misp-circl-feed/feeds/circl/misp/58ab3fb6-6c3c-49e3-8294-b3f202de0b81.json

{
  "Event": {
    "analysis": "2",
    "date": "2017-02-20",
    "extends_uuid": "",
    "info": "OSINT - The Rise of Dridex and the Role of ESPs",
    "publish_timestamp": "1487618315",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1487618299",
    "uuid": "58ab3fb6-6c3c-49e3-8294-b3f202de0b81",
    "Orgc": {
      "name": "CIRCL",
      "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
    },
    "Tag": [
      {
        "colour": "#12e400",
        "local": "0",
        "name": "misp-galaxy:threat-actor=\"Anunak\"",
        "relationship_type": ""
      },
      {
        "colour": "#0da700",
        "local": "0",
        "name": "misp-galaxy:tool=\"Dridex\"",
        "relationship_type": ""
      },
      {
        "colour": "#ffffff",
        "local": "0",
        "name": "tlp:white",
        "relationship_type": ""
      },
      {
        "colour": "#00223b",
        "local": "0",
        "name": "osint:source-type=\"blog-post\"",
        "relationship_type": ""
      },
      {
        "colour": "#6edb00",
        "local": "0",
        "name": "circl:topic=\"finance\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618050",
        "to_ids": false,
        "type": "link",
        "uuid": "58ab3fed-8664-47ac-b60c-444e02de0b81",
        "value": "https://www.govcert.admin.ch/blog/28/the-rise-of-dridex-and-the-role-of-esps",
        "Tag": [
          {
            "colour": "#075200",
            "local": "0",
            "name": "admiralty-scale:source-reliability=\"b\"",
            "relationship_type": ""
          },
          {
            "colour": "#00223b",
            "local": "0",
            "name": "osint:source-type=\"blog-post\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618273",
        "to_ids": false,
        "type": "text",
        "uuid": "58ab4023-6630-4448-a573-4ee402de0b81",
        "value": "Last week, we have warned Swiss citizens about a new malspam run targeting exclusively Swiss internet users. The attack aimed to infect them with Dridex. Dridex is a sophisticated eBanking Trojan that emerged from the code base of Bugat / Cridex in 2014. Despite takedown attempts by the security industry and several arrests conducted by the FBI in 2015, the botnet is still very active. In 2016, MELANI / GovCERT.ch became aware of a handful of highly sophisticated attacks against small and medium businesses (SMB) in Switzerland aiming to steal large amounts of money by targeting offline payment software. During our incident response in 2016, we could identify Dridex to be the initial infection vector, which had arrived in the victim\u00e2\u20ac\u2122s mailbox by malicious Office Word documents, and uncovered the installation of a sophisticated malware called Carbanak, used by the attacker for lateral movement and conducting the actual fraud. Between 2013 and 2015, the Carbanak malware was used to steal approximately 1 billion USD from banks worldwide.",
        "Tag": [
          {
            "colour": "#00223b",
            "local": "0",
            "name": "osint:source-type=\"blog-post\"",
            "relationship_type": ""
          },
          {
            "colour": "#075200",
            "local": "0",
            "name": "admiralty-scale:source-reliability=\"b\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "On port 1843",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618131",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58ab4053-54f8-44b6-9e2b-4a3102de0b81",
        "value": "109.235.76.95"
      },
      {
        "category": "Network activity",
        "comment": "On port 443",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618131",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58ab4053-4780-4e80-b48b-4b1b02de0b81",
        "value": "136.243.209.34"
      },
      {
        "category": "Network activity",
