{
"Event": {
"analysis": "2",
"date": "2016-03-15",
"extends_uuid": "",
"info": "Dridex botnet 222 (20160315)",
"publish_timestamp": "1458077736",
"published": true,
"threat_level_id": "3",
"timestamp": "1458077708",
"uuid": "56e87ebe-7b6c-4008-bcfd-42a302de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077431",
"to_ids": false,
"type": "link",
"uuid": "56e87ef7-abb8-4ce0-8154-418602de0b81",
"value": "https://www.virustotal.com/en/file/4030b3b7393c61f25ebf225dc619f6bd4000f94d62a0c42c7b83e7460e0ed010/analysis/"
},
{
"category": "Payload installation",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077445",
"to_ids": true,
"type": "sha256",
"uuid": "56e87f05-b4f8-49a2-b5c6-4be602de0b81",
"value": "4030b3b7393c61f25ebf225dc619f6bd4000f94d62a0c42c7b83e7460e0ed010"
},
{
"category": "Payload installation",
"comment": "- Xchecked via VT: 4030b3b7393c61f25ebf225dc619f6bd4000f94d62a0c42c7b83e7460e0ed010",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077479",
"to_ids": true,
"type": "sha1",
"uuid": "56e87f27-eb34-4eb1-ab7b-4f5d02de0b81",
"value": "b1259b8287e38e79a2afc003471fe4750edefdaa"
},
{
"category": "Payload installation",
"comment": "- Xchecked via VT: 4030b3b7393c61f25ebf225dc619f6bd4000f94d62a0c42c7b83e7460e0ed010",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077479",
"to_ids": true,
"type": "md5",
"uuid": "56e87f27-02dc-4fa1-9c84-42c602de0b81",
"value": "f71977440032b680e91baef49d9ca7f8"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077480",
"to_ids": false,
"type": "link",
"uuid": "56e87f28-adfc-40e4-bada-4cb502de0b81",
"value": "https://www.virustotal.com/file/4030b3b7393c61f25ebf225dc619f6bd4000f94d62a0c42c7b83e7460e0ed010/analysis/1458053512/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077555",
"to_ids": true,
"type": "url",
"uuid": "56e87f73-cfbc-449d-bbc3-4fde02de0b81",
"value": "https://158.255.193.15:4331/0/0/1/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077556",
"to_ids": true,
"type": "url",
"uuid": "56e87f74-71f8-41d9-8ddb-4fa302de0b81",
"value": "https://158.255.193.15:4331/0/1/1/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077556",
"to_ids": true,
"type": "url",
"uuid": "56e87f74-3050-4f11-b734-465b02de0b81",
"value": "https://158.255.193.15:4331/0/1/2/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077556",
"to_ids": true,
"type": "url",
"uuid": "56e87f74-7e28-4ee0-8a54-424b02de0b81",
"value": "https://158.255.193.15:4331/0/1/3/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077557",
"to_ids": true,
"type": "url",
"uuid": "56e87f75-8cc4-482b-b402-40fa02de0b81",
"value": "https://158.255.193.15:4331/0/2/1/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077557",
"to_ids": true,
"type": "url",
"uuid": "56e87f75-a32c-4a93-87e0-4f4702de0b81",
"value": "https://158.255.193.15:4331/0/2/2/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077557",
"to_ids": true,
"type": "url",
"uuid": "56e87f75-3c10-4dd6-8006-451502de0b81",
"value": "https://158.255.193.15:4331/0/3/1/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077558",
"to_ids": true,
"type": "url",
"uuid": "56e87f76-d284-48e3-b743-496702de0b81",
"value": "https://158.255.193.15:4331/0/3/2/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077558",
"to_ids": true,
"type": "url",
"uuid": "56e87f76-cc7c-4716-8e92-4e5602de0b81",
"value": "https://158.255.193.15:4331/0/3/3/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077558",
"to_ids": true,
"type": "url",
"uuid": "56e87f76-ad90-4a2c-aa9a-4fec02de0b81",
"value": "https://158.255.193.15:4331/2/09Zpm2kAxBn6kzsP_logon/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077559",
"to_ids": true,
"type": "url",
