2020-11-09 Dridex IOCs

1.  
2. THREAT ATTRIBUTION: DRIDEX
3.  
4. SUBJECTS OBSERVED
5. Invoice Processing
6. INVOICE_247508
7. Past Due Invoices
8. Please Find Invoice (Invoice 499451) Attached
9. Please Find Invoice (Invoice 760319) Attached
10. Your invoice # 227401 is attached.
11. Your invoice # 367680 is attached.
12.  
13. SENDERS OBSERVED
14. quickbooks@notification.intuit.com
15. system@sent-via.netsuite.com
16.  
17. DOCUMENT FILE NAMES
18. Inv_227401_226760.xls
19. Inv_367680_250688.xls
20. Invoice_247508_544343.xls
21. Invoice_469300_020304.xls
22. Invoice_795959_288604.xls
23. Sales_Invoice_499451_757983.xls
24. Sales_Invoice_760319_907617.xls
25. Sales_Invoice_843501_611641.xls
26.  
27. DOCUMENT FILE HASHES
28. d80bd52838a72d155143fef947b86917
29.  
30. DRIDEX PAYLOAD URLS
31. http://eosouthasia.showtimemobileapp.com/ace8vfl.gif
32. http://nobet.onvizyon.com/pxznnlv.txt
33.  
34. https://personasnegativas.combustiblecorrecto.com/x8mxj7.txt
35. http://aarvytechnologies.in/bvht1x.pdf
36.  
37. DRIDEX PAYLOAD FILE HASH
38. ace8vfl.gif
39. 2e94ba2da1286e2b93005d46ee5fb6d7
40.  
41. bvht1x.pdf
42. 9a821fc91c5053a2b52dbb0c16f89dc0
43.  
44. x8mxj7.txt
45. 2e94ba2da1286e2b93005d46ee5fb6d7
46.  
47. DRIDEX C2s
48. 157.245.130.146:3786
49. 209.59.199.129:4443
50. 37.187.161.206:33443
51. 94.126.8.2:443
52.  
53. SUPPORTING EVIDENCE
54. https://urlhaus.abuse.ch/url/800034/
55. https://urlhaus.abuse.ch/url/800179/
56.