        "comment": "On port 4431",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618132",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58ab4054-4580-4a28-8122-445202de0b81",
        "value": "159.226.92.9"
      },
      {
        "category": "Network activity",
        "comment": "On port 443",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618133",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58ab4055-a368-4f79-b8e1-45a002de0b81",
        "value": "173.196.157.250"
      },
      {
        "category": "Network activity",
        "comment": "On port 8443",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618134",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58ab4056-3390-43d0-9d25-4c3f02de0b81",
        "value": "178.195.0.12"
      },
      {
        "category": "Network activity",
        "comment": "On port 3101",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618135",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58ab4057-593c-40e8-b9f3-43b802de0b81",
        "value": "194.150.118.25"
      },
      {
        "category": "Network activity",
        "comment": "On port 443",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618136",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58ab4058-6bd0-418d-a485-446102de0b81",
        "value": "195.22.127.26"
      },
      {
        "category": "Network activity",
        "comment": "On port 443",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618136",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58ab4058-11b0-49c0-97de-4dbe02de0b81",
        "value": "82.99.60.26"
      },
      {
        "category": "Network activity",
        "comment": "On port 8443",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618137",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58ab4059-2f24-48c6-8b5e-4cd402de0b81",
        "value": "89.35.178.115"
      },
      {
        "category": "Network activity",
        "comment": "On port 8443",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618138",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58ab405a-8ecc-4329-962d-4d9b02de0b81",
        "value": "179.177.114.30"
      },
      {
        "category": "Network activity",
        "comment": "On port 8443",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618139",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58ab405b-3b58-4ce5-b80e-48bd02de0b81",
        "value": "154.0.171.105"
      },
      {
        "category": "Network activity",
        "comment": "On port 8443",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618139",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58ab405b-21a4-4dd2-8f00-4df002de0b81",
        "value": "95.208.65.134"
      },
      {
        "category": "Network activity",
        "comment": "On port 8443",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618140",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58ab405c-2b20-4376-ad58-4ce702de0b81",
        "value": "81.130.131.55"
      },
      {
        "category": "Network activity",
        "comment": "On port 4433",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618141",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58ab405d-4ee0-48f5-a7ce-44d702de0b81",
        "value": "77.236.97.60"
      },
      {
        "category": "Network activity",
        "comment": "On port 443",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618142",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58ab405e-c340-41a5-bf64-490002de0b81",
        "value": "198.167.136.139"
      },
      {
        "category": "Network activity",
        "comment": "On port 5353",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618142",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58ab405e-03ac-4b58-91c0-4c7102de0b81",
        "value": "209.20.67.87"
      },
      {
        "category": "Network activity",
        "comment": "On port 443",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618143",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58ab405f-bfbc-461e-9a9a-4e8a02de0b81",
        "value": "213.222.56.155"
      },
