2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--58ab3fb6-6c3c-49e3-8294-b3f202de0b81" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:18:19.000Z" ,
"modified" : "2017-02-20T19:18:19.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--58ab3fb6-6c3c-49e3-8294-b3f202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:18:19.000Z" ,
"modified" : "2017-02-20T19:18:19.000Z" ,
"name" : "OSINT - The Rise of Dridex and the Role of ESPs" ,
"published" : "2017-02-20T19:18:35Z" ,
"object_refs" : [
"observed-data--58ab3fed-8664-47ac-b60c-444e02de0b81" ,
"url--58ab3fed-8664-47ac-b60c-444e02de0b81" ,
"x-misp-attribute--58ab4023-6630-4448-a573-4ee402de0b81" ,
"indicator--58ab4053-54f8-44b6-9e2b-4a3102de0b81" ,
"indicator--58ab4053-4780-4e80-b48b-4b1b02de0b81" ,
"indicator--58ab4054-4580-4a28-8122-445202de0b81" ,
"indicator--58ab4055-a368-4f79-b8e1-45a002de0b81" ,
"indicator--58ab4056-3390-43d0-9d25-4c3f02de0b81" ,
"indicator--58ab4057-593c-40e8-b9f3-43b802de0b81" ,
"indicator--58ab4058-6bd0-418d-a485-446102de0b81" ,
"indicator--58ab4058-11b0-49c0-97de-4dbe02de0b81" ,
"indicator--58ab4059-2f24-48c6-8b5e-4cd402de0b81" ,
"indicator--58ab405a-8ecc-4329-962d-4d9b02de0b81" ,
"indicator--58ab405b-3b58-4ce5-b80e-48bd02de0b81" ,
"indicator--58ab405b-21a4-4dd2-8f00-4df002de0b81" ,
"indicator--58ab405c-2b20-4376-ad58-4ce702de0b81" ,
"indicator--58ab405d-4ee0-48f5-a7ce-44d702de0b81" ,
"indicator--58ab405e-c340-41a5-bf64-490002de0b81" ,
"indicator--58ab405e-03ac-4b58-91c0-4c7102de0b81" ,
"indicator--58ab405f-bfbc-461e-9a9a-4e8a02de0b81" ,
"indicator--58ab4060-5550-4968-bc53-414202de0b81" ,
"indicator--58ab4061-c8fc-4d17-ac46-413802de0b81" ,
"indicator--58ab4061-01cc-429c-8931-40d802de0b81" ,
"indicator--58ab4062-0eb8-4397-81d9-4be402de0b81" ,
"indicator--58ab4063-4f9c-4a5d-8e44-4bf402de0b81" ,
"indicator--58ab4064-be9c-41a1-987c-433902de0b81" ,
"indicator--58ab4078-9f34-471d-bdeb-410102de0b81" ,
"indicator--58ab4078-e588-4f2b-937b-413e02de0b81" ,
"indicator--58ab409e-d2d0-4b6f-878a-49aa02de0b81" ,
"indicator--58ab409e-c224-41bb-8058-45bd02de0b81" ,
"observed-data--58ab40c9-d044-42d6-a243-b3f302de0b81" ,
"file--58ab40c9-d044-42d6-a243-b3f302de0b81" ,
"artifact--58ab40c9-d044-42d6-a243-b3f302de0b81"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:threat-actor=\"Anunak\"" ,
"misp-galaxy:tool=\"Dridex\"" ,
"osint:source-type=\"blog-post\"" ,
"circl:topic=\"finance\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58ab3fed-8664-47ac-b60c-444e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:14:10.000Z" ,
"modified" : "2017-02-20T19:14:10.000Z" ,
"first_observed" : "2017-02-20T19:14:10Z" ,
"last_observed" : "2017-02-20T19:14:10Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58ab3fed-8664-47ac-b60c-444e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"admiralty-scale:source-reliability=\"b\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58ab3fed-8664-47ac-b60c-444e02de0b81" ,
"value" : "https://www.govcert.admin.ch/blog/28/the-rise-of-dridex-and-the-role-of-esps"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--58ab4023-6630-4448-a573-4ee402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:17:53.000Z" ,
"modified" : "2017-02-20T19:17:53.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\"" ,
"admiralty-scale:source-reliability=\"b\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Last week, we have warned Swiss citizens about a new malspam run targeting exclusively Swiss internet users. The attack aimed to infect them with Dridex. Dridex is a sophisticated eBanking Trojan that emerged from the code base of Bugat / Cridex in 2014. Despite takedown attempts by the security industry and several arrests conducted by the FBI in 2015, the botnet is still very active. In 2016, MELANI / GovCERT.ch became aware of a handful of highly sophisticated attacks against small and medium businesses (SMB) in Switzerland aiming to steal large amounts of money by targeting offline payment software. During our incident response in 2016, we could identify Dridex to be the initial infection vector, which had arrived in the victim\u00e2\u20ac\u2122s mailbox by malicious Office Word documents, and uncovered the installation of a sophisticated malware called Carbanak, used by the attacker for lateral movement and conducting the actual fraud. Between 2013 and 2015, the Carbanak malware was used to steal approximately 1 billion USD from banks worldwide."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab4053-54f8-44b6-9e2b-4a3102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:15:31.000Z" ,
"modified" : "2017-02-20T19:15:31.000Z" ,
"description" : "On port 1843" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.235.76.95']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:15:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab4053-4780-4e80-b48b-4b1b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:15:31.000Z" ,
"modified" : "2017-02-20T19:15:31.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '136.243.209.34']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:15:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab4054-4580-4a28-8122-445202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:15:32.000Z" ,
"modified" : "2017-02-20T19:15:32.000Z" ,
"description" : "On port 4431" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '159.226.92.9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:15:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab4055-a368-4f79-b8e1-45a002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:15:33.000Z" ,
"modified" : "2017-02-20T19:15:33.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.196.157.250']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:15:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab4056-3390-43d0-9d25-4c3f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:15:34.000Z" ,
"modified" : "2017-02-20T19:15:34.000Z" ,
"description" : "On port 8443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.195.0.12']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:15:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab4057-593c-40e8-b9f3-43b802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:15:35.000Z" ,
"modified" : "2017-02-20T19:15:35.000Z" ,
"description" : "On port 3101" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.150.118.25']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:15:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab4058-6bd0-418d-a485-446102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:15:36.000Z" ,
"modified" : "2017-02-20T19:15:36.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.22.127.26']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:15:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab4058-11b0-49c0-97de-4dbe02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:15:36.000Z" ,
"modified" : "2017-02-20T19:15:36.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.99.60.26']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:15:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab4059-2f24-48c6-8b5e-4cd402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:15:37.000Z" ,
"modified" : "2017-02-20T19:15:37.000Z" ,
"description" : "On port 8443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.35.178.115']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:15:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab405a-8ecc-4329-962d-4d9b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:15:38.000Z" ,
"modified" : "2017-02-20T19:15:38.000Z" ,
"description" : "On port 8443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '179.177.114.30']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:15:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab405b-3b58-4ce5-b80e-48bd02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:15:39.000Z" ,
"modified" : "2017-02-20T19:15:39.000Z" ,
"description" : "On port 8443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '154.0.171.105']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:15:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab405b-21a4-4dd2-8f00-4df002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:15:39.000Z" ,
"modified" : "2017-02-20T19:15:39.000Z" ,
"description" : "On port 8443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.208.65.134']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:15:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab405c-2b20-4376-ad58-4ce702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:15:40.000Z" ,
"modified" : "2017-02-20T19:15:40.000Z" ,
"description" : "On port 8443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.130.131.55']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:15:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab405d-4ee0-48f5-a7ce-44d702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:15:41.000Z" ,
"modified" : "2017-02-20T19:15:41.000Z" ,
"description" : "On port 4433" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.236.97.60']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:15:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab405e-c340-41a5-bf64-490002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:15:42.000Z" ,
"modified" : "2017-02-20T19:15:42.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.167.136.139']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:15:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab405e-03ac-4b58-91c0-4c7102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:15:42.000Z" ,
"modified" : "2017-02-20T19:15:42.000Z" ,
"description" : "On port 5353" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.20.67.87']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:15:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab405f-bfbc-461e-9a9a-4e8a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:15:43.000Z" ,
"modified" : "2017-02-20T19:15:43.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.222.56.155']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:15:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab4060-5550-4968-bc53-414202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:15:44.000Z" ,
"modified" : "2017-02-20T19:15:44.000Z" ,
"description" : "On port 4043" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.51.232.176']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:15:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab4061-c8fc-4d17-ac46-413802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:15:45.000Z" ,
"modified" : "2017-02-20T19:15:45.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.0.26.34']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:15:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab4061-01cc-429c-8931-40d802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:15:45.000Z" ,
"modified" : "2017-02-20T19:15:45.000Z" ,
"description" : "On port 8343" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.139.21.245']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:15:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab4062-0eb8-4397-81d9-4be402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:15:46.000Z" ,
"modified" : "2017-02-20T19:15:46.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.17.3.237']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:15:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab4063-4f9c-4a5d-8e44-4bf402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:15:47.000Z" ,
"modified" : "2017-02-20T19:15:47.000Z" ,
"description" : "On port 8443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.155.55.211']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:15:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab4064-be9c-41a1-987c-433902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:15:48.000Z" ,
"modified" : "2017-02-20T19:15:48.000Z" ,
"description" : "On port 8443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.130.54.90']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:15:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab4078-9f34-471d-bdeb-410102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:16:08.000Z" ,
"modified" : "2017-02-20T19:16:08.000Z" ,
"description" : "Dridex payload:" ,
"pattern" : "[url:value = 'https://talofinancial-my.sharepoint.com/personal/ashleigh_schipp_talofinancial_com_au/_layouts/15/guestaccess.aspx?docid=07697c8afb3e544808bf527394eb7154b&authkey=Adh6QVItbnSLOpXvxh_BfCs']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:16:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab4078-e588-4f2b-937b-413e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:16:08.000Z" ,
"modified" : "2017-02-20T19:16:08.000Z" ,
"description" : "Dridex payload:" ,
"pattern" : "[url:value = 'https://yemposolutions-my.sharepoint.com/personal/amor_novicio_yempo-solu-tions_com/_layouts/15/guestaccess.aspx?docid=0ce03b9fd12d949cf91f56a7d1fbf4b93&authkey=ASOCPusN_QaBSXcCPxEkT9s']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:16:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab409e-d2d0-4b6f-878a-49aa02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:16:46.000Z" ,
"modified" : "2017-02-20T19:16:46.000Z" ,
"description" : "JS download" ,
"pattern" : "[url:value = 'https://jensenbowers-my.sharepoint.com/personal/leeanderson_jensenbowers_com_au/_layouts/15/download.aspx?docid=068187f5a930340c89e3b7c5c9b9c24f7&authkey=AarHUbAy66DSX08VzRPQ25w']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:16:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58ab409e-c224-41bb-8058-45bd02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:16:46.000Z" ,
"modified" : "2017-02-20T19:16:46.000Z" ,
"description" : "JS download" ,
"pattern" : "[url:value = 'https://jensenbowers-my.sharepoint.com/personal/leeanderson_jensenbowers_com_au/_layouts/15/guestaccess.aspx?docid=068187f5a930340c89e3b7c5c9b9c24f7&authkey=AarHUbAy66DSX08VzRPQ25w']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-20T19:16:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58ab40c9-d044-42d6-a243-b3f302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-20T19:17:29.000Z" ,
"modified" : "2017-02-20T19:17:29.000Z" ,
"first_observed" : "2017-02-20T19:17:29Z" ,
"last_observed" : "2017-02-20T19:17:29Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--58ab40c9-d044-42d6-a243-b3f302de0b81" ,
"artifact--58ab40c9-d044-42d6-a243-b3f302de0b81"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--58ab40c9-d044-42d6-a243-b3f302de0b81" ,
"name" : "infection_chain.jpg" ,
"content_ref" : "artifact--58ab40c9-d044-42d6-a243-b3f302de0b81"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--58ab40c9-d044-42d6-a243-b3f302de0b81" ,
