• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Gh0st RAT Malware – Active IOCs
November 26, 2021
Rewterz Threat Alert – Dark Crystal RAT – Active IOCs
November 26, 2021

Rewterz Threat Alert – Active Dridex Banking Trojan Spam Campaign Targeting Users Amid Black Friday Sales

November 26, 2021

Severity

Medium

Analysis Summary

Happy Black Friday! Dridex banking Trojan is up and alive and targeting users with spam campaign targeting users with different email subjects. This particular campaign is recently seen in North American region and can shift it’s tilt towards different regions as well as the holiday season approaches. Dridex is a sophisticated strain of banking malware that targets the Windows platform, delivering spam campaigns to infect computers and steal banking credentials and other personal information to facilitate fraudulent money transfers. Through its history and development, Dridex has used several exploits and methods for execution, including modification of directory files, using system recovery to escalate privileges, and modification of firewall rules to facilitate peer-to-peer communication for extraction of data. The malware’s main use is to steal banking credentials and it has been attributed to the TA505 threat group (aka Evil Corp) known to have been active since at least Q3 2014.

Impact

  • Credential Theft
  • Information Theft
  • Financial Loss

Indicators of Compromise

Filename

  • Black Friday Netflix coupon is 52803571
  • Black Friday Amazon coupon #54767497
  • Black Friday Netflix coupon is 5157687
  • Black Friday? White Supr! Your freedom vote has a number 89388 Black Friday hunting license #5983005 Black Friday Amazon coupon #24722550 Black Friday Amazon coupon #352866 Black Friday hunting license #9590869 Black Friday hunting license #373708764 Black Friday Netflix coupon is 744247333 Black Friday? White Supr! Your freedom vote has a number 96394
  • Black Friday Amazon coupon #72435083
  • Black Friday Amazon coupon #3322985
  • Black Friday Netflix coupon is 6012313
  • Black Friday hunting license #83760140
  • Black Friday hunting license #89087815
  • Black Friday? White Supr*! Your freedom vote has a number 33930 Black Friday? White Supr! Your freedom vote has a number 155921
  • Black Friday Netflix coupon is 689585
  • Black Friday Netflix coupon is 28841354
  • Black Friday hunting license #0664497
  • Black Friday Netflix coupon is 53883
  • Black Friday? White Supr! Your freedom vote has a number 931167915 Black Friday? White Supr! Your freedom vote has a number 3477943
  • Black Friday hunting license #300802497
  • Black Friday Amazon coupon #7791492

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on links/attachments sent by unknown senders.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.