      {
        "category": "Network activity",
        "comment": "On port 4043",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618144",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58ab4060-5550-4968-bc53-414202de0b81",
        "value": "216.51.232.176"
      },
      {
        "category": "Network activity",
        "comment": "On port 443",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618145",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58ab4061-c8fc-4d17-ac46-413802de0b81",
        "value": "37.0.26.34"
      },
      {
        "category": "Network activity",
        "comment": "On port 8343",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618145",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58ab4061-01cc-429c-8931-40d802de0b81",
        "value": "37.139.21.245"
      },
      {
        "category": "Network activity",
        "comment": "On port 443",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618146",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58ab4062-0eb8-4397-81d9-4be402de0b81",
        "value": "46.17.3.237"
      },
      {
        "category": "Network activity",
        "comment": "On port 8443",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618147",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58ab4063-4f9c-4a5d-8e44-4bf402de0b81",
        "value": "81.155.55.211"
      },
      {
        "category": "Network activity",
        "comment": "On port 8443",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618148",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58ab4064-be9c-41a1-987c-433902de0b81",
        "value": "86.130.54.90"
      },
      {
        "category": "Network activity",
        "comment": "Dridex payload:",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618168",
        "to_ids": true,
        "type": "url",
        "uuid": "58ab4078-9f34-471d-bdeb-410102de0b81",
        "value": "https://talofinancial-my.sharepoint.com/personal/ashleigh_schipp_talofinancial_com_au/_layouts/15/guestaccess.aspx?docid=07697c8afb3e544808bf527394eb7154b&authkey=Adh6QVItbnSLOpXvxh_BfCs"
      },
      {
        "category": "Network activity",
        "comment": "Dridex payload:",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618168",
        "to_ids": true,
        "type": "url",
        "uuid": "58ab4078-e588-4f2b-937b-413e02de0b81",
        "value": "https://yemposolutions-my.sharepoint.com/personal/amor_novicio_yempo-solu-tions_com/_layouts/15/guestaccess.aspx?docid=0ce03b9fd12d949cf91f56a7d1fbf4b93&authkey=ASOCPusN_QaBSXcCPxEkT9s"
      },
      {
        "category": "Network activity",
        "comment": "JS download",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618206",
        "to_ids": true,
        "type": "url",
        "uuid": "58ab409e-d2d0-4b6f-878a-49aa02de0b81",
        "value": "https://jensenbowers-my.sharepoint.com/personal/leeanderson_jensenbowers_com_au/_layouts/15/download.aspx?docid=068187f5a930340c89e3b7c5c9b9c24f7&authkey=AarHUbAy66DSX08VzRPQ25w"
      },
      {
        "category": "Network activity",
        "comment": "JS download",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618206",
        "to_ids": true,
        "type": "url",
        "uuid": "58ab409e-c224-41bb-8058-45bd02de0b81",
        "value": "https://jensenbowers-my.sharepoint.com/personal/leeanderson_jensenbowers_com_au/_layouts/15/guestaccess.aspx?docid=068187f5a930340c89e3b7c5c9b9c24f7&authkey=AarHUbAy66DSX08VzRPQ25w"
      },
      {
        "category": "External analysis",
        "comment": "",
