otx.alienvault.com
Open in
urlscan Pro
13.224.193.63
Public Scan
URL:
https://otx.alienvault.com/pulse/613f6300579c7f3eb8e8e907?source=email_notification
Submission: On September 13 via api from US — Scanned from DE
Submission: On September 13 via api from US — Scanned from DE
Form analysis
0 forms found in the DOMText Content
× On Friday, September 10th, 2021 at 5pm US/Central time, OTX will be undergoing an internal migration. It is not expected that there will be any downtime, but all such migrations come with some risk. If you see any unexpected behavior, please report it to otx-support@alienvault.com. Screenshots and error messages, if available, would be very useful to diagnose problems. * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (157518) Suggest Edit Clone Embed Download Report Spam NEW DRIDEX VARIANT BEING SPREAD BY CRAFTED EXCEL DOCUMENT * Created 1 hour ago by AlienVault * Public * TLP: White Dridex is a Trojan malware, also known as Bugat or Cridex, which is capable of stealing sensitive information from infected machines and delivering and executing malicious modules (dll). FortiGuard Labs recently captured new phishing email campaigns in the wild that included a specially crafted Excel document attachment. They did a deep research on one of them and discovered that once the malicious Excel document is opened on a victim’s machine, it downloads a new variant of Dridex. Reference: https://www.fortinet.com/blog/threat-research/new-dridex-variant-being-spread-by-crafted-excel-document Tags: Dridex, Malicious document, Phishing Malware Family: Dridex Att&ck IDs: T1566 - Phishing , T1106 - Native API , T1218 - Signed Binary Proxy Execution , T1053 - Scheduled Task/Job , T1102 - Web Service , T1049 - System Network Connections Discovery , T1083 - File and Directory Discovery , T1140 - Deobfuscate/Decode Files or Information , T1027 - Obfuscated Files or Information , T1055 - Process Injection , T1204.002 - Malicious File , T1137.001 - Office Template Macros Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (22) * Related Pulses (14) * Comments (0) * History (0) URL (10)FileHash-SHA256 (3)IPv4 (3)FileHash-SHA1 (3)FileHash-MD5 (3) TYPES OF INDICATORS United Kingdom (1)Germany (1)Thailand (1) THREAT INFRASTRUCTURE Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses IPv4165.22.28.242Sep 13, 2021, 2:41:05 PM43 IPv4103.75.201.2Sep 13, 2021, 2:41:05 PM47 FileHash-SHA256c8065bd2a1443ff988e9ba95022554f6ee302e9bcb4082c3d9b2b8d74c5a4be5Sep 13, 2021, 2:41:05 PM4 FileHash-SHA2566556e4029cf50c9538f4e02d0bcca5356f28e6870e62838e164020a31b3df096Win.Trojan.Zusy-9885000-0Sep 13, 2021, 2:41:05 PM3 FileHash-SHA25659c8d87a450f0647bea930eba1aa692b75d82def1358f1601c4fe9a561b4707eSep 13, 2021, 2:41:05 PM4 FileHash-SHA1f0d33f475438f65d5119deef2d9833bdb239f506Win.Trojan.Zusy-9885000-0Sep 13, 2021, 2:41:05 PM1 FileHash-SHA1bb455aea06905ff7465af9979662f14b186b1bddSep 13, 2021, 2:41:05 PM4 FileHash-SHA14934f823f4df5fafdd0472ec1cd9bb5297fd7fceSep 13, 2021, 2:41:05 PM4 FileHash-MD5d9a43a7141c8eeea14aceba2f67edfd3Sep 13, 2021, 2:41:05 PM4 FileHash-MD57ed094dda30751c3d59ac259b8d7d279Sep 13, 2021, 2:41:05 PM4 SHOWING 1 TO 10 OF 22 ENTRIES 1 2 3 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2021 AlienVault, Inc. * Legal * Status