Dridex Malware

This Treasury/CISA alert summarizes active Dridex banking-trojan campaigns targeting the financial sector, describing distribution vectors (phishing with macro-enabled attachments, cloud/FTP-hosted payloads, and exploitation of CVE-2017-0199), technical capabilities (browser/API injection, credential theft, P2P exfiltration), links to ransomware activity (BitPaymer/Locky), attribution to criminal groups (Evil Corp/TA505), a list of IOCs (email addresses and IPs), and recommended mitigations for institutions and users.