While Figure 1 above represents the email message volume since June 15, the following is a listing of example botnet IDs observed during in this period:ĭridex botnet 1124 (Switzerland targeting) - August 17ĭridex botnet 228 (UK, AU, FR targeting) - August 15-16ĭridex botnet 144 (Switzerland targeting) - August 11ĭridex botnet 1024 (Switzerland targeting) - August 10ĭridex botnet 1024 (Switzerland targeting) - August 9ĭridex botnet 1024 (Switzerland targeting) - August 2-3ĭridex botnet 1024 (Switzerland targeting) - July 29ĭridex botnet 1024 (Switzerland targeting) - July 26-27ĭridex botnet 124 (Switzerland targeting) - July 15ĭridex botnet 302 (UK targeting) - July 12ĭridex botnet 38923 - (Switzerland targeting) - July 7 Figure 1 shows relative message volumes for Dridex campaigns over the last two months.įigure 1: Indexed relative Dridex message volumes since mid-June 2016 However, this volume does not even approach the multimillion-message campaigns of May 2016. On August 15 and 16, the largest observed campaign since the middle of June delivered tens of thousands of messages, primarily targeting financial services and manufacturing organizations. Throughout July and August 2016, we have tracked a number of very small Dridex attachment campaigns, varying from single digits to a couple thousand messages each. In this post we’ll investigate the recent Dridex campaigns, including their message volumes and targeting, and provide possible reasons for changes in the mode of operation. The much lower volume suggests a higher degree of targeting, freeing the actors to pursue more lucrative malware attacks and leverage stolen information more effectively. More recently, though, Dridex email message volumes have dropped to a relative trickle, and a new geography of interest, Switzerland, has emerged. Even when the actors behind distribution of Dridex began distributing Locky ransomware in February, 2016, they would often switch between the two payloads or distribute them simultaneously. Since it was first detected in November 2014, Dridex has been one of the most prolific pieces of malware worldwide.
0 kommentar(er)
