{ "type": "bundle", "id": "bundle--5c5331ac-c160-4a17-a34f-3da568f8e8cf", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf", "created": "2019-01-31T20:35:34.000Z", "modified": "2019-01-31T20:35:34.000Z", "name": "VK-Intel", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5c5331ac-c160-4a17-a34f-3da568f8e8cf", "created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf", "created": "2019-01-31T20:35:34.000Z", "modified": "2019-01-31T20:35:34.000Z", "name": "2019-01-31: ISFB v2 Installs Dridex \"3101\"", "published": "2019-01-31T20:35:39Z", "object_refs": [ "indicator--5c5331ac-9784-4e2e-8d87-3da568f8e8cf", "indicator--5c5333e3-bdc0-4d4d-88bc-3a8868f8e8cf", "indicator--5c5333f8-415c-4a90-9d03-3a8768f8e8cf", "indicator--5c533442-dcc4-4cf9-96b3-3da768f8e8cf", "indicator--5c53345e-faf4-4d87-a9d4-3daa68f8e8cf", "indicator--5c533480-1348-48e5-a808-512d68f8e8cf", "indicator--5c533480-206c-40d1-9d3c-512d68f8e8cf", "indicator--5c533480-1eb8-458f-8481-512d68f8e8cf", "indicator--5c5334cd-ffdc-4fd3-8666-3a8f68f8e8cf", "indicator--5c5334cd-32e4-47ec-90a2-3a8f68f8e8cf", "indicator--5c5334cd-93e0-4733-a743-3a8f68f8e8cf", "indicator--5c53369e-a31c-4875-9c94-513268f8e8cf" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "Banker: Gozi ISFB v2", "Banker: Dridex", "Botnet \"3101\"", "10291029JSJUYNHG", "misp-galaxy:malpedia=\"Dridex\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c5331ac-9784-4e2e-8d87-3da568f8e8cf", "created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf", "created": "2019-01-31T17:34:36.000Z", "modified": "2019-01-31T17:34:36.000Z", "pattern": "[file:hashes.MD5 = 'dc0cf61f5118914e13699fc94419815a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-31T17:34:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c5333e3-bdc0-4d4d-88bc-3a8868f8e8cf", "created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf", "created": "2019-01-31T17:44:03.000Z", "modified": "2019-01-31T17:44:03.000Z", "description": "ISFB v2 Unpacked", "pattern": "[file:hashes.MD5 = 'dc0cf61f5118914e13699fc94419815a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-31T17:44:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c5333f8-415c-4a90-9d03-3a8768f8e8cf", "created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf", "created": "2019-01-31T17:44:24.000Z", "modified": "2019-01-31T17:44:24.000Z", "description": "ISFB v2 Loader packed", "pattern": "[file:hashes.MD5 = 'd81e207b6ab5630b9f77b8ef383d9adc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-31T17:44:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c533442-dcc4-4cf9-96b3-3da768f8e8cf", "created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf", "created": "2019-01-31T17:45:38.000Z", "modified": "2019-01-31T17:45:38.000Z", "description": "Dridex Loader 3101", "pattern": "[file:hashes.MD5 = '80c732191c362d74f1bad004335e4432']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-31T17:45:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c53345e-faf4-4d87-a9d4-3daa68f8e8cf", "created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf", "created": "2019-01-31T17:46:06.000Z", "modified": "2019-01-31T17:46:06.000Z", "description": "Dridex Hooker", "pattern": "[file:hashes.MD5 = 'd987c99fb2afc70bf0df8e05216da356']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-31T17:46:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c533480-1348-48e5-a808-512d68f8e8cf", "created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf", "created": "2019-01-31T17:46:40.000Z", "modified": "2019-01-31T17:46:40.000Z", "description": "Gozi ISFB v2 Config", "pattern": "[domain-name:value = 'taileenanahi.company']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-31T17:46:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c533480-206c-40d1-9d3c-512d68f8e8cf", "created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf", "created": "2019-01-31T17:46:40.000Z", "modified": "2019-01-31T17:46:40.000Z", "description": "Gozi ISFB v2 Config", "pattern": "[domain-name:value = 'f60vinnie75.city']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-31T17:46:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c533480-1eb8-458f-8481-512d68f8e8cf", "created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf", "created": "2019-01-31T17:46:40.000Z", "modified": "2019-01-31T17:46:40.000Z", "description": "Gozi ISFB v2 Config", "pattern": "[domain-name:value = 'h5441eqzey.fun']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-31T17:46:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c5334cd-ffdc-4fd3-8666-3a8f68f8e8cf", "created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf", "created": "2019-01-31T17:47:57.000Z", "modified": "2019-01-31T17:47:57.000Z", "description": "Dridex 3101 Config", "pattern": "[url:value = '185.236.76.35:443']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-31T17:47:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c5334cd-32e4-47ec-90a2-3a8f68f8e8cf", "created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf", "created": "2019-01-31T17:47:57.000Z", "modified": "2019-01-31T17:47:57.000Z", "description": "Dridex 3101 Config", "pattern": "[url:value = '185.158.251.13:443']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-31T17:47:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c5334cd-93e0-4733-a743-3a8f68f8e8cf", "created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf", "created": "2019-01-31T17:47:57.000Z", "modified": "2019-01-31T17:47:57.000Z", "description": "Dridex 3101 Config", "pattern": "[url:value = '5.188.232.210:443']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-31T17:47:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5c53369e-a31c-4875-9c94-513268f8e8cf", "created_by_ref": "identity--5bfa439e-c978-4dcd-b474-73f568f8e8cf", "created": "2019-01-31T17:55:42.000Z", "modified": "2019-01-31T17:55:42.000Z", "description": "ISFB v214.06 Loader Unpacked", "pattern": "[file:hashes.MD5 = '96deee3639b433eedebbbbc15ee56787']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-01-31T17:55:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }