Dridex Malware Note

Dridex Malware

The report, a collaboration between the Treasury and FinCEN, focuses on the Dridex malware and its variants, targeting the financial sector. It provides an overview, relevant activity details, and previously unreported indicators of compromise (IOCs) derived from financial institutions. Dridex uses phishing emails with urgent-sounding language and attachments to infect systems. These attachments often contain malicious macros that download Dridex, which can steal login information. The malware has capabilities to steal sensitive information and facilitate fraudulent transactions. Dridex is related to other malware families, like Cridex, Bugat, BitPaymer, and Locky, sharing some code and distribution methods. The report highlights the use of massive spam campaigns in Dridex’s distribution. Lastly, organizations are urged to report suspicious activity and incorporate the provided IOCs into their security systems. The report also lists several email addresses and IP addresses associated with Dridex activity. Proper mitigation strategies are encouraged for improved security.