Dridex Node Tracker

Author: Vitali Kremez
Goal: Track all Dridex nodes and ingest the data into Elasticsearch, Kibana, Logstash (ELK) instance
Sourcehttps://feodotracker.abuse.ch/

Steps:
(1) Obtain the feed data using the custom scraper “dridexloader.py”;
(2) Load the data to the MySQL database;
(3) Push to the data to Elasticsearch;
(4) Create custom dashboards for the data visualization

The most recent Dridex nodes from the malware feeds are as follows:

Time C2 malware
November 18th 2016; 13:35:55.000 188.126.72.179 Dridex
November 18th 2016; 05:55:13.000 174.37.216.226 Dridex
November 18th 2016; 05:55:13.000 166.78.144.68 Dridex
November 16th 2016; 13:54:38.000 54.235.86.173 Dridex
November 15th 2016; 09:53:22.000 193.136.97.4 Dridex
November 15th 2016; 09:53:22.000 93.122.165.54 Dridex
November 11th 2016; 09:09:04.000 149.210.158.54 Dridex
November 11th 2016; 09:09:04.000 87.254.45.29 Dridex
October 27th 2016; 06:19:59.000 210.2.86.72 Dridex
October 27th 2016; 06:19:59.000 162.243.47.192 Dridex
October 26th 2016; 07:06:32.000 46.101.10.156 Dridex
October 26th 2016; 07:06:32.000 120.138.18.110 Dridex
October 26th 2016; 07:06:32.000 198.20.239.21 Dridex
October 23rd 2016; 20:07:38.000 92.222.219.26 Dridex
September 29th 2016; 08:09:00.000 23.253.210.81 Dridex
September 27th 2016; 05:46:30.000 62.108.36.240 Dridex
September 27th 2016; 05:46:30.000 132.248.49.100 Dridex
September 27th 2016; 05:46:30.000 148.251.46.169 Dridex
September 15th 2016; 02:14:31.000 50.57.75.172 Dridex
September 15th 2016; 02:14:31.000 130.88.149.87 Dridex
September 6th 2016; 13:00:07.000 109.104.92.167 Dridex

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s