Dridex Update: Moving to US Financials with VNC
ATT&CK techniques detected
T1021.005VNC
73%
“and the appropriate function is called. static code analysis of a “ vncstartserver ” call : runtime debugging view : once the vnc server is started, the fraudster is able to remotely connect and use the victim ’ s machine. tested md5 : f6a9835201d5cae894863a46bbf12d69”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1185Browser Session Hijacking
32%
“dridex update : moving to us financials with vnc the dridex target list was significantly expanded ( 129 redirect and injection directives ), mainly focusing on u. s. financial institutes, form - grabbing targets on social media sites ( which are also related to the united states…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Ongoing campaign analysis has revealed that Dridex malware's latest focus has strongly shifted in recent months to US banks.