ioc[.]one - OSINT Cyber Threat Intelligence Database

LE CODE MALVEILLANT DRIDEX : ORIGINES ET USAGES

Show in Graph

Common Information

Type	Value
UUID	3489b9b1-0d2a-404b-a465-e9f663b7ad13
Fingerprint	59c36c493c9a7b5486a46ce9e3f64057f7cc7bd6d24cc8537bc81e42a97cc02b
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 19, 2020, 9:44 a.m.
Added to db	April 14, 2024, 2:23 a.m.
Last updated	Aug. 31, 2024, 5:27 a.m.
Headline	LE CODE MALVEILLANT DRIDEX : ORIGINES ET USAGES
Title	LE CODE MALVEILLANT DRIDEX : ORIGINES ET USAGES
Detected Hints/Tags/Attributes	173/4/210

Source URLs

	Redirection	Url
Details	Source	https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-005.pdf

URL Provider

Details	Provider	Source level domain
Details	ssi.gouv.fr	www.cert.ssi.gouv.fr

Attributes

Details	Type	#Events	Value
Details	CVE	269	cve-2017-0199
Details	Domain	2	www.doppleshare.top
Details	Domain	1	belpay.by
Details	Domain	1	imaba.nl
Details	Domain	1	itifsl.co.in
Details	Domain	1	elevenca.com
Details	Domain	1	blackburnpowerltd.co.uk
Details	Domain	1	pdrassocs.com
Details	Domain	1	sevpazarlama.com
Details	Domain	1	abc-telecom.az
Details	Domain	1	bestvaluestore.org
Details	Domain	1	buero.at
Details	Domain	1	correo.dalvear.com.ar
Details	Domain	1	melvale.co.uk
Details	Domain	1	sidestecaminhoes.com.br
Details	Domain	1	teletu.it
Details	Domain	1	golfprogroup.com
Details	Domain	1	antonioscognamiglio.it
Details	Domain	1	owenti.com
Details	Domain	1	tamboe.net
Details	Domain	1	saitepy.com
Details	Domain	1	klerber.com
Details	Domain	1	fdistus.com
Details	Domain	1	uprevoy.com
Details	Domain	1	typrer.com
Details	Domain	1	urefere.org
Details	Domain	1	inesmoreira.pt
Details	Domain	1	masteronare.com
Details	Domain	1	bienvenidosnewyork.com
Details	Domain	3	co.in
Details	Domain	1	everestedu.org
Details	Domain	1	thinkunicorn.com
Details	Domain	1	unfocusedprints.co.kr
Details	Domain	246	mail.ru
Details	Domain	4	assiste.com
Details	Domain	88	securityintelligence.com
Details	Domain	8	devcentral.f5.com
Details	Domain	8	www.bromium.com
Details	Domain	19	www.acunetix.com
Details	Domain	403	securelist.com
Details	Domain	370	www.proofpoint.com
Details	Domain	14	www.bitsight.com
Details	Domain	184	www.fireeye.com
Details	Domain	604	www.trendmicro.com
Details	Domain	17	www.botconf.eu
Details	Domain	1373	twitter.com
Details	Domain	2	www.zdnet.fr
Details	Domain	2	xaker.ru
Details	Domain	11	xakep.ru
Details	Domain	3	www.institut-pandore.com
Details	Domain	5	zeusmuseum.com
Details	Domain	2	safe.cnews.ru
Details	Domain	49	home.treasury.gov
Details	Domain	6	www.nationalcrimeagency.gov.uk
Details	Domain	3	www.blueliv.com
Details	Domain	81	blog.malwarebytes.com
Details	Domain	54	welivesecurity.com
Details	Domain	177	blog.trendmicro.com
Details	Domain	368	microsoft.com
Details	Domain	172	www.crowdstrike.com
Details	Domain	251	www.bleepingcomputer.com
Details	Domain	202	proofpoint.com
Details	Domain	13	secureworks.com
Details	Domain	96	malpedia.caad.fkie.fraunhofer.de
Details	Domain	175	www.zdnet.com
Details	Domain	20	www.computerworld.com
Details	Domain	19	blog.malwaremustdie.org
Details	Domain	3	threats.kaspersky.com
Details	Domain	35	fireeye.com
Details	Domain	42	socprime.com
Details	Domain	1	enterprise.comodo.com
