Summary: 2025/04/30 20:57
First reported date: 2015/01/09
Inquiry period : 2025/03/31 20:57 ~ 2025/04/30 20:57 (1 months), 1 search results
전 기간대비 -200% 낮은 트렌드를 보이고 있습니다.
악성코드 유형 Black Basta FriedEx Hades BlackCat 도 새롭게 확인됩니다.
기관 및 기업 Google Trend Micro CrowdStrike 도 새롭게 확인됩니다.
기타 Advertising Browser Java malpedia Mand 신규 키워드도 확인됩니다.
OxCERT blog describes Dridex as "an evasive, information-stealing malware variant; its goal is to acquire as many credentials as possible and return them via an encrypted tunnel to a Command-and-Control (C&C) server. These C&C servers are numerous and scattered all over the Internet, if the malware cannot reach one server it will try another. For this reason, network-based measures such as blocking the C&C IPs is effective only in the short-term."
According to MalwareBytes, "Dridex uses an older tactic of infection by attaching a Word document that utilizes macros to install malware. However, once new versions of Microsoft Office came out and users generally updated, such a threat subsided because it was no longer simple to infect a user with this method."
IBM X-Force discovered "a new version of the Dridex banking Trojan that takes advantage of a code injection technique called AtomBombing to infect systems. AtomBombing is a technique for injecting malicious code into the 'atom tables' that almost all versions of Windows uses to store certain application data. It is a variation of typical code injection attacks that take advantage of input validation errors to insert and to execute malicious code in a legitimate process or application. Dridex v4 is the first malware that uses the AtomBombing process to try and infect systems." Ref.
* 최근 뉴스기사 Top3:
ㆍ 2025/04/03 Tracking Adversaries: EvilCorp, the RansomHub affiliate
참고로 동일한 그룹의 악성코드 타입은 FormBook QakBot RedLine 등 101개 종이 확인됩니다.
Trend graph by period
Related keyword cloud
Top 100| # | Trend | Count | Comparison |
|---|---|---|---|
| 1 | Dridex | 1 | ▼ -2 (-200%) |
| 2 | Black Basta | 1 | ▲ new |
| 3 | 1 | ▲ new | |
| 4 | Advertising | 1 | ▲ new |
| 5 | Browser | 1 | ▲ new |
| 6 | Java | 1 | ▲ new |
| 7 | Update | 1 | - 0 (0%) |
| 8 | FriedEx | 1 | ▲ new |
| 9 | Hades | 1 | ▲ new |
| 10 | Criminal | 1 | - 0 (0%) |
| 11 | Trend Micro | 1 | ▲ new |
| 12 | BlackCat | 1 | ▲ new |
| 13 | CrowdStrike | 1 | ▲ new |
| 14 | Ransomware | 1 | - 0 (0%) |
| 15 | Microsoft | 1 | ▼ -2 (-200%) |
| 16 | Evil Corp | 1 | ▼ -1 (-100%) |
| 17 | Distribution | 1 | - 0 (0%) |
| 18 | Victim | 1 | ▼ -1 (-100%) |
| 19 | United States | 1 | - 0 (0%) |
| 20 | Campaign | 1 | ▼ -1 (-100%) |
| 21 | Russia | 1 | ▼ -1 (-100%) |
| 22 | Report | 1 | - 0 (0%) |
| 23 | Kaspersky | 1 | ▼ -1 (-100%) |
| 24 | Malware | 1 | ▼ -2 (-200%) |
| 25 | LockBit | 1 | - 0 (0%) |
| 26 | Clop | 1 | ▼ -1 (-100%) |
| 27 | malpedia | 1 | ▲ new |
| 28 | Mand | 1 | ▲ new |
Special keyword group
Top 5
Malware Type
This is the type of malware that is becoming an issue.
| Keyword | Average | Label |
|---|---|---|
| Dridex |
|
1 (11.1%) |
| Black Basta |
|
1 (11.1%) |
| FriedEx |
|
1 (11.1%) |
| Hades |
|
1 (11.1%) |
| BlackCat |
|
1 (11.1%) |
Attacker & Actors
The status of the attacker or attack group being issued.
| Keyword | Average | Label |
|---|
Technique
This is an attack technique that is becoming an issue.
| Keyword | Average | Label |
|---|---|---|
| Campaign |
|
1 (100%) |
Country & Company
This is a country or company that is an issue.
| Keyword | Average | Label |
|---|---|---|
|
|
1 (14.3%) | |
| Trend Micro |
|
1 (14.3%) |
| CrowdStrike |
|
1 (14.3%) |
| Microsoft |
|
1 (14.3%) |
| United States |
|
1 (14.3%) |
Malware Family
Top 5
A malware family is a group of applications with similar attack techniques.
In this trend, it is classified into Ransomware, Stealer, RAT or Backdoor, Loader, Botnet, Cryptocurrency Miner.
