Objective: to block the partial mobilization against Ukraine, hitting logistics and communications. The group is part of IT Army of Ukraine.
Technical analysis by the Malware Hunter JAMESWT
Dridex is back with an invoice-themed campaign
New Dridex campaign themed false invoices from a real company. The mail contains an xlsm file.
The image of the fake invoice
This, if opened, contacts a link from an internal list and downloads the dll, which starts the infection of the malware. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially on couriers and invoices. The targets are mainly companies, but not only.