Trusted Design

Hacked Thailand based college used as Node for Dridex Botnet

概要

Dridex Node: http://203.172.180.195:8008/sezamstreet/ziliboba.php; Uses Microsoft Word documents which were previously used in past Dridex campaigns and embeds a compressed OLE document (ActiveMime), with VBA auto open macros, within a Mime MSO XML document. After visting URL: http://203.172.180.195:8008/sezamstreet/ziliboba.php filename coffee.exe gets download on user system. IpAddress 203.172.180.195 resolves to http://www.ltc.ac.th and it is possible that website can be vulnerable to multiple vulnerabilities which lead to compromise of website. Server on IpAddress 203.172.180.195 locally connects to IpAddress :95.211.241.118:8500.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

• Dridex Download URL from Malicious Macro - 05/05/2016 (score: 0.63)
• Dridex Botnet 220 - From Techlist (score: 0.58)
• Probing for Wordpress installations & other web vulnerabilities (score: 0.58)
• Malicious URL Botnets (score: 0.57)
• New Internet Explorer zero-day exploited in Hong Kong attacks (score: 0.57)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る