Malicious Office Files Dropping Kasidet And Dridex | Zscaler
Tags
attack-pattern: Data Hardware - T1592.001 Hooking - T1617 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Software - T1592.002 Hooking - T1179 Screen Capture - T1113 Hooking Screen Capture
Show in Graph
Common Information
Type Value
UUID 11400e21-d590-4708-aaa0-f50954ccc31a
Fingerprint ac0fb90329310695
Analysis status DONE
Considered CTI value 0
Text language
Published Jan. 29, 2016, midnight
Added to db Sept. 26, 2022, 9:31 a.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline Malicious Office Files Dropping Kasidet And Dridex
Title Malicious Office Files Dropping Kasidet And Dridex | Zscaler
Detected Hints/Tags/Attributes 52/1/12
Source URLs
Redirection Url
Details Source https://www.zscaler.com/blogs/research/malicious-office-files-dropping-kasidet-and-dridex
URL Provider
Details Provider Source level domain
Details zscaler.com www.zscaler.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
armandosofsalem.com
Details Domain 1 
trinity.ad-ventures.es
Details File 748 
kernel32.dll
Details File 119 
smss.exe
Details File 165 
csrss.exe
Details File 212 
winlogon.exe
Details File 478 
lsass.exe
Details File 131 
spoolsv.exe
Details File 13 
devenv.exe
Details File 1 
setting.bin
Details File 2126 
cmd.exe
Details IPv4 1 
188.226.152.172