2017-06-05 - DRIDEX INFECTION

NOTICE:

ASSOCIATED FILES:

OTHER REPORTS ON TODAY'S DRIDEX ACTIVITY WITH MORE INDICATORS AT:

 

EMAILS


Shown above:  Spreadsheet on the 8 emails I collected.

 

MALWARE


Shown above:  As usual, the PDF attachment contains an embedded Word document with malicious macros.

 


Shown above:  Another shot of the PDF attachment from the second wave.

 


Shown above:  No picture or instructions this time.  Just a blank Word document with macros.

 

SHA256 HASHES FOR THE PDF ATTACHMENTS:

SHA256 HASHES FOR THE EMBEDDED WORD DOCUMENTS:

FILES RETRIEVED FROM INFECTED HOST:

 

TRAFFIC

URLS FROM THE WORD MACROS TO DOWNLOAD DRIDEX:

 

DRIDEX POST-INFECTION TRAFFIC:

 

Click here to return to the main page.