dridex.aliases = ["Cridex", "Drixed"] dridex.family = MalwareFamily.objects.get(name="banker") dridex.killchain = "7" dridex.tags = ['dridex'] dridex.save() zeus = Malware.get_or_create(name="Zeus") zeus.family = MalwareFamily.objects.get(name="banker") zeus.killchain = "7" zeus.tags = ['zeus'] zeus.save() ## Create initial intelligence # Indicators bartalex_callback = Regex(name="Bartalex callback", pattern="/mg.jpg$") bartalex_callback.description = "Bartalex [stage2] callback (extracted from macros)" bartalex_callback.diamond = "capability" bartalex_callback.location = "network" bartalex_callback.save() bartalex_callback.action(bartalex, 'testrun', verb='indicates') bartalex_callback2 = Regex(name="Bartalex callback", pattern="/[0-9a-z]{7,8}/[0-9a-z]{7,8}.exe$") bartalex_callback2.description = "Bartalex [stage2] callback (extracted from macros)" bartalex_callback2.diamond = "capability" bartalex_callback2.location = "network" bartalex_callback2.save() bartalex_callback2.action(bartalex, 'testrun', verb="indicates") bartalex_callback.action(dridex, 'testrun', verb="hosts")
dridex.aliases = ["Cridex", "Drixed"] dridex.family = MalwareFamily.objects.get(name="banker") dridex.killchain = "objectives" dridex.tags = ['dridex'] dridex.save() zeus = Malware.get_or_create(name="Zeus") zeus.family = MalwareFamily.objects.get(name="banker") zeus.killchain = "objectives" zeus.tags = ['zeus'] zeus.save() ## Create initial intelligence # Indicators bartalex_callback = Regex(name="Bartalex callback") bartalex_callback.pattern = "/mg.jpg$" bartalex_callback.description = "Bartalex [stage2] callback (extracted from macros)" bartalex_callback.diamond = "Capability" bartalex_callback.location = "network" bartalex_callback.save() bartalex_callback.action('indicates', bartalex, description="Bartalex payload URL (Dridex)") bartalex_callback2 = Regex(name="Bartalex callback") bartalex_callback2.pattern = "/[0-9a-z]{7,8}/[0-9a-z]{7,8}.exe$" bartalex_callback2.description = "Bartalex [stage2] callback (extracted from macros)" bartalex_callback2.diamond = "Capability" bartalex_callback2.location = "network" bartalex_callback2.save() bartalex_callback2.action("indicates", bartalex, description="Bartalex payload URL (Dridex)")
dridex.aliases = ["Cridex", "Drixed"] dridex.family = MalwareFamily.objects.get(name="banker") dridex.killchain = "7" dridex.tags = ['dridex'] dridex.save() zeus = Malware.get_or_create(name="Zeus") zeus.family = MalwareFamily.objects.get(name="banker") zeus.killchain = "7" zeus.tags = ['zeus'] zeus.save() ## Create initial intelligence # Indicators bartalex_callback = Regex(name="Bartalex callback", pattern="/mg.jpg$") bartalex_callback.description = "Bartalex [stage2] callback (extracted from macros)" bartalex_callback.diamond = "capability" bartalex_callback.location = "network" bartalex_callback.save() bartalex_callback.action(bartalex, 'testrun', verb='indicates') bartalex_callback2 = Regex( name="Bartalex callback", pattern="/[0-9a-z]{7,8}/[0-9a-z]{7,8}.exe$") bartalex_callback2.description = "Bartalex [stage2] callback (extracted from macros)" bartalex_callback2.diamond = "capability" bartalex_callback2.location = "network" bartalex_callback2.save() bartalex_callback2.action(bartalex, 'testrun', verb="indicates") bartalex_callback.action(dridex, 'testrun', verb="hosts")