Dridex Banker Statistics 2016-2017


Source: OSINT

Goal: Obtain statistics related to Dridex trends in 2016, including, but not limited to,

  • (1) a count of all known Dridex nodes 
  • (2) top 10 country infrastructure locations; and
  • (3) timeline histogram of node Dridex detections

Tool: Elasticsearch, Kibana, and Logstash (ELK)

Date Range: 2016-2017

Statistics:
(1) Dridex Count: 329
(2) Top 10 Country Infrastructure Location

geoip.country_name.keyword: Descending   Count
United States 77
Germany 34
United Kingdom 28
France 17
Canada 10
Netherlands 9
Australia 8
Russia 8
Thailand 8
Bulgaria 7

(3) Timeline Histogram

Detection Time IOC geoip.country_name
December 26th 2016; 20:07:34 92.222.129.145 France
December 26th 2016; 20:07:34 91.103.2.132 Ireland
December 23rd 2016; 12:35:14 82.196.5.27 Netherlands
December 22nd 2016; 07:27:36 192.188.58.163 Ecuador
December 22nd 2016; 07:27:36 203.153.165.21 Thailand
December 22nd 2016; 07:27:36 109.74.9.119 Sweden
December 22nd 2016; 07:27:36 69.43.168.214 United States
December 17th 2016; 11:27:38 71.6.155.196 United States
December 17th 2016; 11:27:38 188.68.50.34 Germany
December 15th 2016; 08:55:30 212.200.111.170 Serbia
December 12th 2016; 08:21:30 192.241.236.239 United States
December 9th 2016; 05:23:36 188.120.249.30 Russia
November 21st 2016; 06:34:36 72.249.144.95 United States
November 18th 2016; 13:35:55 188.126.72.179 Sweden
November 18th 2016; 05:55:13 174.37.216.226 United States
November 18th 2016; 05:55:13 166.78.144.68 United States
November 16th 2016; 13:54:38 54.235.86.173 United States
November 15th 2016; 09:53:22 193.136.97.4 Portugal
November 15th 2016; 09:53:22 93.122.165.54 Romania
November 11th 2016; 09:09:04 87.254.45.29 Norway
November 11th 2016; 09:09:04 149.210.158.54 Netherlands
November 5th 2016; 17:01:33 216.127.161.5 United States
November 4th 2016; 04:51:51 77.111.90.85 Hungary

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: