April 22, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
September 9, 2021Rewterz Threat Advisory – Multiple Palo Alto Security Vulnerabilities
September 10, 2021Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
September 9, 2021Rewterz Threat Advisory – Multiple Palo Alto Security Vulnerabilities
September 10, 2021
Severity
High
Analysis Summary
Dridex is a sophisticated strain of banking malware that targets the Windows platform, delivering spam campaigns to infect computers and steal banking credentials and other personal information to facilitate fraudulent money transfers. Through its history and development, Dridex has used several exploits and methods for execution, including modification of directory files, using system recovery to escalate privileges, and modification of firewall rules to facilitate peer-to-peer communication for extraction of data. The malware’s main use is to steal banking credentials and it has been attributed to the TA505 threat group (aka Evil Corp) known to have been active since at least Q3 2014.
Impact
- Credential Theft
- Financial Loss
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 7ddc68d92fe65b2509f16c6a27876347
- afd2709695bb2cfe3fc43318e5b11f84
SHA-256
- c71747146567e8b50ff87f67f7e7c2209fffee3d078af55c4738907f63ead5b8
- 464f025383d27efe7d46e6745491a86de9a3c0cdd8e133df8f282b6f26091af7
SHA-1
- 2143de6c6975be38086ec71aad80a38b60e3b131
- 2d7b655be924da147e9dd9471832c82c2ecd2c84
Remediation
- Block all the threat indicators at your respective controls.
- Search for IOCs in your environment.