"payload_bin" : " / 9 j / 4 A A Q S k Z J R g A B A g A A Z A B k A A D / 7 A A R R H V j a 3 k A A Q A E A A A A P A A A / + 4 A J k F k b 2 J l A G T A A A A A A Q M A F Q Q D B g o N A A D Z f Q A B c W c A A l G r A A N J f P / b A I Q A B g Q E B A U E B g U F B g k G B Q Y J C w g G B g g L D A o K C w o K D B A M D A w M D A w Q D A 4 P E A 8 O D B M T F B Q T E x w b G x s c H x 8 f H x 8 f H x 8 f H w E H B w c N D A 0 Y E B A Y G h U R F R o f H x 8 f H x 8 f H x 8 f H x 8 f H x 8 f H x 8 f H x 8 f H x 8 f H x 8 f H x 8 f H x 8 f H x 8 f H x 8 f H x 8 f H x 8 f H x 8 f / 8 I A E Q g F 6 g W m A w E R A A I R A Q M R A f / E A R M A A Q A C A w E B A Q A A A A A A A A A A A A A B B A I D B Q Y H C A E B A Q A D A Q E A A A A A A A A A A A A A A A E C A w Q F B h A A A A U D A Q Y F A w Q C A w A C A w E A A A E C A w Q R E g U Q I E A x E x Q G M F B g M h U h N D V w Q T M W I j Z C I y Q l R r D A Q y Y R A A I B A g Q B B g g L B A g E B Q M E A w E C A w A R I T E S B B N B U W F x I j I Q Q I G R s c E U B S A w U K H R Q l J y I z M 0 Y G K S c 3 D w 4 Y K y w k M k 8 V O T s 6 L i g 3 Q V 0 m O j 8 k Q l B m S E N R I A A Q M C B A Y C A w E A A A A A A A A A E Q A B I R B w I G A x Y V C A k L D A Q T C g U Q I S I h M B A A I B A g Q E B g M B A Q E B A Q E A A Q A R I T F h E E F R c S A w 8 K F A U I G R s d F g w f H h c I C Q s M D / 2 g A M A w E A A h E D E Q A A A f e Y A A A A A A A A A A A A A A A A A A B I A A A A A A A B I A A A A A A A A A A A A A A A A A I A A A A A A A A I A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A B J A A A A A A A A A A A A A A A A A B I A A A A A A A J A A A A A A A A A A A A A A A A A A A A A B A A A A A A A B A A A A A A A A A A A A A A B i Z A 5 p 0 i s Y m Z Y A A B U B b A O I d s A A w M w A A A A A A C S A A A A A A A A A A A A A A A A C Q A A A A A A C Q A A A A A A A A A A A A A A A A A A A A A A A A Q A A A A A A A Q A A A A A A A A A A A A e O r Y X T z p f M D A u n L B Z P b w P K 1 R N J g d E q l g 4 Z 3 z i H R P W R T P P V 3 I 7 w A A A A A A J I A A A A A A A A A A A A A A A J A A A A A A B I A A A A A A A A A A A A A A A A A A A A A A A A A A A I A A A A A A B A A A A A A A A A A A B i a z c e U r p x T r a a j I t Q O w D z l Y m A M g a T o R W o X Y 7 A K x Z A A A A A A A J I A A A A A A A A A A A A A A J A A A A A A J A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A B A A A A A A I A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A B J A A A A A A A A A A A A A A J A A A A A B I A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A I A A A A A B A A A A A A A A A A A A A A A B z a t R Y A A A A A A A A A A A A A A J I A B 87 y d A 97 G g w L B k A A C g S Y H S A A A A A A A A A A A A A A B I A A A A A A A A A A A A A A A A A A A A A A A I A A A A A A A A A A A A A A B A A A A A A A B X i A A A f P s n a j 0 8 A A A A A A A A A A A A A A S Q A D 5 J n O s v 1 H F 8 P r 0 x 7 Q 1 m Z S P R R 5 + r h 5 o s F c 95 A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A E A A A A A A A q x i A A D 59 k 7 U e n g A A A A A A A A A A A A A C S A A f J M 51 l + o 4 v h 1 e j P R H k D z x 6 Q 9 S c g 8 k e g O 6 a j 3 k A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A Q A A A A A C r G I A A O b V q L A A A A A A A A A A A A A A B J A A P k m c 6 y / U c X x G v e m s g 8 k e y O U e c K h 6E7 p q P e Q A A A A A A A A A A A A A A A A A A A A A A A A J A A A B A A A A A A A A A A A A A A A A A A A A A A A A A A A I A A A A A K s Y g A A A A A A A A A A A A A A A A A E k A A + S Z z r L 9 R x c W q x 1 D Y V i 1 A 4 p e N p v M S 6 A A A A A A A A A A A A A A A A A A A A S A A A A A A A A A A A A C A A A A A A A A A A A A A A A A A A A A A A A Q A A A A C r G I A A P G Z O v H c g A A A A A A A A A A A A A C S A A W a G Y A A B I A A A A A A A A A A A A A A A A A A A A J A A A A A A A A A A A A A A A A A B A A A A A A A A A A A A A A A A A A A A A I A A A A K s Y g A A + f Z O 1 H p 4 A A A g E g A A A A A A A A A k g A F y g A A J A A A A A A A A A A A A A A A A A A A B I A A A A A A A A A A A A A A A A A A A A B A A A A A A A A A A A A A A A A A A A A B A A A B V j E A A H z 7 J 2 o 9 P A A A 5 l W Y 3 H K r s w A A A A A A A A B J A A L l A A C Q A