Details	Domain	145	www.us-cert.gov
Details	Domain	1	www.lemondeinformatique.fr
Details	Domain	2	archive.vn
Details	Domain	65	www.cert.ssi.gouv.fr
Details	Domain	14	ssi.gouv.fr
Details	Email	1	admin@belpay.by
Details	Email	1	faber@imaba.nl
Details	Email	1	s.palani@itifsl.co.in
Details	Email	1	yportocarrero@elevenca.com
Details	Email	1	tom@blackburnpowerltd.co.uk
Details	Email	1	pranab@pdrassocs.com
Details	Email	1	admin@sevpazarlama.com
Details	Email	1	farid@abc-telecom.az
Details	Email	1	bounce@bestvaluestore.org
Details	Email	1	fabianurquiza@correo.dalvear.com.ar
Details	Email	1	info@melvale.co.uk
Details	Email	1	faturamento@sidestecaminhoes.com.br
Details	Email	1	cariola72@teletu.it
Details	Email	1	info@golfprogroup.com
Details	Email	1	info@antonioscognamiglio.it
Details	Email	1	dridex@mail.ru
Details	Email	10	cert-fr.cossi@ssi.gouv.fr
Details	File	1	fprl.exe
Details	File	1	frap.exe
Details	File	1	fprl.bin
Details	File	1	glps.exe
Details	File	1	opxe.exe
Details	File	1	qrpt.exe
Details	File	1	123.bin
Details	File	9	function.php
Details	File	12	app.php
Details	File	5	lndex.php
Details	File	1	0ev7bg.bin
Details	File	3	botnet_dridex.html
Details	File	1	evolution_of_dridex.html
Details	File	1	10-ans-de-malwares-les-pires-botnets-des-annees-2010-39895641.htm
Details	File	2	head-fake-tackling-disruptive-ransomware-attacks.html
Details	File	1	amp.html
Details	File	1	v2000.html
Details	File	1	access-tool.html
Details	File	1	malware-zeus-53727.html
Details	File	141	www.cer
Details	md5	2	7239da273d3a3bfd8d169119670bb745
Details	md5	2	72fe19810a9089cd1ec3ac5ddda22d3f
Details	md5	1	07b0ce2dd0370392eedb0fc161c99dc7
Details	md5	1	c8bb08283e55aed151417a9ad1bc7ad9
Details	md5	2	6e05e84c7a993880409d7a0324c10e74
Details	md5	2	63d4834f453ffd63336f0851a9d4c632
Details	md5	2	0ef5c94779cd7861b5e872cd5e922311
Details	md5	1	9aa3089af134627ef48b178db606268a
Details	md5	1	e614a69d706913376ab2bb20a703dcf5
Details	sha256	2	1d778359ab155cb190b9f2a7086c3bcb4082aa195ff8f754dae2d665fd20aa05
Details	sha256	1	abf99a028dae6812f6f0ca633d7424ce9272dfcfbebf6b518c1e6c97f872f3e7
Details	sha256	1	6712500bb0de148a99ec940160d3d61850e2ce3803adca8f39e9fa8621b8ea6f
Details	sha256	1	86bcfce2dd342e9a1c04cfc65731d40ed1c397a4ec47bd9f5b41771297d81100
Details	sha256	1	005e77a55b8f1bf4049d6231c2349a01d019b46f47b6930103458a2aadd1bfa6
Details	sha256	1	a1388cb3e6ae68a6130ae12f9db4881238c97718875a3362b6bc5788e61c6663
Details	sha256	1	ca087f46f97cd465f46e4ccb04181e6eae7b2c751ae7fd9e262191b979728ccc
Details	sha256	1	4ad0998882a3fbd3412f0c740faebb8ef78bec4c3e566650424c40a878e6a23a
Details	IPv4	2	2.13.24.1
Details	IPv4	1	62.149.158.252
Details	IPv4	1	177.34.32.109
Details	IPv4	1	2.138.111.86
Details	IPv4	1	122.172.96.18
Details	IPv4	1	69.93.243.5
Details	IPv4	1	200.43.183.102
Details	IPv4	1	79.124.76.30
Details	IPv4	1	188.125.166.114
Details	IPv4	1	37.59.52.64
Details	IPv4	1	50.28.35.36
Details	IPv4	1	154.70.39.158
Details	IPv4	1	108.29.37.11
Details	IPv4	1	65.112.218.2
Details	IPv4	1	47.254.236.15
Details	IPv4	1	194.99.22.193
Details	IPv4	1	178.63.67.20
Details	IPv4	1	5.127.14.171
Details	IPv4	1	34.213.221.29
Details	IPv4	1	209.40.205.12
Details	IPv4	2	79.143.178.194
Details	IPv4	1	188.165.247.187
Details	IPv4	1	185.234.52.170