"uuid": "56e87f77-2f48-43c4-9a30-4d9d02de0b81",
"value": "https://158.255.193.15:4331/2/5GKESykA88VV9kVk_logon/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077559",
"to_ids": true,
"type": "url",
"uuid": "56e87f77-9cdc-4bcc-b5f7-40a502de0b81",
"value": "https://158.255.193.15:4331/2/5vgOnl464R46YHaW_logon/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077559",
"to_ids": true,
"type": "url",
"uuid": "56e87f77-2bd0-47f5-a4bf-483902de0b81",
"value": "https://158.255.193.15:4331/2/bosbiz_logon/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077559",
"to_ids": true,
"type": "url",
"uuid": "56e87f77-cdb8-440e-9991-4e4002de0b81",
"value": "https://158.255.193.15:4331/2/cybiz_logon/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077560",
"to_ids": true,
"type": "url",
"uuid": "56e87f78-f264-43ad-8138-4a5d02de0b81",
"value": "https://158.255.193.15:4331/2/Euxx6OyGjUA92S6m_logon/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077560",
"to_ids": true,
"type": "url",
"uuid": "56e87f78-4298-44e3-b60a-42f702de0b81",
"value": "https://158.255.193.15:4331/2/Euxx6OyGjUA92S6m_logon/default_redirect.js"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077561",
"to_ids": true,
"type": "url",
"uuid": "56e87f79-9b2c-4187-ba5a-437502de0b81",
"value": "https://158.255.193.15:4331/2/Euxx6OyGjUA92S6m_logon/files/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077561",
"to_ids": true,
"type": "url",
"uuid": "56e87f79-571c-427a-b237-4e6402de0b81",
"value": "https://158.255.193.15:4331/2/hsbcnet_logon/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077561",
"to_ids": true,
"type": "url",
"uuid": "56e87f79-0104-4d80-a0f6-440002de0b81",
"value": "https://158.255.193.15:4331/2/lloydsbiz_logon/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077562",
"to_ids": true,
"type": "url",
"uuid": "56e87f7a-a3ec-41b7-a7fa-476002de0b81",
"value": "https://158.255.193.15:4331/2/lloydscorp_logon/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077562",
"to_ids": true,
"type": "url",
"uuid": "56e87f7a-64a0-4b59-9228-4a5602de0b81",
"value": "https://158.255.193.15:4331/2/lloydslink_logon/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077562",
"to_ids": true,
"type": "url",
"uuid": "56e87f7a-9030-44f7-bf32-439602de0b81",
"value": "https://158.255.193.15:4331/2/nationwide_logon/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077563",
"to_ids": true,
"type": "url",
"uuid": "56e87f7b-2050-481f-bd93-48f802de0b81",
"value": "https://158.255.193.15:4331/2/santacorp_logon/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077563",
"to_ids": true,
"type": "url",
"uuid": "56e87f7b-d670-4c97-b119-47b702de0b81",
"value": "https://158.255.193.15:4331/2/tsbbiz_logon/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077563",
"to_ids": true,
"type": "url",
"uuid": "56e87f7b-ab3c-4b61-817a-454702de0b81",
"value": "https://158.255.193.15:4331/2/XlxFi7aP7bK5w2vW_logon/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077564",
"to_ids": true,
"type": "url",
"uuid": "56e87f7c-7db8-4f24-b556-4a4f02de0b81",
"value": "https://158.255.193.15:4331/2/Ya4SYLq6fbMz712y_logon/"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077564",
"to_ids": true,
"type": "url",
"uuid": "56e87f7c-d510-45e7-a09b-4a8802de0b81",
"value": "https://5.152.201.6:4331/eatlightas"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077564",
"to_ids": true,
"type": "url",
"uuid": "56e87f7c-a0bc-4e02-810f-49a002de0b81",
"value": "https://5.152.201.6:4331/humantangible"
},
{
"category": "Network activity",
"comment": "Imported via the freetext import.",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077565",