A A A A A A A A A A A A A A A A A S A A A A A A A A A A A A A A A A A A A A A A A A C A A A A A A A A A A A A A A A A A A A Q A A C r G I A A P n 2 T t x 6 a A A B 5 m u z G i q p 1 I t A A A A A A A A A k g A F y g A J A A A A A A A A A A A A A A A A A B I A A A A B l k k A A A A A A A A A A A A A A i M Y A A A A A A g y r K g A A A A A A A A A A A A A B h E Q A I A A K s Y g A A 51 W o 3 g A H N r x t d c 6 c e V r v R 6 s k A x j A g A A A A A E k A A u U A J A A A A A A A A A A A A A A A A A J A A A A A A r d W G W v D L E A A A A A A A A A A A A D f h s 1 z L D E A A A A A A J r f Z W 2 a g A A A A A A A A A A A A J L G v d X i I A A g A F W M Q A A A A A a D j V J h V g q n o i g d 2 B i S V 4 w A A A A A B J A A L l A S A A A A A A A A A A A A A A A A C Q A A A A A A K 3 V R 38 t b P U A A A A A A A A A A A A B 0 d P T n r 3 Y Y g A A A A A B N b c s e R 0 8 Q A A A A A A A A A A A A E r 2 O X u r x E A A C A C r G I A A P F Z O x H d g A V S y c a t V c 8 u n r Y q V b j E y J K 0 Y A A A A A A k g A F y h I A A A A A A A A A A A A A A A J A A A A A A A A F b q o 7 + W l n r 8 f r 25 J t q v L 6 X P X 0 L i A A A A A N + O z Z j l h Z l L J o z 167 i B 0 d P T n r 3 Y Y g B h l j p 26 b O j o A A A E 1 t y x 5 H T x e c w 2 Q d P L H j 45 + i y 16 z f W x A A A A N 2 O e c y y l A A A w s 1 Z Y d b m 7 a 8 R A i y v t 0 b t e 3 P H M Q C r G I A A P n 2 T t R 6 e A A N B t P M 5 O W e 8 M Y t k G w A r R g A A A A A C S A A X K k A A A A A A A A A A A A A A A E g A A A A A A A A V u q j v 5 a 2 e r w G r f 6 f P X 5 n H Z v T 1 m e u 3 c Q A A A A J W 5 q 3 D C 45 T K T C y r s 0 g d H T 0 5692 G I R Z X 3 a N G 3 T l j l e 5 e w A A A T W 3 L H k d P F 4 / D b 1 r j 4 z X t 6 G U 3 J S l 7 m W H q M 9 Y A A A F n D b n L B l K A B h Z n L W z 19 X n 7 K 8 R G n b p r 7 t G N x u c 3 Z s w z A g q x i A A D 59 k 7 U e n g A D E 5 N d O r U c e u u b 4 k w M i S t G A A A A A A J I A B d o A A A A A A A A A A A A A A C Q A A A A A A A A A T W 2 q O / l 5 m W v y 2 G 3 q Z Y j s 5 Y b k A w X N A A A B t x z 3 Y 5 j C z K W Q V s 9 W N g 6 O n p z 17 s I 0 b N N f d o x u I y m V n T 0 A b M M 4 I s A 2 S 7 q 5 H T x c r H P O z h 4520 s 2 V Z e n l j 0 b i A A A B Z w 27 M c o M b M 5 R F k G U o r Z 6 + r z 9 l T L C p u 5 s M s A N + r f l j k A N J A A A P N V f j r A A A m L L J L k A A Q R Z o Y 4 U A A G r b M o A E k A A u 0 A A A A A A A A A A A A A B I A A A A A A A A B I A r b V H f y 1 s 9 X m M N l 6 z n z K r L 18 s L d n O m X G x y 7 O W O 1 K s v Q s q L b T n S 619 P H S m Q i y Z Q K 2 z V r u I 6 O n p n D Z Q 38 u G W A A A A u c / X X 26 N e e s C 3 p 6 L m G 3 k d P F 47 X t 2 V 2 s s N U u 2 z k 455 J d s s W c n H L q Z Y 6 Z a 0 u o 6 d n V y w s 4 b d m O Q i s L j M s W b M c g K 2 z V t w z r b N Q A A A A A A A A A p c / d 53 y v o q + n p v d P B 6 T 1 / m 9 u e r Z L M o A A E W Y W Q g A A y 5 e y c M w A J I A B d o A A A A A A A A A A A A C Q A A A A A A A A S A A B W 2 q O / l o Z 6 / G a 9 u w 7 O W H J x y t W c + Z b k h c k A 1 L T l 1 n Z y x o y / Q r j u x z A A F b Z q 13 E d H T 0 5 a 9 t T b o 0 b d M I A A B d 5 + u v t 0 a s 9 Y F v T 0 X M N v I 6 e K p M v D a 9 t u z m z L u 5 Y V J c D s X H k T L s 5 Y 87 H L J A B 7 H Z q s 4 b d m O W N k k y g Y W Z S y V s 9 d 7 V 0 U N v P h l g A A A A A A A A N e G 3 x X z 323 r u 7 y O 50 c H z H x / q r / T 5 / r v d + Q A A A A A A A A y 5 e y c M w A J I A B d o A A A A A A A A A A A A S A A A A A A A C Q A A A K G 2 q O / l q 56 + D j n c u N e X E z N h X L d m 8 A H M l u W W D U W M N n V l A A F b Z q 13 E d H T 0 5692 M Y X G r v 5 t W e s Z 452 d O + n 0 c o u 8 / X X 26 N W e v P H O 1 p 6 M 5 l v O R 0 8 X C x z y N x o M y 1 Z R l s F m z m y 9 C z A 3 o
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}