Threat info
Last 5SNS
(Total : 0)No data.
News
(Total : 1)Dridex Black Basta Google Advertising Browser Java Update FriedEx Hades Criminal Trend Micro BlackCat CrowdStrike Ransomware Microsoft Evil Corp Distribution Attacker Victim United States Campaign Russia Report Kaspersky Malware LockBit Clop malpedia
| No | Title | Date |
|---|---|---|
| 1 | Tracking Adversaries: EvilCorp, the RansomHub affiliate - Malware.News | 2025.04.03 |
Additional information
| No | Title | Date |
|---|---|---|
| 1 | Release Notes: SDK Integration, Notifications, 1000+ Detection Rules, and APT Reports - Malware.News | 2025.04.30 |
| 2 | DoorDash’s Bid for Deliveroo Marks End of Europe’s Food Delivery Boom - Bloomberg Technology | 2025.04.30 |
| 3 | Advisory: Pahalgam Attack themed decoys used by APT36 to target the Indian Government - Malware.News | 2025.04.30 |
| 4 | Anthropic Report Reveals Growing Risks from Misuse of Generative AI Misuse - Malware.News | 2025.04.30 |
| 5 | Meta Earnings Have High Bar to Clear After Shares Outperform - Bloomberg Technology | 2025.04.30 |
| View only the last 5 | ||
| No | Title | Date |
|---|---|---|
| 1 | Tracking Adversaries: EvilCorp, the RansomHub affiliate - Malware.News | 2025.04.03 |
| 2 | Tracking Adversaries: EvilCorp, the RansomHub affiliate - Malware.News | 2025.04.03 |
| 3 | Tracking Adversaries: EvilCorp, the RansomHub affiliate - Malware.News | 2025.04.03 |
| 4 | Tracking Adversaries: EvilCorp, the RansomHub affiliate - Malware.News | 2025.04.03 |
| 5 | Tracking Adversaries: EvilCorp, the RansomHub affiliate - Malware.News | 2025.04.03 |
| View only the last 5 | ||
| No | Request | Hash(md5) | Report No | Date |
|---|---|---|---|---|
| 1 |  182_1642770496_605.exeDridex Generic Malware Malicious Library UPX PE File PE32 | a5e1bd071692b98eb33ce95509259e18 | 22746 | 2022.01.24 |
| 2 |  4503_1642437829_3235.exeDridex Generic Malware Malicious Library UPX PE File PE32 | bdf3b101d4c3bb29b543b42d854f1e9c | 22416 | 2022.01.18 |
| 3 |  11.dllDridex Generic Malware Malicious Library PE32 DLL PE File | ebdfd39f4b9ab189cd32b271db4bb3ac | 14014 | 2021.07.27 |
| 4 |  13.dllDridex Generic Malware Malicious Library PE32 DLL PE File | 63922c2487337188b76e721d86ba1a4f | 14015 | 2021.07.27 |
| 5 |  Invoice_3326809.xlsmDridex VBA_macro Generic Malware Malicious Library PE32 DLL PE File | 86c63e5a375f54c79cfa007828400a5d | 14020 | 2021.07.27 |
| View only the last 5 | ||||
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
| No | Category | URL | CC | ASN Co | Date |
|---|---|---|---|---|---|
| 1 | c2 | http://81.0.236.93:13786/ | CZ  | Casablanca | 2021.07.22 |
| 2 | c2 | http://104.245.52.73:5007/ | US  | METRO-WIRELESS | 2021.07.22 |
| 3 | c2 | http://178.238.236.59:443/ | DE  | Contabo | 2021.07.22 |
| 4 | c2 | https://77.220.64.146/ | IT  | Internet | 2021.04.02 |
| 5 | c2 | https://213.208.134.178:6516/ | AT  | Next | 2021.04.02 |
| View only the last 5 | |||||
| No | URL | CC | ASN Co | Reporter | Date |
|---|---|---|---|---|---|
| 1 | http://stayinoceancitymd.com/ow571qp9x.zip Dridex zip | US | ... | AndreGironda | 2022.04.06 |
| 2 | https://caioaraujo.vip/8VEL/ZsXjQBKLdickpenis.bin Dridex | US | CLOUDFLARENET | Cryptolaemus1 | 2021.12.27 |
| 3 | https://caioaraujo.vip/2FZBG6/ZvdFNlHdickpenis.bin 22201 Dridex | US | CLOUDFLARENET | anonymous | 2021.12.22 |
| 4 | https://caioaraujo.vip/CQ91E/CdNiUWXvKRUbUidickpenis.bin 22201 Dridex | US | CLOUDFLARENET | anonymous | 2021.12.22 |
| 5 | https://caioaraujo.vip/D382T/ReMxcvxKeOzodickpenis.bin Dridex | US | CLOUDFLARENET | Ankit | 2021.12.22 |
| View only the last 5 | |||||