Threat Feed: Abuse.ch Feodo Tracker

By ingesting data from Feodo Tracker, Blumira’s platform stays informed about related threat intelligence to help you quickly detect and block malicious botnet servers associated with Dridex, Emotet/Heodo malware variants.

Threat Intelligence Feed: Abuse.ch Feodo Tracker

Abuse.ch helps internet service providers and network operations protect their infrastructure from malware.

One of their projects is Feodo Tracker. It offers various blocklists to help inform and enable network owners to protect users and organizations from certain types of malware, including Dridex and Emotet/Heodo.

Dridex is a malware variant that steals banking credentials using Microsoft Office. Attackers can steal credentials and other personal information by sending spam emails to a user's computer, then infecting their computer via a Microsoft Word attachment. Once opened, a macros installs Dridex malware on their system.

Emotet/Heodo originated as a banking Trojan seeking to steal credentials. Now it works as a type of malware that enables attackers to gain access to systems and download additional malware. It can receive commands from a control server, update or delete itself, log keystrokes, launch Distributed Denial of Service (DDoS) attacks, or act as ransomware.

These types of malware have been associated with campaigns that require continuous code and attack vector updates regularly in order to evade detection (Fortinet).