New Dridex Variant Evading Traditional Antivirus
released on 2019-07-01 @ 01:16:07 PM
Malware researcher Brad Duncan recently reported analysis on a new variant of Dridex he observed on June 17th. The malware utilizes an Application Whitelisting technique to bypass mitigation via disabling or blocking of Windows Script Host. The technique takes advantage of WMI command-line (WMIC) utility's weak execution policy around xls scripts.