2021-02-10 Dridex IOCs

1. THREAT ATTRIBUTION: DRIDEX
2.  
3. SUBJECTS OBSERVED
4. Updated Invoice(s) with Adjustment
5.  
6. SENDERS OBSERVED
7. [email protected]
8.  
9. DOCUMENT FILE HASHES
10. INV3104508191.xlsm
11. 087ab72bddf5ddc2b92322833a478dd7
12.  
13. DRIDEX PAYLOAD URLS
14. https://coachboom.mhtechnologies.us/cpwjurqt.zip
15.  
16. DRIDEX PAYLOAD FILE HASH
17. cpwjurqt.zip
18. dc0034ec0c1c3c74e3396a8313ebde01
19.  
20. It's really a .dll file not a .zip file
21. cnxlsycx.dll
22. dc0034ec0c1c3c74e3396a8313ebde01
23.  
24. DRIDEX C2s
25. 77.220.64.132:443
26. 212.227.53.240:5037
27.  
28. SUPPORTING EVIDENCE
29. https://app.any.run/tasks/298327f5-1565-4d8b-b120-2fd792ad0ce0/
30. https://urlhaus.abuse.ch/url/998960/