{ "Event": { "analysis": "2", "date": "2014-11-05", "extends_uuid": "", "info": "OSINT Banking Trojan DRIDEX Uses Macros for Infection blog post from Trend Micro", "publish_timestamp": "1456154050", "published": true, "threat_level_id": "3", "timestamp": "1415269308", "uuid": "545b456e-b8a4-45e0-a895-41c7950d210b", "Orgc": { "name": "CthulhuSPRL.be", "uuid": "55f6ea5f-fd34-43b8-ac1d-40cb950d210f" }, "Tag": [ { "colour": "#004646", "local": "0", "name": "type:OSINT", "relationship_type": "" }, { "colour": "#33FF00", "local": "0", "name": "tlp:green", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415267708", "to_ids": false, "type": "link", "uuid": "545b457c-0d98-4574-8c52-469c950d210b", "value": "http://blog.trendmicro.com/trendlabs-security-intelligence/banking-trojan-dridex-uses-macros-for-infection/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415267720", "to_ids": false, "type": "comment", "uuid": "545b4588-c140-469c-b13f-4eff950d210b", "value": "Data entered by David Andr\u00c3\u00a9" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415267750", "to_ids": false, "type": "text", "uuid": "545b4594-0a98-4b30-8e30-42d3950d210b", "value": "Dridex" }, { "category": "Antivirus detection", "comment": "Trend Micro", "deleted": false, "disable_correlation": false, "timestamp": "1415267776", "to_ids": false, "type": "text", "uuid": "545b45c0-df7c-4297-8f2c-4b39950d210b", "value": "TSPY_DRIDEX.WQJ" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415267824", "to_ids": true, "type": "sha1", "uuid": "545b45f0-9f58-499e-a51d-413b950d210b", "value": "c2c980297d985c0e62e461b76fa584e79a6b3822" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415267824", "to_ids": true, "type": "sha1", "uuid": "545b45f0-da20-4cbc-b8e1-4aaa950d210b", "value": "4dad1a0e024cce9c3a11622b5e5bbe3efbefc4b9" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415267824", "to_ids": true, "type": "sha1", "uuid": "545b45f0-7da4-412d-a291-4812950d210b", "value": "cbd005db36efbdf3aeed5d26fad54554cd734da4" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415267824", "to_ids": true, "type": "sha1", "uuid": "545b45f0-d2ec-4309-9f47-409d950d210b", "value": "bdc7c47001852a8e915f29eaebcf99ffa857c3b5" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415267824", "to_ids": true, "type": "sha1", "uuid": "545b45f0-54fc-45bf-a0fb-46ca950d210b", "value": "b4f4b426457124ecfeec4d5b59b9c2a6c25baaf7" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415267824", "to_ids": true, "type": "sha1", "uuid": "545b45f0-de0c-4e6f-93af-4351950d210b", "value": "b54b06e01c6f735e98d17b156ee8c7a2437b2d68" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415267824", "to_ids": true, "type": "sha1", "uuid": "545b45f0-7314-417e-8a40-49a8950d210b", "value": "f5bf8963f99bd6ad5addcbcf0c81b95eab1cc1ba" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415267824", "to_ids": true, "type": "sha1", "uuid": "545b45f0-ad84-43be-9999-4160950d210b", "value": "bf1fca6f81b3d5a9054ceab9a56c58f248560b34" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415267824", "to_ids": true, "type": "sha1", "uuid": "545b45f0-87c0-4550-9fab-4d3e950d210b", "value": "a7b1a30386928e6320c31279b3473610e0e96192" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415267824", "to_ids": true, "type": "sha1", "uuid": "545b45f0-2624-488d-a557-461d950d210b", "value": "01eeb1debb21dc8933e7b6c1280f7e3f87a88dd0" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415267824", "to_ids": true, "type": "sha1", "uuid": "545b45f0-8360-441e-8c22-4db1950d210b", "value": "0f9c49e08683b811a6c713afc1a37b3a33f58fd8" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415267824", "to_ids": true, "type": "sha1", "uuid": "545b45f0-60f4-43a8-a152-4e10950d210b", "value": "f3a65b6828bee8da06daeb1619b9f1265c4c38c7" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415267824", "to_ids": true, "type": "sha1", "uuid": "545b45f0-3ffc-4fd1-82c1-45bc950d210b", "value": "ae6fe7d7e80d7271b902a482d1ece2a73f082eba" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415267824", "to_ids": true, "type": "sha1", "uuid": "545b45f0-f514-481f-adc2-46f1950d210b", "value": "46ff15b415407babb60becc19d259752c2be77cd" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