        "data": "/9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAAPAAA/+4AJkFkb2JlAGTAAAAAAQMAFQQDBgoNAADZfQABcWcAAlGrAANJfP/bAIQABgQEBAUEBgUFBgkGBQYJCwgGBggLDAoKCwoKDBAMDAwMDAwQDA4PEA8ODBMTFBQTExwbGxscHx8fHx8fHx8fHwEHBwcNDA0YEBAYGhURFRofHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8f/8IAEQgF6gWmAwERAAIRAQMRAf/EARMAAQACAwEBAQAAAAAAAAAAAAABBAIDBQYHCAEBAQADAQEAAAAAAAAAAAAAAAECAwQFBhAAAAUDAQYFAwQCAwACAwEAAAECAwQREgUQIEAxExQGMFBgMhUhNDVwQTMWIjZCIyQlRrDAQyYRAAIBAgQBBggLBAgEBQMEAwECAwARITESBBNBUWFxIjIQQIGRscEUBSAwUKHRQlJyIzM0YGKSc3Dw4YKywkMk8VOTs6Lig3QV0mOj8kQlBmSENRIAAQMCBAYCAwEAAAAAAAAAEQABIRBwIGAxYVCAkLDAQTCgUQISIhMBAAIBAgQEBgMBAQEBAQEAAQARITFhEEFRcSAw8KFAUIGRsdFgwfHhcICQsMD/2gAMAwEAAhEDEQAAAfeYAAAAAAAAAAAAAAAAAABIAAAAAAABIAAAAAAAAAAAAAAAAAIAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABJAAAAAAAAAAAAAAAAABIAAAAAAAJAAAAAAAAAAAAAAAAAAAAABAAAAAAABAAAAAAAAAAAAAABiZA5p0isYmZYAABUBbAOIdsAAwMwAAAAAACSAAAAAAAAAAAAAAAACQAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAQAAAAAAAAAAAAeOrYXTzpfMDAunLBZPbwPK1RNJgdEqlg4Z3ziHRPWRTPPV3I7wAAAAAAJIAAAAAAAAAAAAAAAJAAAAAABIAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAABAAAAAAAAAAABiazceUrpxTraajItQOwDzlYmAMgaToRWoXY7AKxZAAAAAAAJIAAAAAAAAAAAAAAJAAAAAAJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABJAAAAAAAAAAAAAAJAAAAABIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAABAAAAAAAAAAAAAAABzatRYAAAAAAAAAAAAAAJIAB87ydA97GgwLBkAACgSYHSAAAAAAAAAAAAAABIAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAABAAAAAAABXiAAAfPsnaj08AAAAAAAAAAAAAASQAD5JnOsv1HF8Pr0x7Q1mZSPRR5+rh5osFc95AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAqxiAAD59k7UengAAAAAAAAAAAAACSAAfJM51l+o4vh1ejPRHkDzx6Q9Scg8kegO6aj3kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAACrGIAAObVqLAAAAAAAAAAAAAABJAAPkmc6y/UcXxGvemsg8keyOUecKh6E7pqPeQAAAAAAAAAAAAAAAAAAAAAAAAJAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAKsYgAAAAAAAAAAAAAAAAAEkAA+SZzrL9RxcWqx1DYVi1A4peNpvMS6AAAAAAAAAAAAAAAAAAAASAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAQAAAACrGIAAPGZOvHcgAAAAAAAAAAAAACSAAWaGYAABIAAAAAAAAAAAAAAAAAAAAJAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAIAAAAKsYgAA+fZO1Hp4AAAgEgAAAAAAAAAkgAFygAAJAAAAAAAAAAAAAAAAAAABIAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAABAAABVjEAAHz7J2o9PAAA5lWY3HKrswAAAAAAAABJAALlAACQAAAAAAAAAAAAAAAAAASAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAQAACrGIAAPn2Ttx6aAAB5muzGiqp1ItAAAAAAAAAkgAFygAJAAAAAAAAAAAAAAAAABIAAAABlkkAAAAAAAAAAAAAAiMYAAAAAAgyrKgAAAAAAAAAAAAABhEQAIAAKsYgAA51Wo3gAHNrxtdc6ceVrvR6skAxjAgAAAAAEkAAuUAJAAAAAAAAAAAAAAAAAJAAAAAArdWGWvDLEAAAAAAAAAAAADfhs1zLDEAAAAAAJrfZW2agAAAAAAAAAAAAJLGvdXiIAAgAFWMQAAAAAaDjVJhVgqnoigd2BiSV4wAAAAABJAALlASAAAAAAAAAAAAAAAACQAAAAAAK3VR38tbPUAAAAAAAAAAAAB0dPTnr3YYgAAAAABNbcseR08QAAAAAAAAAAAAEr2OXurxEAACACrGIAAPFZOxHdgAVSycatVc8unrYqVbjEyJK0YAAAAAAkgAFyhIAAAAAAAAAAAAAAAJAAAAAAAAFbqo7+Wlnr8fr25JtqvL6XPX0LiAAAAAN+OzZjlhZlLJoz167iB0dPTnr3YYgBhljp26bOjoAAAE1tyx5HTxecw2QdPLHj45+iy16zfWxAAAAN2OecyylAAAws1ZYdbm7a8RAiyvt0bte3PHMQCrGIAAPn2TtR6eAANBtPM5OWe8MYtkGwArRgAAAAACSAAXKkAAAAAAAAAAAAAAAEgAAAAAAAAVuqjv5a2erwGrf6fPX5nHZvT1meu3cQAAAAJW5q3DC45TKTCyrs0gdHT05692GIRZX3aNG3Tljle5ewAAATW3LHkdPF4/Db1rj4zXt6GU3JSl7mWHqM9YAAAFnDbnLBlKABhZnLWz19Xn7K8RGnbpr7tGNxuc3ZswzAgqxiAAD59k7UengADE5NdOrUceuub4kwMiStGAAAAAAJIABdoAAAAAAAAAAAAAACQAAAAAAAAATW2qO/l5mWvy2G3qZYjs5YbkAwXNAAABtxz3Y5jCzKWQVs9WNg6Onpz17sI0bNNfdoxuIymVnT0AbMM4IsA2S7q5HTxcrHPOzh4520s2VZenlj0biAAABZw27McoMbM5RFkGUorZ6+rz9lTLCpu5sMsAN+rfljkANJAAAPNVfjrAAAmLLJLkAAQRZoY4UAAGrbMoAEkAAu0AAAAAAAAAAAAABIAAAAAAAABIArbVHfy1s9XmMNl6znzKrL18sLdnOmXGxy7OWO1KsvQsqLbTnS619PHSmQiyZQK2zVruI6OnpnDZQ38uGWAAAAuc/XX26NeesC3p6LmG3kdPF47Xt2V2ssNUu2zk455JdssWcnHLqZY6Za0uo6dnVyws4bdmOQisLjMsWbMcgK2zVtwzrbNQAAAAAAAAApc/d53yvoq+npvdPB6T1/m9uerZLMoAAEWYWQgAAy5eycMwAJIABdoAAAAAAAAAAAACQAAAAAAAASAABW2qO/loZ6/Ga9uw7OWHJxytWc+ZbkhckA1LTl1nZyxoy/QrjuxzAAFbZq13EdHT05a9tTbo0bdMIAABd5+uvt0as9YFvT0XMNvI6eKpMvDa9tuzmzLu5YVJcDsXHkTLs5Y87HLJAB7HZqs4bdmOWNkkygYWZSyVs9d7V0UNvPhlgAAAAAAAANeG3xXz323ru7yO50cHzHx/qr/T5/rvd+QAAAAAAAAy5eycMwAJIABdoAAAAAAAAAAAASAAAAAAACQAAAKG2qO/lq56+DjncuNeXEzNhXLdm8AHMluWWDUWMNnVlAAFbZq13EdHT05692MYXGrv5tWesZ452dO+n0cou8/XX26NWevPHO1p6M5lvOR08XCxzyNxoMy1ZRlsFmzmy9CzA3oBass4bZlzlA
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1487618249",
        "to_ids": false,
        "type": "attachment",
        "uuid": "58ab40c9-d044-42d6-a243-b3f302de0b81",
        "value": "infection_chain.jpg"
      }
    ]
  }
}
chg: [feed] added 2023-04-21 13:25:09 +00:00			`{`
			`"Event": {`
			`"analysis": "2",`
			`"date": "2017-02-20",`
			`"extends_uuid": "",`
			`"info": "OSINT - The Rise of Dridex and the Role of ESPs",`
			`"publish_timestamp": "1487618315",`
			`"published": true,`
			`"threat_level_id": "3",`
			`"timestamp": "1487618299",`
			`"uuid": "58ab3fb6-6c3c-49e3-8294-b3f202de0b81",`
			`"Orgc": {`
			`"name": "CIRCL",`
			`"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"`
			`},`
			`"Tag": [`
			`{`
			`"colour": "#12e400",`
chg: [export] updated 2023-05-19 09:05:37 +00:00			`"local": "0",`
			`"name": "misp-galaxy:threat-actor=\"Anunak\"",`
			`"relationship_type": ""`
chg: [feed] added 2023-04-21 13:25:09 +00:00			`},`
			`{`
			`"colour": "#0da700",`
chg: [export] updated 2023-05-19 09:05:37 +00:00			`"local": "0",`
			`"name": "misp-galaxy:tool=\"Dridex\"",`
			`"relationship_type": ""`
chg: [feed] added 2023-04-21 13:25:09 +00:00			`},`
			`{`
			`"colour": "#ffffff",`
chg: [export] updated 2023-05-19 09:05:37 +00:00			`"local": "0",`
			`"name": "tlp:white",`
			`"relationship_type": ""`
chg: [feed] added 2023-04-21 13:25:09 +00:00			`},`
			`{`
			`"colour": "#00223b",`
chg: [export] updated 2023-05-19 09:05:37 +00:00			`"local": "0",`
			`"name": "osint:source-type=\"blog-post\"",`
			`"relationship_type": ""`
chg: [feed] added 2023-04-21 13:25:09 +00:00			`},`
			`{`
			`"colour": "#6edb00",`
chg: [export] updated 2023-05-19 09:05:37 +00:00			`"local": "0",`
			`"name": "circl:topic=\"finance\"",`
			`"relationship_type": ""`
chg: [feed] added 2023-04-21 13:25:09 +00:00			`}`
			`],`
			`"Attribute": [`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618050",`
			`"to_ids": false,`
			`"type": "link",`
			`"uuid": "58ab3fed-8664-47ac-b60c-444e02de0b81",`
			`"value": "https://www.govcert.admin.ch/blog/28/the-rise-of-dridex-and-the-role-of-esps",`
			`"Tag": [`
			`{`
			`"colour": "#075200",`
chg: [export] updated 2023-05-19 09:05:37 +00:00			`"local": "0",`
			`"name": "admiralty-scale:source-reliability=\"b\"",`
			`"relationship_type": ""`
chg: [feed] added 2023-04-21 13:25:09 +00:00			`},`
			`{`
			`"colour": "#00223b",`
chg: [export] updated 2023-05-19 09:05:37 +00:00			`"local": "0",`
			`"name": "osint:source-type=\"blog-post\"",`
			`"relationship_type": ""`
chg: [feed] added 2023-04-21 13:25:09 +00:00			`}`
			`]`
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618273",`
			`"to_ids": false,`
			`"type": "text",`
			`"uuid": "58ab4023-6630-4448-a573-4ee402de0b81",`
			"value": "Last week, we have warned Swiss citizens about a new malspam run targeting exclusively Swiss internet users. The attack aimed to infect them with Dridex. Dridex is a sophisticated eBanking Trojan that emerged from the code base of Bugat / Cridex in 2014. Despite takedown attempts by the security industry and several arrests conducted by the FBI in 2015, the botnet is still very active. In 2016, MELANI / GovCERT.ch became aware of a handful of highly sophisticated attacks against small and medium businesses (SMB) in Switzerland aiming to steal large amounts of money by targeting offline payment software. During our incident response in 2016, we could identify Dridex to be the initial infection vector, which had arrived in the victim\u00e2\u20ac\u2122s mailbox by malicious Office Word documents, and uncovered the installation of a sophisticated malware called Carbanak, used by the attacker for lateral movement and conducting the actual fraud. Between 2013 and 2015, the Carbanak malware was used to steal approximately 1 billion USD from banks worldwide.",
			`"Tag": [`
			`{`
			`"colour": "#00223b",`
chg: [export] updated 2023-05-19 09:05:37 +00:00			`"local": "0",`
			`"name": "osint:source-type=\"blog-post\"",`
			`"relationship_type": ""`
chg: [feed] added 2023-04-21 13:25:09 +00:00			`},`
			`{`
			`"colour": "#075200",`
chg: [export] updated 2023-05-19 09:05:37 +00:00			`"local": "0",`
			`"name": "admiralty-scale:source-reliability=\"b\"",`
			`"relationship_type": ""`
chg: [feed] added 2023-04-21 13:25:09 +00:00			`}`
			`]`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "On port 1843",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618131",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58ab4053-54f8-44b6-9e2b-4a3102de0b81",`
			`"value": "109.235.76.95"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "On port 443",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618131",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58ab4053-4780-4e80-b48b-4b1b02de0b81",`
			`"value": "136.243.209.34"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "On port 4431",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618132",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58ab4054-4580-4a28-8122-445202de0b81",`
			`"value": "159.226.92.9"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "On port 443",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618133",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58ab4055-a368-4f79-b8e1-45a002de0b81",`
			`"value": "173.196.157.250"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "On port 8443",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618134",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58ab4056-3390-43d0-9d25-4c3f02de0b81",`
			`"value": "178.195.0.12"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "On port 3101",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618135",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58ab4057-593c-40e8-b9f3-43b802de0b81",`
			`"value": "194.150.118.25"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "On port 443",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618136",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58ab4058-6bd0-418d-a485-446102de0b81",`
			`"value": "195.22.127.26"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "On port 443",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618136",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58ab4058-11b0-49c0-97de-4dbe02de0b81",`
			`"value": "82.99.60.26"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "On port 8443",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618137",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58ab4059-2f24-48c6-8b5e-4cd402de0b81",`
			`"value": "89.35.178.115"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "On port 8443",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618138",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58ab405a-8ecc-4329-962d-4d9b02de0b81",`
			`"value": "179.177.114.30"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "On port 8443",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618139",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58ab405b-3b58-4ce5-b80e-48bd02de0b81",`
			`"value": "154.0.171.105"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "On port 8443",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618139",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58ab405b-21a4-4dd2-8f00-4df002de0b81",`
			`"value": "95.208.65.134"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "On port 8443",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618140",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58ab405c-2b20-4376-ad58-4ce702de0b81",`
			`"value": "81.130.131.55"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "On port 4433",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618141",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58ab405d-4ee0-48f5-a7ce-44d702de0b81",`
			`"value": "77.236.97.60"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "On port 443",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618142",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58ab405e-c340-41a5-bf64-490002de0b81",`
			`"value": "198.167.136.139"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "On port 5353",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618142",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58ab405e-03ac-4b58-91c0-4c7102de0b81",`
