934f823f4df5fafdd0472ec1cd9bb5297fd7fceSep 13, 2021, 2:41:05 PM4

FileHash-MD5d9a43a7141c8eeea14aceba2f67edfd3Sep 13, 2021, 2:41:05 PM4

FileHash-MD57ed094dda30751c3d59ac259b8d7d279Sep 13, 2021, 2:41:05 PM4


SHOWING 1 TO 10 OF 22 ENTRIES
1
2
3
Next


COMMENTS

You must be logged in to leave a comment.

Refresh Comments

 * © Copyright 2021 AlienVault, Inc.
   
 * Legal
   
 * Status