{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T14:54:43Z","timestamp":1763477683429,"version":"3.28.0"},"reference-count":29,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016,8]]},"DOI":"10.1109\/issa.2016.7802932","type":"proceedings-article","created":{"date-parts":[[2017,1,2]],"date-time":"2017-01-02T16:21:42Z","timestamp":1483374102000},"page":"77-84","source":"Crossref","is-referenced-by-count":11,"title":["Dridex: Analysis of the traffic and automatic generation of IOCs"],"prefix":"10.1109","author":[{"given":"Lauren","family":"Rudman","sequence":"first","affiliation":[]},{"given":"Barry","family":"Irwin","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"journal-title":"FBI Security Vendors Partner for DRIDEX Takedown Blog Post Trend Micro","year":"0","key":"ref10"},{"journal-title":"The Dridex botnet ain't done yet say researchers News Article Graham Cluley","year":"0","author":"bisson","key":"ref11"},{"key":"ref12","article-title":"Dridex: Tidal waves of spam pushing dangerous financial trojan","author":"obrien","year":"2016","journal-title":"Symantec White Paper"},{"journal-title":"Dridex botnet distributor now serves avira Blog post Avira","year":"0","author":"frink","key":"ref13"},{"journal-title":"Dridex botnet spreading locky ransomware via javascript attachments News Article Security Week","year":"0","author":"news","key":"ref14"},{"journal-title":"Dridex botnet hacked delivers dummy file Online Article Help Net Security","year":"0","author":"zorz","key":"ref15"},{"journal-title":"Dridex botnet alive and well now also spreading ransomware Online Article Help Net Security","year":"0","author":"zorz","key":"ref16"},{"journal-title":"MITRE About STIX The MITRE Corporation [Online]","year":"0","key":"ref17"},{"journal-title":"(2015) ObservableTypeCYBOX CORE SCHEMA MITRE","year":"0","key":"ref18"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/1978672.1978682"},{"journal-title":"[Online]","year":"0","key":"ref28"},{"journal-title":"US-CERT (2015 October) Alert (TA15–286A) Dridex P2P Malware Online Article US-CERT","year":"0","key":"ref4"},{"journal-title":"(2015 February) 2015–02-02-malspam run pushes chanitor-subject Logmein promo code-get 50MALWARE-TRAFFIC-ANALYSIS NET","year":"0","author":"duncan","key":"ref27"},{"article-title":"Sharing indicators of compromise: An overview of standards and formats","year":"0","author":"harrington","key":"ref3"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2013.08.006"},{"journal-title":"[Online]","year":"0","key":"ref29"},{"journal-title":"Cuckoo Malware Analysis","year":"2013","author":"oktavianto","key":"ref5"},{"journal-title":"Oasis advances automated cyber threat intelligence sharing with stix taxii cybox Blog Post OASIS","year":"0","author":"geyer","key":"ref8"},{"key":"ref7","first-page":"177","article-title":"Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware","author":"chen","year":"0"},{"journal-title":"Cyber threat information sharing recommendations for congress and the administration CSIS","year":"2015","author":"denise","key":"ref2"},{"journal-title":"DRIDEX and how to overcome it Blog Post Symantec","year":"0","author":"sanghavi","key":"ref9"},{"journal-title":"Nist special publication 800–150 (draft) guide to cyber threat information sharing (draft)","year":"2014","author":"johnson","key":"ref1"},{"key":"ref20","first-page":"833","article-title":"Dns traffic analysisedn and the world ipv6 launch","volume":"8","author":"fujiwara","year":"2013","journal-title":"Information and Media Technologies"},{"journal-title":"Learning from the Dridex Malware-Adopting a Effective Strategy","year":"2015","author":"teo","key":"ref22"},{"key":"ref21","article-title":"Measuring and detecting fast-flux service networks","author":"holz","year":"2008","journal-title":"NDSS"},{"journal-title":"Upatre\/Dyre-the daily grind of botnet-based malspam Forum Post SANS ISC In-foSec","year":"0","author":"duncan","key":"ref24"},{"journal-title":"(2015 July) ‘Changed Identification Numbers’ ‘Hilton Hotel’ SPAM Zombie ‘Orkut’ Phish … Forum Post Spybot","year":"0","key":"ref23"},{"journal-title":"[Online]","year":"0","key":"ref26"},{"journal-title":"[Online]","year":"0","key":"ref25"}],"event":{"name":"2016 Information Security for South Africa (ISSA)","start":{"date-parts":[[2016,8,17]]},"location":"Johannesburg, South Africa","end":{"date-parts":[[2016,8,18]]}},"container-title":["2016 Information Security for South Africa (ISSA)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/7786562\/7802913\/07802932.pdf?arnumber=7802932","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,1,10]],"date-time":"2017-01-10T19:29:58Z","timestamp":1484076598000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/7802932\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,8]]},"references-count":29,"URL":"https:\/\/doi.org\/10.1109\/issa.2016.7802932","relation":{},"subject":[],"published":{"date-parts":[[2016,8]]}}}