{ "Event": { "analysis": "0", "date": "2019-01-31", "extends_uuid": "", "info": "2019-01-31: ISFB v2 Installs Dridex \"3101\"", "publish_timestamp": "1548966939", "published": true, "threat_level_id": "2", "timestamp": "1548966934", "uuid": "5c5331ac-c160-4a17-a34f-3da568f8e8cf", "Orgc": { "name": "VK-Intel", "uuid": "5bfa439e-c978-4dcd-b474-73f568f8e8cf" }, "Tag": [ { "colour": "#20ad13", "name": "Banker: Gozi ISFB v2" }, { "colour": "#6f236b", "name": "Banker: Dridex" }, { "colour": "#bcdb18", "name": "Botnet \"3101\"" }, { "colour": "#000000", "name": "10291029JSJUYNHG" }, { "colour": "#0088cc", "name": "misp-galaxy:malpedia=\"Dridex\"" }, { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#0071c3", "name": "osint:lifetime=\"perpetual\"" }, { "colour": "#0087e8", "name": "osint:certainty=\"50\"" }, { "colour": "#ffffff", "name": "tlp:white" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1548956076", "to_ids": true, "type": "md5", "uuid": "5c5331ac-9784-4e2e-8d87-3da568f8e8cf", "value": "dc0cf61f5118914e13699fc94419815a" }, { "category": "Payload installation", "comment": "ISFB v2 Unpacked", "deleted": false, "disable_correlation": false, "timestamp": "1548956643", "to_ids": true, "type": "md5", "uuid": "5c5333e3-bdc0-4d4d-88bc-3a8868f8e8cf", "value": "dc0cf61f5118914e13699fc94419815a" }, { "category": "Payload installation", "comment": "ISFB v2 Loader packed", "deleted": false, "disable_correlation": false, "timestamp": "1548956664", "to_ids": true, "type": "md5", "uuid": "5c5333f8-415c-4a90-9d03-3a8768f8e8cf", "value": "d81e207b6ab5630b9f77b8ef383d9adc" }, { "category": "Payload installation", "comment": "Dridex Loader 3101", "deleted": false, "disable_correlation": false, "timestamp": "1548956738", "to_ids": true, "type": "md5", "uuid": "5c533442-dcc4-4cf9-96b3-3da768f8e8cf", "value": "80c732191c362d74f1bad004335e4432" }, { "category": "Payload installation", "comment": "Dridex Hooker", "deleted": false, "disable_correlation": false, "timestamp": "1548956766", "to_ids": true, "type": "md5", "uuid": "5c53345e-faf4-4d87-a9d4-3daa68f8e8cf", "value": "d987c99fb2afc70bf0df8e05216da356" }, { "category": "Network activity", "comment": "Gozi ISFB v2 Config", "deleted": false, "disable_correlation": false, "timestamp": "1548956800", "to_ids": true, "type": "domain", "uuid": "5c533480-1348-48e5-a808-512d68f8e8cf", "value": "taileenanahi.company" }, { "category": "Network activity", "comment": "Gozi ISFB v2 Config", "deleted": false, "disable_correlation": false, "timestamp": "1548956800", "to_ids": true, "type": "domain", "uuid": "5c533480-206c-40d1-9d3c-512d68f8e8cf", "value": "f60vinnie75.city" }, { "category": "Network activity", "comment": "Gozi ISFB v2 Config", "deleted": false, "disable_correlation": false, "timestamp": "1548956800", "to_ids": true, "type": "domain", "uuid": "5c533480-1eb8-458f-8481-512d68f8e8cf", "value": "h5441eqzey.fun" }, { "category": "Network activity", "comment": "Dridex 3101 Config", "deleted": false, "disable_correlation": false, "timestamp": "1548956877", "to_ids": true, "type": "url", "uuid": "5c5334cd-ffdc-4fd3-8666-3a8f68f8e8cf", "value": "185.236.76.35:443" }, { "category": "Network activity", "comment": "Dridex 3101 Config", "deleted": false, "disable_correlation": false, "timestamp": "1548956877", "to_ids": true, "type": "url", "uuid": "5c5334cd-32e4-47ec-90a2-3a8f68f8e8cf", "value": "185.158.251.13:443" }, { "category": "Network activity", "comment": "Dridex 3101 Config", "deleted": false, "disable_correlation": false, "timestamp": "1548956877", "to_ids": true, "type": "url", "uuid": "5c5334cd-93e0-4733-a743-3a8f68f8e8cf", "value": "5.188.232.210:443" }, { "category": "Payload installation", "comment": "ISFB v214.06 Loader Unpacked", "deleted": false, "disable_correlation": false, "timestamp": "1548957342", "to_ids": true, "type": "md5", "uuid": "5c53369e-a31c-4875-9c94-513268f8e8cf", "value": "96deee3639b433eedebbbbc15ee56787" } ] } }