"to_ids": true,
"type": "url",
"uuid": "56e87f7d-4e9c-4555-a70c-415002de0b81",
"value": "https://93.186.184.135:4243/eatlightas"
},
{
"category": "Network activity",
"comment": "On port 643",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077593",
"to_ids": true,
"type": "ip-dst",
"uuid": "56e87f99-ca78-4783-93a3-419f02de0b81",
"value": "210.209.89.107"
},
{
"category": "Network activity",
"comment": "On port 4113",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077593",
"to_ids": true,
"type": "ip-dst",
"uuid": "56e87f99-4814-426d-99fc-40b402de0b81",
"value": "213.192.1.178"
},
{
"category": "Network activity",
"comment": "On port 4843",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077594",
"to_ids": true,
"type": "ip-dst",
"uuid": "56e87f9a-2510-4bb9-8e43-42f502de0b81",
"value": "87.117.242.31"
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077614",
"to_ids": true,
"type": "ip-dst",
"uuid": "56e87fae-b260-44f9-a932-4d1602de0b81",
"value": "154.66.148.52"
},
{
"category": "Network activity",
"comment": "On port 444",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077614",
"to_ids": true,
"type": "ip-dst",
"uuid": "56e87fae-cd88-431e-8fa6-439a02de0b81",
"value": "212.183.20.78"
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077615",
"to_ids": true,
"type": "ip-dst",
"uuid": "56e87faf-71cc-46ee-a650-41de02de0b81",
"value": "41.79.173.47"
},
{
"category": "Targeting data",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077670",
"to_ids": false,
"type": "comment",
"uuid": "56e87fe6-60d4-4af7-9f3d-4f2502de0b81",
"value": "^https://ibank1\\.bib\\.barclays\\.com/logon/bibapplication.+LOGON\\.VALIDATE\\.SIGNED\r\n^https://entreprises\\.secure\\.societegenerale\\.fr/authent\\.html\r\n^https://www\\.labanquepostale\\.fr/grands-institutionnels\\.html\r\n^http://barclays\\.tenalps\\.com\r\n^https://shavar\\.services\\.mozilla\\.com/\r\n^https://urs\\.microsoft\\.com/\r\n^https://localhost.*/skypectoc/\r\n^http://.+/workbench/\r\n^https?://www\\.ce-g3-enligne\\.credit-agricole\\.fr/\r\n^https://entreprises\\.societegenerale\\.fr/\r\n^https://entreprises\\.certif\\.societegenerale\\.fr/authent\\.html\r\n^http://.+/MULTIVERSA\r\n^https://www\\.labanquepostale\\.fr/grandes-entreprises\\.html\r\n^https?://www\\.ca-paris\\.fr/\r\n^https://www\\.labanquepostale\\.fr/professionnels\\.html\r\n^https://professionnels\\.secure.societegenerale\\.fr/$\r\n^https://professionnels\\.societegenerale\\.fr/$\r\n^https://entreprises\\.bnpparibas\\.net/NSAccess\r\n^https://www2\\.bancopopular\\.es/\r\n^https://www\\.normand-g3-enligne\\.credit-agricole\\.fr/stb/\r\n^https?://www\\.net\\d+\\.caisse-epargne\\.fr/\r\n^https://www\\.anjou-maine-ediweb\\.credit-agricole\\.fr\r\n^https://statso\\.par\\.societegenerale\\.fr\r\n^https://.+\\.fr/stb/entreeBam\r\n^https?://particuliers\\.secure\\.societegenerale\\.fr\r\n^https://rib\\.ecobank\\.com/ecobankburkina/internet\r\n^https://ibank\\.humebank\\.com\\.au/mvp/signon/login\\.asp\r\n^https://cashmanagement\\.barclays\\.net/portalservices/forms/login\\.pser\\?TYPE.+cashmanagement\r\n^https://corporate\\.santander\\.co\\.uk/LOGSCU_NS_ENS/BtoChannelDriver\\.bto\r\n^https://corporate\\.santander\\.co\\.uk/(SCU_AUTHOR_ENS|SCU_PAYMNT_ENS)/\r\n^https://professionnels\\.secure\\.lcl\\.fr/outil/UAUT/Accueil/preRoutageLogin\r\n^https://secure1\\.entreprises\\.bnpparibas\\.net/sommaire/jsp/identification\\.jsp\r\n^https://www\\.caisse-epargne\\.fr/particuliers/normandie/accueil\\.aspx"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458077708",
"to_ids": false,
"type": "comment",
"uuid": "56e8800c-8fb4-4d45-b4da-4d1d02de0b81",
"value": "222\r\n196796"
}
]
}
}