			`"value": "209.20.67.87"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "On port 443",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618143",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58ab405f-bfbc-461e-9a9a-4e8a02de0b81",`
			`"value": "213.222.56.155"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "On port 4043",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618144",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58ab4060-5550-4968-bc53-414202de0b81",`
			`"value": "216.51.232.176"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "On port 443",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618145",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58ab4061-c8fc-4d17-ac46-413802de0b81",`
			`"value": "37.0.26.34"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "On port 8343",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618145",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58ab4061-01cc-429c-8931-40d802de0b81",`
			`"value": "37.139.21.245"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "On port 443",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618146",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58ab4062-0eb8-4397-81d9-4be402de0b81",`
			`"value": "46.17.3.237"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "On port 8443",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618147",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58ab4063-4f9c-4a5d-8e44-4bf402de0b81",`
			`"value": "81.155.55.211"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "On port 8443",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618148",`
			`"to_ids": true,`
			`"type": "ip-dst",`
			`"uuid": "58ab4064-be9c-41a1-987c-433902de0b81",`
			`"value": "86.130.54.90"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Dridex payload:",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618168",`
			`"to_ids": true,`
			`"type": "url",`
			`"uuid": "58ab4078-9f34-471d-bdeb-410102de0b81",`
			`"value": "https://talofinancial-my.sharepoint.com/personal/ashleigh_schipp_talofinancial_com_au/_layouts/15/guestaccess.aspx?docid=07697c8afb3e544808bf527394eb7154b&authkey=Adh6QVItbnSLOpXvxh_BfCs"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "Dridex payload:",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618168",`
			`"to_ids": true,`
			`"type": "url",`
			`"uuid": "58ab4078-e588-4f2b-937b-413e02de0b81",`
			`"value": "https://yemposolutions-my.sharepoint.com/personal/amor_novicio_yempo-solu-tions_com/_layouts/15/guestaccess.aspx?docid=0ce03b9fd12d949cf91f56a7d1fbf4b93&authkey=ASOCPusN_QaBSXcCPxEkT9s"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "JS download",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618206",`
			`"to_ids": true,`
			`"type": "url",`
			`"uuid": "58ab409e-d2d0-4b6f-878a-49aa02de0b81",`
			`"value": "https://jensenbowers-my.sharepoint.com/personal/leeanderson_jensenbowers_com_au/_layouts/15/download.aspx?docid=068187f5a930340c89e3b7c5c9b9c24f7&authkey=AarHUbAy66DSX08VzRPQ25w"`
			`},`
			`{`
			`"category": "Network activity",`
			`"comment": "JS download",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618206",`
			`"to_ids": true,`
			`"type": "url",`
			`"uuid": "58ab409e-c224-41bb-8058-45bd02de0b81",`
			`"value": "https://jensenbowers-my.sharepoint.com/personal/leeanderson_jensenbowers_com_au/_layouts/15/guestaccess.aspx?docid=068187f5a930340c89e3b7c5c9b9c24f7&authkey=AarHUbAy66DSX08VzRPQ25w"`