Details	IPv4	1	199.101.86.6
Details	IPv4	1	176.10.250.88
Details	IPv4	31	2.0.0.0
Details	Url	1	http://owenti.com/fprl.exe
Details	Url	1	http://tamboe.net/frap.exe
Details	Url	1	http://owenti.com/fprl.bin
Details	Url	1	http://saitepy.com/glps.exe
Details	Url	1	http://klerber.com/glps.exe
Details	Url	1	http://fdistus.com/glps.exe
Details	Url	1	http://uprevoy.com/opxe.exe
Details	Url	1	http://typrer.com/qrpt.exe
Details	Url	1	http://urefere.org/opxe.exe
Details	Url	1	http://inesmoreira.pt/img/galeria/beloura/123.bin
Details	Url	1	https://masteronare.com/function.php?3b3988df
Details	Url	1	http://bienvenidosnewyork.com/app.php
Details	Url	1	http://photoﬂip.co.in/lndex.php
Details	Url	1	http://everestedu.org/lndex.php
Details	Url	1	https://thinkunicorn.com/wp-admin/css/colors/ﬁsh/hraxjhwvjbytvdlwdaau/0ev7bg.bin
Details	Url	1	https://unfocusedprints.co.kr/hraxjhwvjbytvdlwdaau/0ev7bg.bin
Details	Url	3	https://assiste.com/botnet_dridex.html
Details	Url	2	https://securityintelligence.com/new-variant-of-bugat-malware-borrows-lucrative-
Details	Url	1	https://devcentral.f5.com/s
Details	Url	1	https://securelist.com/dridex-a-history-
Details	Url	2	https://www.proofpoint.com/us/threat-insight/post/dridex-campaigns-millions-
Details	Url	1	https://www.bitsight.com/blog/dridex-botnets.
Details	Url	1	https://www.fireeye.com/blog/threat-research/2015
Details	Url	6	https://www.trendmicro.com/vinfo
Details	Url	1	https://www.botconf.eu/2016/dridex-gone-
Details	Url	1	https://twitter.com/kafeine/status/1202684242905448448.
Details	Url	1	https://www.zdnet.fr
Details	Url	1	https://www.secureworks
Details	Url	1	https://xakep.ru/2020/01/31/evil-corp-vs-brian-krebs/.
Details	Url	1	https://zeusmuseum.com/.
Details	Url	1	https://safe.cnews.ru/news/top
Details	Url	1	https://home.treasury.gov/news/press-releases/sm845.
Details	Url	1	https://www.nationalcrimeagency.gov.uk/news/international-law-
Details	Url	1	https://www.blueliv.com/cyber-
Details	Url	6	https://blog.malwarebytes.com/threat-
Details	Url	2	https://blog.trendmicro.com/trendlabs-security-intelligence/ursnif-emotet-dridex-
Details	Url	4	https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/.
Details	Url	5	https://www.fireeye
Details	Url	1	https://www.bleepingcomputer.com/news/security/three-more-ransomware-families-create-
Details	Url	4	https://www.proofpoint
Details	Url	1	https://malpedia.caad.fkie.fraunhofer.de/actor
Details	Url	1	https://www.zdnet.com/article/meet-the-white-hat-group-fighting-emotet-the-worlds-most-
Details	Url	3	https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta542-banker-
Details	Url	1	https://blog.malwaremustdie.org/2015/07/mmd-0036-2015-kins-or-zeusvm-
Details	Url	1	https://threats.kaspersky.com/fr/threat
Details	Url	17	https://socprime.com
Details	Url	1	https://enterprise.comodo.com/blog/what-is-
Details	Url	7	https://www.us-cert.gov
Details	Url	1	http://archive.vn/sohyv.
Details	Url	1	http://archive.vn/zw5md.
Details	Url	1	https://twitter.com/dridexbot/status/676353569180774400.
Details	Url	1	https://twitter.com/dridexbot/status/677561943171952641.
Details	Url	1	https://twitter.com/dridexbot/status/676355038441299968.
Details	Url	1	https://twitter.com/dridexbot/status/677205919630024704.