415267824", "to_ids": true, "type": "sha1", "uuid": "545b45f1-faa4-4768-abe8-43ec950d210b", "value": "911a77e67ababc355a2aa169149de88480ab1768" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415267825", "to_ids": true, "type": "sha1", "uuid": "545b45f1-1dc0-42d3-8a58-41a2950d210b", "value": "7714f4d42c7b1608be281cb288c07baf8ff35501" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415267900", "to_ids": false, "type": "link", "uuid": "545b463c-96e4-4244-905f-472f950d210b", "value": "http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/TSPY_DRIDEX.WQJ" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415268211", "to_ids": false, "type": "link", "uuid": "545b4773-2f60-4675-ac08-44fa950d210b", "value": "https://www.virustotal.com/en/file/bc77bf0cc6b1efd3f10458f398719b7db5a93ba78ea61bbe9e3831a423e6aa2d/analysis/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415268233", "to_ids": true, "type": "ip-dst", "uuid": "545b4789-ccec-4dc6-b6f7-4b84950d210b", "value": "62.75.184.70" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415268233", "to_ids": true, "type": "ip-dst", "uuid": "545b4789-8524-46b7-ba8c-4849950d210b", "value": "116.48.157.176" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1415269308", "to_ids": false, "type": "link", "uuid": "545b4bbc-4b2c-4a24-af11-065a950d210b", "value": "https://malwr.com/analysis/OGY0MmQ4MmNhNDllNGFlOWExZTg5YjI3MzI3ZTcyNDk/" }, { "category": "Payload delivery", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1415269343", "to_ids": true, "type": "md5", "uuid": "545b4bdf-4524-4339-ae0d-0ec3950d210b", "value": "5fce64eb222aa41e4fb967e9d8fb6a22" }, { "category": "Payload delivery", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1415269343", "to_ids": true, "type": "sha1", "uuid": "545b4bdf-ce20-4271-b157-0ec3950d210b", "value": "c2c980297d985c0e62e461b76fa584e79a6b3822" }, { "category": "Payload delivery", "comment": "Imported via the freetext import.", "deleted": false, "disable_correlation": false, "timestamp": "1415269343", "to_ids": true, "type": "sha256", "uuid": "545b4bdf-0178-4414-98a7-0ec3950d210b", "value": "bc77bf0cc6b1efd3f10458f398719b7db5a93ba78ea61bbe9e3831a423e6aa2d" }, { "category": "External analysis", "comment": "Automatically added (via 4dad1a0e024cce9c3a11622b5e5bbe3efbefc4b9)", "deleted": false, "disable_correlation": false, "timestamp": "1455833217", "to_ids": true, "type": "md5", "uuid": "56c64081-b468-4aca-9607-499a950d210f", "value": "37e3ec6c9569bd7035b440c24af108fd" }, { "category": "External analysis", "comment": "Automatically added (via bdc7c47001852a8e915f29eaebcf99ffa857c3b5)", "deleted": false, "disable_correlation": false, "timestamp": "1455833220", "to_ids": true, "type": "md5", "uuid": "56c64084-84a8-441e-a019-5f51950d210f", "value": "bb0b440cbac54114d04648be6f2fe26d" }, { "category": "External analysis", "comment": "Automatically added (via b54b06e01c6f735e98d17b156ee8c7a2437b2d68)", "deleted": false, "disable_correlation": false, "timestamp": "1455833222", "to_ids": true, "type": "md5", "uuid": "56c64086-c808-4ab2-8ae8-599c950d210f", "value": "071b380d6b422dd83f14fa0a3bceb347" }, { "category": "External analysis", "comment": "Automatically added (via 4dad1a0e024cce9c3a11622b5e5bbe3efbefc4b9)", "deleted": false, "disable_correlation": false, "timestamp": "1455833219", "to_ids": true, "type": "sha256", "uuid": "56c64083-070c-4f29-9b4b-4d83950d210f", "value": "59e49cd21ff679582fbd65dd904ac9197c0b3d9d38de64184f67aecdd2b24f84" }, { "category": "External analysis", "comment": "Automatically added (via bdc7c47001852a8e915f29eaebcf99ffa857c3b5)", "deleted": false, "disable_correlation": false, "timestamp": "1455833221", "to_ids": true, "type": "sha256", "uuid": "56c64085-9854-412c-9de4-59a4950d210f", "value": "d6d846ae3751495ef398ce5af5facfb460ec76b0cb02992905576542d6e548d7" }, { "category": "External analysis", "comment": "Automatically added (via b54b06e01c6f735e98d17b156ee8c7a2437b2d68)", "deleted": false, "disable_correlation": false, "timestamp": "1455833223", "to_ids": true, "type": "sha256", "uuid": "56c64087-1b5c-4e66-a1f9-c651950d210f", "value": "f1e40b2c8e6669a1886f33644e99e43f862c7225e8704a959a325fb333c13741" } ] } }