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			"data": "/9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAAPAAA/+4AJkFkb2JlAGTAAAAAAQMAFQQDBgoNAADZfQABcWcAAlGrAANJfP/bAIQABgQEBAUEBgUFBgkGBQYJCwgGBggLDAoKCwoKDBAMDAwMDAwQDA4PEA8ODBMTFBQTExwbGxscHx8fHx8fHx8fHwEHBwcNDA0YEBAYGhURFRofHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8f/8IAEQgF6gWmAwERAAIRAQMRAf/EARMAAQACAwEBAQAAAAAAAAAAAAABBAIDBQYHCAEBAQADAQEAAAAAAAAAAAAAAAECAwQFBhAAAAUDAQYFAwQCAwACAwEAAAECAwQREgUQIEAxExQGMFBgMhUhNDVwQTMWIjZCIyQlRrDAQyYRAAIBAgQBBggLBAgEBQMEAwECAwARITESBBNBUWFxIjIQQIGRscEUBSAwUKHRQlJyIzM0YGKSc3Dw4YKywkMk8VOTs6Lig3QV0mOj8kQlBmSENRIAAQMCBAYCAwEAAAAAAAAAEQABIRBwIGAxYVCAkLDAQTCgUQISIhMBAAIBAgQEBgMBAQEBAQEAAQARITFhEEFRcSAw8KFAUIGRsdFgwfHhcICQsMD/2gAMAwEAAhEDEQAAAfeYAAAAAAAAAAAAAAAAAABIAAAAAAABIAAAAAAAAAAAAAAAAAIAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABJAAAAAAAAAAAAAAAAABIAAAAAAAJAAAAAAAAAAAAAAAAAAAAABAAAAAAABAAAAAAAAAAAAAABiZA5p0isYmZYAABUBbAOIdsAAwMwAAAAAACSAAAAAAAAAAAAAAAACQAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAQAAAAAAAAAAAAeOrYXTzpfMDAunLBZPbwPK1RNJgdEqlg4Z3ziHRPWRTPPV3I7wAAAAAAJIAAAAAAAAAAAAAAAJAAAAAABIAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAABAAAAAAAAAAABiazceUrpxTraajItQOwDzlYmAMgaToRWoXY7AKxZAAAAAAAJIAAAAAAAAAAAAAAJAAAAAAJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABJAAAAAAAAAAAAAAJAAAAABIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAABAAAAAAAAAAAAAAABzatRYAAAAAAAAAAAAAAJIAB87ydA97GgwLBkAACgSYHSAAAAAAAAAAAAAABIAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAABAAAAAAABXiAAAfPsnaj08AAAAAAAAAAAAAASQAD5JnOsv1HF8Pr0x7Q1mZSPRR5+rh5osFc95AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAqxiAAD59k7UengAAAAAAAAAAAAACSAAfJM51l+o4vh1ejPRHkDzx6Q9Scg8kegO6aj3kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAACrGIAAObVqLAAAAAAAAAAAAAABJAAPkmc6y/UcXxGvemsg8keyOUecKh6E7pqPeQAAAAAAAAAAAAAAAAAAAAAAAAJAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAKsYgAAAAAAAAAAAAAAAAAEkAA+SZzrL9RxcWqx1DYVi1A4peNpvMS6AAAAAAAAAAAAAAAAAAAASAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAQAAAACrGIAAPGZOvHcgAAAAAAAAAAAAACSAAWaGYAABIAAAAAAAAAAAAAAAAAAAAJAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAIAAAAKsYgAA+fZO1Hp4AAAgEgAAAAAAAAAkgAFygAAJAAAAAAAAAAAAAAAAAAABIAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAABAAABVjEAAHz7J2o9PAAA5lWY3HKrswAAAAAAAABJAALlAACQAAAAAAAAAAAAAAAAAASAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAQAACrGIAAPn2Ttx6aAAB5muzGiqp1ItAAAAAAAAAkgAFygAJAAAAAAAAAAAAAAAAABIAAAABlkkAAAAAAAAAAAAAAiMYAAAAAAgyrKgAAAAAAAAAAAAABhEQAIAAKsYgAA51Wo3gAHNrxtdc6ceVrvR6skAxjAgAAAAAEkAAuUAJAAAAAAAAAAAAAAAAAJAAAAAArdWGWvDLEAAAAAAAAAAAADfhs1zLDEAAAAAAJrfZW2agAAAAAAAAAAAAJLGvdXiIAAgAFWMQAAAAAaDjVJhVgqnoigd2BiSV4wAAAAABJAALlASAAAAAAAAAAAAAAAACQAAAAAAK3VR38tbPUAAAAAAAAAAAAB0dPTnr3YYgAAAAABNbcseR08QAAAAAAAAAAAAEr2OXurxEAACACrGIAAPFZOxHdgAVSycatVc8unrYqVbjEyJK0YAAAAAAkgAFyhIAAAAAAAAAAAAAAAJAAAAAAAAFbqo7+Wlnr8fr25JtqvL6XPX0LiAAAAAN+OzZjlhZlLJoz167iB0dPTnr3YYgBhljp26bOjoAAAE1tyx5HTxecw2QdPLHj45+iy16zfWxAAAAN2OecyylAAAws1ZYdbm7a8RAiyvt0bte3PHMQCrGIAAPn2TtR6eAANBtPM5OWe8MYtkGwArRgAAAAACSAAXKkAAAAAAAAAAAAAAAEgAAAAAAAAVuqjv5a2erwGrf6fPX5nHZvT1meu3cQAAAAJW5q3DC45TKTCyrs0gdHT05692GIRZX3aNG3Tljle5ewAAATW3LHkdPF4/Db1rj4zXt6GU3JSl7mWHqM9YAAAFnDbnLBlKABhZnLWz19Xn7K8RGnbpr7tGNxuc3ZswzAgqxiAAD59k7UengADE5NdOrUceuub4kwMiStGAAAAAAJIABdoAAAAAAAAAAAAAACQAAAAAAAAATW2qO/l5mWvy2G3qZYjs5YbkAwXNAAABtxz3Y5jCzKWQVs9WNg6Onpz17sI0bNNfdoxuIymVnT0AbMM4IsA2S7q5HTxcrHPOzh4520s2VZenlj0biAAABZw27McoMbM5RFkGUorZ6+rz9lTLCpu5sMsAN+rfljkANJAAAPNVfjrAAAmLLJLkAAQRZoY4UAAGrbMoAEkAAu0AAAAAAAAAAAAABIAAAAAAAABIArbVHfy1s9XmMNl6znzKrL18sLdnOmXGxy7OWO1KsvQsqLbTnS619PHSmQiyZQK2zVruI6OnpnDZQ38uGWAAAAuc/XX26NeesC3p6LmG3kdPF47Xt2V2ssNUu2zk455JdssWcnHLqZY6Za0uo6dnVyws4bdmOQisLjMsWbMcgK2zVtwzrbNQAAAAAAAAApc/d53yvoq+npvdPB6T1/m9uerZLMoAAEWYWQgAAy5eycMwAJIABdoAAAAAAAAAAAACQAAAAAAAASAABW2qO/loZ6/Ga9uw7OWHJxytWc+ZbkhckA1LTl1nZyxoy/QrjuxzAAFbZq13EdHT05a9tTbo0bdMIAABd5+uvt0as9YFvT0XMNvI6eKpMvDa9tuzmzLu5YVJcDsXHkTLs5Y87HLJAB7HZqs4bdmOWNkkygYWZSyVs9d7V0UNvPhlgAAAAAAAANeG3xXz323ru7yO50cHzHx/qr/T5/rvd+QAAAAAAAAy5eycMwAJIABdoAAAAAAAAAAAASAAAAAAACQAAAKG2qO/lq56+DjncuNeXEzNhXLdm8AHMluWWDUWMNnVlAAFbZq13EdHT05692MYXGrv5tWesZ452dO+n0cou8/XX26NWevPHO1p6M5lvOR08XCxzyNxoMy1ZRlsFmzmy9CzA3oBass4bZlzlA
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1487618249",`
			`"to_ids": false,`
			`"type": "attachment",`
			`"uuid": "58ab40c9-d044-42d6-a243-b3f302de0b81",`
			`"value": "infection_chain.jpg"`
			`}`
			`]`
			`}`
			`}`