2017-01-23 Dridex Malware from Malspam

Here is an example of some Dridex malspam that I was able to analyze yesterday. As usual the artifacts and such can be found over in my Github repo found here. IOCs: ===== relish.net / 81.91.205.168 (Port 443) www1.relish.net / 81.91.205.167 (Port 443) u4593764.ct.sendgrid.net / 167.89.125.30 agfirstnz-my.sharepoint.com, prodnet329-325selectora0000.sharepointonline.com.akadns.net / 104.146.164.65…

Continue reading