2019-01-31: Gozi ISFB v214.062 Leads to Dridex Botnet "3101"

1. {"response": [{"Event":{"id":"205","orgc_id":"2","org_id":"2","date":"2019-01-31","threat_level_id":"2","info":"2019-01-31: ISFB v2 Installs Dridex \"3101\"","published":true,"uuid":"5c5331ac-c160-4a17-a34f-3da568f8e8cf","attribute_count":"12","analysis":"0","timestamp":"1548957342","distribution":"3","proposal_email_lock":false,"locked":false,"publish_timestamp":"1548957470","sharing_group_id":"0","disable_correlation":false,"extends_uuid":"","event_creator_email":"vitali.kremez@gmail.com","Org":{"id":"2","name":"VK-Intel","uuid":"5bfa439e-c978-4dcd-b474-73f568f8e8cf"},"Orgc":{"id":"2","name":"VK-Intel","uuid":"5bfa439e-c978-4dcd-b474-73f568f8e8cf"},"Attribute":[{"id":"89207","type":"md5","category":"Payload delivery","to_ids":true,"uuid":"5c5331ac-9784-4e2e-8d87-3da568f8e8cf","event_id":"205","distribution":"5","timestamp":"1548956076","comment":"","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"value":"dc0cf61f5118914e13699fc94419815a","Galaxy":[],"ShadowAttribute":[]},{"id":"89208","type":"md5","category":"Payload installation","to_ids":true,"uuid":"5c5333e3-bdc0-4d4d-88bc-3a8868f8e8cf","event_id":"205","distribution":"5","timestamp":"1548956643","comment":"ISFB v2 Unpacked","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"value":"dc0cf61f5118914e13699fc94419815a","Galaxy":[],"ShadowAttribute":[]},{"id":"89209","type":"md5","category":"Payload installation","to_ids":true,"uuid":"5c5333f8-415c-4a90-9d03-3a8768f8e8cf","event_id":"205","distribution":"5","timestamp":"1548956664","comment":"ISFB v2 Loader packed","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"value":"d81e207b6ab5630b9f77b8ef383d9adc","Galaxy":[],"ShadowAttribute":[]},{"id":"89210","type":"md5","category":"Payload installation","to_ids":true,"uuid":"5c533442-dcc4-4cf9-96b3-3da768f8e8cf","event_id":"205","distribution":"5","timestamp":"1548956738","comment":"Dridex Loader 3101","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"value":"80c732191c362d74f1bad004335e4432","Galaxy":[],"ShadowAttribute":[]},{"id":"89211","type":"md5","category":"Payload installation","to_ids":true,"uuid":"5c53345e-faf4-4d87-a9d4-3daa68f8e8cf","event_id":"205","distribution":"5","timestamp":"1548956766","comment":"Dridex Hooker","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"value":"d987c99fb2afc70bf0df8e05216da356","Galaxy":[],"ShadowAttribute":[]},{"id":"89212","type":"domain","category":"Network activity","to_ids":true,"uuid":"5c533480-1348-48e5-a808-512d68f8e8cf","event_id":"205","distribution":"5","timestamp":"1548956800","comment":"Gozi ISFB v2 Config","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"value":"taileenanahi.company","Galaxy":[],"ShadowAttribute":[]},{"id":"89213","type":"domain","category":"Network activity","to_ids":true,"uuid":"5c533480-206c-40d1-9d3c-512d68f8e8cf","event_id":"205","distribution":"5","timestamp":"1548956800","comment":"Gozi ISFB v2 Config","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"value":"f60vinnie75.city","Galaxy":[],"ShadowAttribute":[]},{"id":"89214","type":"domain","category":"Network activity","to_ids":true,"uuid":"5c533480-1eb8-458f-8481-512d68f8e8cf","event_id":"205","distribution":"5","timestamp":"1548956800","comment":"Gozi ISFB v2 Config","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"value":"h5441eqzey.fun","Galaxy":[],"ShadowAttribute":[]},{"id":"89215","type":"url","category":"Network activity","to_ids":true,"uuid":"5c5334cd-ffdc-4fd3-8666-3a8f68f8e8cf","event_id":"205","distribution":"5","timestamp":"1548956877","comment":"Dridex 3101 Config","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"value":"185.236.76.35:443","Galaxy":[],"ShadowAttribute":[]},{"id":"89216","type":"url","category":"Network activity","to_ids":true,"uuid":"5c5334cd-32e4-47ec-90a2-3a8f68f8e8cf","event_id":"205","distribution":"5","timestamp":"1548956877","comment":"Dridex 3101 Config","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"value":"185.158.251.13:443","Galaxy":[],"ShadowAttribute":[]},{"id":"89217","type":"url","category":"Network activity","to_ids":true,"uuid":"5c5334cd-93e0-4733-a743-3a8f68f8e8cf","event_id":"205","distribution":"5","timestamp":"1548956877","comment":"Dridex 3101 Config","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"value":"5.188.232.210:443","Galaxy":[],"ShadowAttribute":[]},{"id":"89218","type":"md5","category":"Payload installation","to_ids":true,"uuid":"5c53369e-a31c-4875-9c94-513268f8e8cf","event_id":"205","distribution":"5","timestamp":"1548957342","comment":"ISFB v214.06 Loader Unpacked","sharing_group_id":"0","deleted":false,"disable_correlation":false,"object_id":"0","object_relation":null,"value":"96deee3639b433eedebbbbc15ee56787","Galaxy":[],"ShadowAttribute":[]}],"ShadowAttribute":[],"RelatedEvent":[],"Galaxy":[],"Object":[],"Tag":[{"id":"137","name":"Banker: Gozi ISFB v2","colour":"#20ad13","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null},{"id":"122","name":"Banker: Dridex","colour":"#6f236b","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null},{"id":"295","name":"Botnet \"3101\"","colour":"#bcdb18","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null},{"id":"51","name":"10291029JSJUYNHG","colour":"#000000","exportable":true,"user_id":"0","hide_tag":false,"numerical_value":null}]}}]}