2020-05-12 - PCAP AND MALWARE FOR AN ISC DIARY (DRIDEX)

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

NOTES:

• The associated ISC diary is Malspam with links to zip archives pushes Dridex malware

 

ASSOCIATED FILES:

• 2020-05-12-Dridex-from-link-based-malspam-IOCs.txt.zip   3.7 kB (3,716 bytes)

• 2020-05-12-Dridex-from-link-based-malspam-IOCs.txt   (8,571 bytes)

• 2020-05-12-link-based-Dridex-malspam-14-examples.zip   37.8 kB (37,756 bytes)

• 2020-05-12-link-based-Dridex-malspam-example-01.eml   (14,018 bytes)
• 2020-05-12-link-based-Dridex-malspam-example-02.eml   (17,011 bytes)
• 2020-05-12-link-based-Dridex-malspam-example-03.eml   (22,002 bytes)
• 2020-05-12-link-based-Dridex-malspam-example-04.eml   (21,995 bytes)
• 2020-05-12-link-based-Dridex-malspam-example-05.eml   (17,000 bytes)
• 2020-05-12-link-based-Dridex-malspam-example-06.eml   (3,577 bytes)
• 2020-05-12-link-based-Dridex-malspam-example-07.eml   (9,099 bytes)
• 2020-05-12-link-based-Dridex-malspam-example-08.eml   (2,324 bytes)
• 2020-05-12-link-based-Dridex-malspam-example-09.eml   (21,925 bytes)
• 2020-05-12-link-based-Dridex-malspam-example-10.eml   (3,744 bytes)
• 2020-05-12-link-based-Dridex-malspam-example-11.eml   (1,859 bytes)
• 2020-05-12-link-based-Dridex-malspam-example-12.eml   (16,989 bytes)
• 2020-05-12-link-based-Dridex-malspam-example-13.eml   (18,311 bytes)
• 2020-05-12-link-based-Dridex-malspam-example-14.eml   (2,786 bytes)

• 2020-05-12-Dridex-infection-traffic-from-link-in-malspam.pcap.zip   3.5 MB (3,456,256 bytes)

• 2020-05-12-Dridex-infection-traffic-from-link-in-malspam.pcap   (3,829,964 bytes)

• 2020-05-12-malware-from-Dridex-infection.zip   3.5 MB (3,556,000 bytes)

• Report_224726231283.zip   (571,519 bytes)
• Report~224726231283.vbs   (1,260,284 bytes)
• qEWTLCuYyH.dll   (714,240 bytes)
• Persistence-through-registry/2020-05-12-Windows-registry-update-for-Dridex.txt   (668 bytes)
• Persistence-through-registry/DyGykefYBHT/bdeunlock.exe   (700,416 bytes)
• Persistence-through-registry/DyGykefYBHT/DUser.dll   (283,264 bytes)
• Persistence-through-scheduled-task/2020-05-12-scheduled-task-for-Dridex.txt   (3,610 bytes)
• Persistence-through-scheduled-task/Y3skYJ7F3B/bdeunlock.exe   (283,264 bytes)
• Persistence-through-scheduled-task/Y3skYJ7F3B/DUI70.dll   (978,944 bytes)
• Persistence-through-startup-menu-shortcut/2020-05-12-startup-menu-shortcut-for-Dridex.bin   (1,453 bytes)
• Persistence-through-startup-menu-shortcut/Niby8ztx/iexpress.exe   (166,400 bytes)
• Persistence-through-startup-menu-shortcut/Niby8ztx/VERSION.dll   (696,320 bytes)

 

Click here to return to the main page.