-
Notifications
You must be signed in to change notification settings - Fork 84
/
2021-10-27 Dridex IOCs
49 lines (39 loc) · 1.21 KB
/
2021-10-27 Dridex IOCs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
THREAT ATTRIBUTION: DRIDEX
SENDER EMAILS
SUBJECTS
Purchase Order Receipt
Sales Receipt
MALDOC FILE HASHES
Payment_Receipt 7940.xls
34089caab8c83ebc79236ad931dc6816
Purchase_Order 8631.xls
34089caab8c83ebc79236ad931dc6816
PAYLOAD DOWNLOAD URLS
http://api.basicbiotech.com/po7cv1bb.tar
PAYLOAD FILE HASHES
Found in AppData\Local\Temp
cueogd
2c9bae00aa5f17d0b9cfd75fcf7e05b7
DRIDEX C2
https://143.244.140.214/
https://143.244.140.214:808/
https://185.56.219.47:8116/
https://192.46.210.220/
https://45.77.0.96:6891/
https://45.77.0.96:6891/
EMAIL BODY
Your sales receipt is attached. Your credit card on file has been charged.
Thank you for your business - we appreciate it very much.Sincerely,
-------------------------
Sales Receipt Summary
---------------------------
Sale # : 7940Sale
Date: 10/27/2021
Total: $3,903.00
The complete version has been provided as an attachment to this email.
----------------------------------------------------------------------
SUPORTING EVIDENCE
https://urlhaus.abuse.ch/url/1719804/
https://www.virustotal.com/gui/file/5488c2e82d284b0588b58fe0286345ed2890f6b0926f85b71dd9daa0841cdc18/community