DRIDEX IOCs

1. DRIDEX IOCs:
2.  
3. FTP URLs:
4. ftp://{redacted}:{redacted}@www.emtech-canada[.]com/docs
5. ftp://{redacted}:{redacted}@basedow-bilder[.]de/httpdocs/docs
6. ftp://{redacted}:{redacted}@charter-base[.]de/httpdocs/docs
7. ftp://{redacted}:{redacted}@peopleiknow[.]org/httpdocs/docs
8. ftp://{redacted}:{redacted}@schwellenwertdaten[.]de/httpdocs/docs/
9. ftp://{redacted}:{redacted}@motifahsap[.]com/httpdocs/docs
10. ftp://{redacted}:{redacted}@basedow-bilder[.]de/httpdocs/docs/scan_17.01.doc
11. ftp://{redacted}:{redacted}@www.emtech-canada[.]com/docs/scan_17.01.doc
12. ftp://{redacted}:{redacted}@motifahsap[.]com/httpdocs/docs/scan_17.01.doc
13. ftp://{redacted}:{redacted}@charter-base[.]de/httpdocs/docs/scan_17.01.xls
14. ftp://{redacted}:{redacted}@basedow-bilder[.]de/httpdocs/docs/scan_17.01.xls
15. ftp://{redacted}:{redacted}@www.emtech-canada[.]com/docs/scan_17.01.xls
16. ftp://{redacted}:{redacted}@charter-base[.]de/httpdocs/docs/scan_17.01.doc
17. ftp://{redacted}:{redacted}@motifahsap[.]com/httpdocs/docs/scan_17.01.xls
18. ftp://{redacted}:{redacted}@schwellenwertdaten[.]de/httpdocs/docs/scan_17.01.doc
19. ftp://{redacted}:{redacted}@schwellenwertdaten[.]de/httpdocs/docs/scan_17.01.xls
20. ftp://{redacted}:{redacted}@peopleiknow[.]org/httpdocs/docs/scan_17.01.xls
21. ftp://{redacted}:{redacted}@peopleiknow[.]org/httpdocs/docs/scan_17.01.doc
22. XLS Macro (SHA1):
23. 5697b0e3123b7d9511568d153e5545eb0ec5c906
24. a1843ecc6f0c3f3fe0a3ef13d81d69abfaf6d4c9
25. 7b7cdd64f0e66776303b4c09eefbac23471a58f1
26. DOC DDE Abuse (SHA1):
27. e6347d6245308e104a1f4225cdd2c814cff1a63a
28. Dridex Download Locations:
29. theairlab[.]co.za/KJHdey3
30. 185.176.221[.]146
31. Dridex (SHA1):
32. 23b84ed99d9761ce4ffdf928e472ee03afb3615f
33. Dridex C2s:
34. 69.90.132[.]196:443
35. 89.171.146[.]30:4143
36. 108.166.114[.]38:4443
37. 138.197.255[.]18:4143