misp-circl-feed/feeds/circl/misp/5c5331ac-c160-4a17-a34f-3da568f8e8cf.json

{
  "Event": {
    "analysis": "0",
    "date": "2019-01-31",
    "extends_uuid": "",
    "info": "2019-01-31: ISFB v2 Installs Dridex \"3101\"",
    "publish_timestamp": "1548966939",
    "published": true,
    "threat_level_id": "2",
    "timestamp": "1548966934",
    "uuid": "5c5331ac-c160-4a17-a34f-3da568f8e8cf",
    "Orgc": {
      "name": "VK-Intel",
      "uuid": "5bfa439e-c978-4dcd-b474-73f568f8e8cf"
    },
    "Tag": [
      {
        "colour": "#20ad13",
        "local": false,
        "name": "Banker: Gozi ISFB v2",
        "relationship_type": ""
      },
      {
        "colour": "#6f236b",
        "local": false,
        "name": "Banker: Dridex",
        "relationship_type": ""
      },
      {
        "colour": "#bcdb18",
        "local": false,
        "name": "Botnet \"3101\"",
        "relationship_type": ""
      },
      {
        "colour": "#000000",
        "local": false,
        "name": "10291029JSJUYNHG",
        "relationship_type": ""
      },
      {
        "colour": "#0088cc",
        "local": false,
        "name": "misp-galaxy:malpedia=\"Dridex\"",
        "relationship_type": ""
      },
      {
        "colour": "#004646",
        "local": false,
        "name": "type:OSINT",
        "relationship_type": ""
      },
      {
        "colour": "#0071c3",
        "local": false,
        "name": "osint:lifetime=\"perpetual\"",
        "relationship_type": ""
      },
      {
        "colour": "#0087e8",
        "local": false,
        "name": "osint:certainty=\"50\"",
        "relationship_type": ""
      },
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:white",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1548956076",
        "to_ids": true,
        "type": "md5",
        "uuid": "5c5331ac-9784-4e2e-8d87-3da568f8e8cf",
        "value": "dc0cf61f5118914e13699fc94419815a"
      },
      {
        "category": "Payload installation",
        "comment": "ISFB v2 Unpacked",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1548956643",
        "to_ids": true,
        "type": "md5",
        "uuid": "5c5333e3-bdc0-4d4d-88bc-3a8868f8e8cf",
        "value": "dc0cf61f5118914e13699fc94419815a"
      },
      {
        "category": "Payload installation",
        "comment": "ISFB v2 Loader packed",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1548956664",
        "to_ids": true,
        "type": "md5",
        "uuid": "5c5333f8-415c-4a90-9d03-3a8768f8e8cf",
        "value": "d81e207b6ab5630b9f77b8ef383d9adc"
      },
      {
        "category": "Payload installation",
        "comment": "Dridex Loader 3101",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1548956738",
        "to_ids": true,
        "type": "md5",
        "uuid": "5c533442-dcc4-4cf9-96b3-3da768f8e8cf",
        "value": "80c732191c362d74f1bad004335e4432"
      },
      {
        "category": "Payload installation",
        "comment": "Dridex Hooker",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1548956766",
        "to_ids": true,
        "type": "md5",
        "uuid": "5c53345e-faf4-4d87-a9d4-3daa68f8e8cf",
        "value": "d987c99fb2afc70bf0df8e05216da356"
      },
      {
        "category": "Network activity",
        "comment": "Gozi ISFB v2 Config",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1548956800",
        "to_ids": true,
        "type": "domain",
        "uuid": "5c533480-1348-48e5-a808-512d68f8e8cf",
        "value": "taileenanahi.company"
      },
      {
        "category": "Network activity",
        "comment": "Gozi ISFB v2 Config",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1548956800",
        "to_ids": true,
        "type": "domain",
        "uuid": "5c533480-206c-40d1-9d3c-512d68f8e8cf",
        "value": "f60vinnie75.city"
      },
      {
        "category": "Network activity",
        "comment": "Gozi ISFB v2 Config",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1548956800",
        "to_ids": true,
        "type": "domain",
        "uuid": "5c533480-1eb8-458f-8481-512d68f8e8cf",
        "value": "h5441eqzey.fun"
      },
      {
        "category": "Network activity",
        "comment": "Dridex 3101 Config",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1548956877",
        "to_ids": true,
        "type": "url",
        "uuid": "5c5334cd-ffdc-4fd3-8666-3a8f68f8e8cf",
        "value": "185.236.76.35:443"
      },
      {
        "category": "Network activity",
        "comment": "Dridex 3101 Config",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1548956877",
        "to_ids": true,
        "type": "url",
        "uuid": "5c5334cd-32e4-47ec-90a2-3a8f68f8e8cf",
        "value": "185.158.251.13:443"
      },
      {
        "category": "Network activity",
        "comment": "Dridex 3101 Config",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1548956877",
        "to_ids": true,
        "type": "url",
        "uuid": "5c5334cd-93e0-4733-a743-3a8f68f8e8cf",
        "value": "5.188.232.210:443"
      },
      {
        "category": "Payload installation",
        "comment": "ISFB v214.06 Loader Unpacked",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1548957342",
        "to_ids": true,
        "type": "md5",
        "uuid": "5c53369e-a31c-4875-9c94-513268f8e8cf",
        "value": "96deee3639b433eedebbbbc15ee56787"
      }
    ]
  }
}