2023-04-21 13:25:09 +00:00
|
|
|
{
|
|
|
|
"Event": {
|
|
|
|
"analysis": "2",
|
|
|
|
"date": "2014-11-05",
|
|
|
|
"extends_uuid": "",
|
|
|
|
"info": "OSINT Banking Trojan DRIDEX Uses Macros for Infection blog post from Trend Micro",
|
|
|
|
"publish_timestamp": "1456154050",
|
|
|
|
"published": true,
|
|
|
|
"threat_level_id": "3",
|
|
|
|
"timestamp": "1415269308",
|
|
|
|
"uuid": "545b456e-b8a4-45e0-a895-41c7950d210b",
|
|
|
|
"Orgc": {
|
|
|
|
"name": "CthulhuSPRL.be",
|
|
|
|
"uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f"
|
|
|
|
},
|
|
|
|
"Tag": [
|
|
|
|
{
|
|
|
|
"colour": "#004646",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "type:OSINT",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
"colour": "#33FF00",
|
2023-05-19 09:05:37 +00:00
|
|
|
"local": "0",
|
|
|
|
"name": "tlp:green",
|
|
|
|
"relationship_type": ""
|
2023-04-21 13:25:09 +00:00
|
|
|
}
|
|
|
|
],
|
|
|
|
"Attribute": [
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415267708",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "545b457c-0d98-4574-8c52-469c950d210b",
|
|
|
|
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/banking-trojan-dridex-uses-macros-for-infection/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415267720",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "comment",
|
|
|
|
"uuid": "545b4588-c140-469c-b13f-4eff950d210b",
|
|
|
|
"value": "Data entered by David Andr\u00c3\u00a9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415267750",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "545b4594-0a98-4b30-8e30-42d3950d210b",
|
|
|
|
"value": "Dridex"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Antivirus detection",
|
|
|
|
"comment": "Trend Micro",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415267776",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "text",
|
|
|
|
"uuid": "545b45c0-df7c-4297-8f2c-4b39950d210b",
|
|
|
|
"value": "TSPY_DRIDEX.WQJ"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415267824",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "545b45f0-9f58-499e-a51d-413b950d210b",
|
|
|
|
"value": "c2c980297d985c0e62e461b76fa584e79a6b3822"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415267824",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "545b45f0-da20-4cbc-b8e1-4aaa950d210b",
|
|
|
|
"value": "4dad1a0e024cce9c3a11622b5e5bbe3efbefc4b9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415267824",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "545b45f0-7da4-412d-a291-4812950d210b",
|
|
|
|
"value": "cbd005db36efbdf3aeed5d26fad54554cd734da4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415267824",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "545b45f0-d2ec-4309-9f47-409d950d210b",
|
|
|
|
"value": "bdc7c47001852a8e915f29eaebcf99ffa857c3b5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415267824",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "545b45f0-54fc-45bf-a0fb-46ca950d210b",
|
|
|
|
"value": "b4f4b426457124ecfeec4d5b59b9c2a6c25baaf7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415267824",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "545b45f0-de0c-4e6f-93af-4351950d210b",
|
|
|
|
"value": "b54b06e01c6f735e98d17b156ee8c7a2437b2d68"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415267824",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "545b45f0-7314-417e-8a40-49a8950d210b",
|
|
|
|
"value": "f5bf8963f99bd6ad5addcbcf0c81b95eab1cc1ba"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415267824",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "545b45f0-ad84-43be-9999-4160950d210b",
|
|
|
|
"value": "bf1fca6f81b3d5a9054ceab9a56c58f248560b34"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415267824",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "545b45f0-87c0-4550-9fab-4d3e950d210b",
|
|
|
|
"value": "a7b1a30386928e6320c31279b3473610e0e96192"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415267824",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "545b45f0-2624-488d-a557-461d950d210b",
|
|
|
|
"value": "01eeb1debb21dc8933e7b6c1280f7e3f87a88dd0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415267824",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "545b45f0-8360-441e-8c22-4db1950d210b",
|
|
|
|
"value": "0f9c49e08683b811a6c713afc1a37b3a33f58fd8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415267824",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "545b45f0-60f4-43a8-a152-4e10950d210b",
|
|
|
|
"value": "f3a65b6828bee8da06daeb1619b9f1265c4c38c7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415267824",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "545b45f0-3ffc-4fd1-82c1-45bc950d210b",
|
|
|
|
"value": "ae6fe7d7e80d7271b902a482d1ece2a73f082eba"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415267824",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "545b45f0-f514-481f-adc2-46f1950d210b",
