DDI RULE 547
CRIDEX - HTTP (Request)
Überblick
CRIDEX is a banking worm that targets banks from around the world. Earlier versions are able to propagate via removable drives. However, newer versions no longer have this capability to spread by itself. Some of the newer versions are downloaded via blackhole exploit kits. It monitors login pages and cookies, and steals credentials. CRIDEX may also download and execute other malware. It accesses numerous URLs to download files or update itself. Some CRIDEX samples employ Domain Generation Algorithm (DGA), making the URLs it accesses change over time.
Technische Details
Attack Phase: Command and Control Communication
Protocol: HTTP
Risk Type: MALWARE
Threat Type: Malicious Behavior
Confidence Level: High
Severity: High(Outbound)
DDI Default Rule Status: Enable
Event Class: Callback
Event Sub Class: Bot
Behavior Indicator: Callback
APT Related: NO
Lösungen
Nehmen Sie an unserer Umfrage teil