2021-03-10 Dridex IOCs

1. THREAT IDENTIFICATION: DRIDEX
2.  
3. SUBJECTS OBSERVED
4. New Invoice(s) for C379071418 are Available to be Viewed
5.  
6. SENDERS OBSERVED
7. customer_service@freightquote.com
8.  
9. DOCUMENT FILE HASHES
10. 1 Total New Invoices_Wendesday March 10_2021.xlsm
11. 03fd6b515355bb513131951edf43ad5e
12.  
13. DRIDEX PAYLOAD URLS
14. https://maxassur.com/g7kqmf1.rar
15.  
16. DRIDEX PAYLOAD FILE HASH
17. g7kqmf1.rar
18. 58d1d1119844c16122189ede908b825c
19.  
20. which is renamed to:
21. pminajlr.dll
22. 58d1d1119844c16122189ede908b825c
23.  
24. DRIDEX C2s
25. https://178.33.183.53:7443
26. https://210.65.244.166:443
27.  
28. SUPPORTING EVIDENCE
29. https://urlhaus.abuse.ch/url/1059144/
30. https://urlhaus.abuse.ch/browse.php?search=58d1d1119844c16122189ede908b825c