|
|
|
|
"value": "46ff15b415407babb60becc19d259752c2be77cd"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415267824",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "545b45f1-faa4-4768-abe8-43ec950d210b",
|
|
|
|
"value": "911a77e67ababc355a2aa169149de88480ab1768"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415267825",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "545b45f1-1dc0-42d3-8a58-41a2950d210b",
|
|
|
|
"value": "7714f4d42c7b1608be281cb288c07baf8ff35501"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415267900",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "545b463c-96e4-4244-905f-472f950d210b",
|
|
|
|
"value": "http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/TSPY_DRIDEX.WQJ"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415268211",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "545b4773-2f60-4675-ac08-44fa950d210b",
|
|
|
|
"value": "https://www.virustotal.com/en/file/bc77bf0cc6b1efd3f10458f398719b7db5a93ba78ea61bbe9e3831a423e6aa2d/analysis/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415268233",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "545b4789-ccec-4dc6-b6f7-4b84950d210b",
|
|
|
|
"value": "62.75.184.70"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Network activity",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415268233",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "ip-dst",
|
|
|
|
"uuid": "545b4789-8524-46b7-ba8c-4849950d210b",
|
|
|
|
"value": "116.48.157.176"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415269308",
|
|
|
|
"to_ids": false,
|
|
|
|
"type": "link",
|
|
|
|
"uuid": "545b4bbc-4b2c-4a24-af11-065a950d210b",
|
|
|
|
"value": "https://malwr.com/analysis/OGY0MmQ4MmNhNDllNGFlOWExZTg5YjI3MzI3ZTcyNDk/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415269343",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "545b4bdf-4524-4339-ae0d-0ec3950d210b",
|
|
|
|
"value": "5fce64eb222aa41e4fb967e9d8fb6a22"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415269343",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha1",
|
|
|
|
"uuid": "545b4bdf-ce20-4271-b157-0ec3950d210b",
|
|
|
|
"value": "c2c980297d985c0e62e461b76fa584e79a6b3822"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Imported via the freetext import.",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1415269343",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "545b4bdf-0178-4414-98a7-0ec3950d210b",
|
|
|
|
"value": "bc77bf0cc6b1efd3f10458f398719b7db5a93ba78ea61bbe9e3831a423e6aa2d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Automatically added (via 4dad1a0e024cce9c3a11622b5e5bbe3efbefc4b9)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455833217",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "56c64081-b468-4aca-9607-499a950d210f",
|
|
|
|
"value": "37e3ec6c9569bd7035b440c24af108fd"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Automatically added (via bdc7c47001852a8e915f29eaebcf99ffa857c3b5)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455833220",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "56c64084-84a8-441e-a019-5f51950d210f",
|
|
|
|
"value": "bb0b440cbac54114d04648be6f2fe26d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Automatically added (via b54b06e01c6f735e98d17b156ee8c7a2437b2d68)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455833222",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "md5",
|
|
|
|
"uuid": "56c64086-c808-4ab2-8ae8-599c950d210f",
|
|
|
|
"value": "071b380d6b422dd83f14fa0a3bceb347"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Automatically added (via 4dad1a0e024cce9c3a11622b5e5bbe3efbefc4b9)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455833219",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "56c64083-070c-4f29-9b4b-4d83950d210f",
|
|
|
|
"value": "59e49cd21ff679582fbd65dd904ac9197c0b3d9d38de64184f67aecdd2b24f84"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Automatically added (via bdc7c47001852a8e915f29eaebcf99ffa857c3b5)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455833221",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "56c64085-9854-412c-9de4-59a4950d210f",
|
|
|
|
"value": "d6d846ae3751495ef398ce5af5facfb460ec76b0cb02992905576542d6e548d7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "Automatically added (via b54b06e01c6f735e98d17b156ee8c7a2437b2d68)",
|
|
|
|
"deleted": false,
|
|
|
|
"disable_correlation": false,
|
|
|
|
"timestamp": "1455833223",
|
|
|
|
"to_ids": true,
|
|
|
|
"type": "sha256",
|
|
|
|
"uuid": "56c64087-1b5c-4e66-a1f9-c651950d210f",
|
|
|
|
"value": "f1e40b2c8e6669a1886f33644e99e43f862c7225e8704a959a325fb333c13741"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|