{ "Event": { "analysis": "0", "date": "2016-06-28", "extends_uuid": "", "info": "OSINT - Retefe banking Trojan targets UK banking customers", "publish_timestamp": "1467096125", "published": true, "threat_level_id": "3", "timestamp": "1467095664", "uuid": "57721a0d-8c48-47a5-86d4-458c950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#6edb00", "local": "0", "name": "circl:topic=\"finance\"", "relationship_type": "" }, { "colour": "#004646", "local": "0", "name": "type:OSINT", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467095599", "to_ids": false, "type": "link", "uuid": "57721a2f-3864-4f37-88e8-46c0950d210f", "value": "https://blog.avast.com/retefe-banking-trojan-targets-uk-banking-customers" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1467095612", "to_ids": false, "type": "comment", "uuid": "57721a3c-bdd0-41bf-ae29-3123950d210f", "value": "The Retefe banking Trojan has been around for some time, targeting Sweden, Switzerland and Japan, as previously reported by Paloalto Research.\r\nWe recently noticed Retefe campaigns targeting UK banking customers. Using fake certificates, the Trojan is designed to trick victims into giving up their login credentials and other sensitive information.\r\n\r\nAt first, the victim receives a document with an embedded malicious JavaScript file per email. The document contains a very small image with a note asking the user to double click on it to view it better. After double clicking, the malicious embedded JavaScript is executed. The document has a notice message in German, however, the Trojan banker is targeting users in UK." }, { "category": "Payload delivery", "comment": "Sample", "deleted": false, "disable_correlation": false, "timestamp": "1467095632", "to_ids": true, "type": "sha256", "uuid": "57721a50-b25c-4600-bd64-4006950d210f", "value": "0cf2c0165cdc3962ad8c3ac27258fdab4dcecb7121ba97856b66d22fd77aefca" }, { "category": "Payload delivery", "comment": "Sample", "deleted": false, "disable_correlation": false, "timestamp": "1467095632", "to_ids": true, "type": "sha256", "uuid": "57721a50-8f34-4fcb-a230-41f8950d210f", "value": "1166ce980f783c5ba18fd1904e00350dd3d25c19e64674816a1b35da4319ae54" }, { "category": "Payload delivery", "comment": "Sample", "deleted": false, "disable_correlation": false, "timestamp": "1467095633", "to_ids": true, "type": "sha256", "uuid": "57721a51-d678-4635-ba54-4a05950d210f", "value": "50f729589fa850ade5834dd7fcd5f354f35b4515c8ecabbff91de3ceb45de052" }, { "category": "Payload delivery", "comment": "Sample", "deleted": false, "disable_correlation": false, "timestamp": "1467095633", "to_ids": true, "type": "sha256", "uuid": "57721a51-c894-4204-b97a-42d3950d210f", "value": "5a578ccb2b1051273222359bf4ca18b8788df8f98a70cb0a8a354029ad7a9856" }, { "category": "Payload delivery", "comment": "Sample", "deleted": false, "disable_correlation": false, "timestamp": "1467095633", "to_ids": true, "type": "sha256", "uuid": "57721a51-d128-477b-87b7-424b950d210f", "value": "629db885c944187dd0a71715c7fef929e38f1927bc19182122ea1b594397a9bd" }, { "category": "Payload delivery", "comment": "Sample - Xchecked via VT: 629db885c944187dd0a71715c7fef929e38f1927bc19182122ea1b594397a9bd", "deleted": false, "disable_correlation": false, "timestamp": "1467095664", "to_ids": true, "type": "sha1", "uuid": "57721a70-f550-4837-bc33-4a5702de0b81", "value": "f4d48a8d9447de0f3e318b6c739d8a640134db8e" }, { "category": "Payload delivery", "comment": "Sample - Xchecked via VT: 629db885c944187dd0a71715c7fef929e38f1927bc19182122ea1b594397a9bd", "deleted": false, "disable_correlation": false, "timestamp": "1467095664", "to_ids": true, "type": "md5", "uuid": "57721a70-21a0-4c15-b801-4e7a02de0b81", "value": "1765232a9fd904d90ac7674a624669b0" }, { "category": "External analysis", "comment": "Sample - Xchecked via VT: 629db885c944187dd0a71715c7fef929e38f1927bc19182122ea1b594397a9bd", "deleted": false, "disable_correlation": false, "timestamp": "1467095664", "to_ids": false, "type": "link", "uuid": "57721a70-a080-4624-98c4-4a6802de0b81", "value": "https://www.virustotal.com/file/629db885c944187dd0a71715c7fef929e38f1927bc19182122ea1b594397a9bd/analysis/1467090128/" }, { "category": "Payload delivery", "comment": "Sample - Xchecked via VT: 5a578ccb2b1051273222359bf4ca18b8788df8f98a70cb0a8a354029ad7a9856", "deleted": false, "disable_correlation": false, "timestamp": "1467095664", "to_ids": true, "type": "sha1", "uuid": "57721a70-1cbc-49d4-bb6e-4e8502de0b81", "value": "752e5d5f5443f21278afe32b4b556c88d9ad7d05" }, { "category": "Payload delivery", "comment": "Sample - Xchecked via VT: 5a578ccb2b1051273222359bf4ca18b8788df8f98a70cb0a8a354029ad7a9856", "deleted": false, "disable_correlation": false, "timestamp": "1467095664", "to_ids": true, "type": "md5", "uuid": "57721a70-16a8-4552-b021-47c002de0b81", "value": "4c42b28d75f3939b5a58631c090dceb1" }, { "category": "External analysis", "comment": "Sample - Xchecked via VT: 5a578ccb2b1051273222359bf4ca18b8788df8f98a70cb0a8a354029ad7a9856", "deleted": false, "disable_correlation": false, "timestamp": "1467095665", "to_ids": false, "type": "link", "uuid": "57721a71-d084-4252-87e9-49a202de0b81", "value": "https://www.virustotal.com/file/5a578ccb2b1051273222359bf4ca18b8788df8f98a70cb0a8a354029ad7a9856/analysis/1467090124/" }, { "category": "Payload delivery", "comment": "Sample - Xchecked via VT: 50f729589fa850ade5834dd7fcd5f354f35b4515c8ecabbff91de3ceb45de052", "deleted": false, "disable_correlation": false, "timestamp": "1467095665", "to_ids": true, "type": "sha1", "uuid": "57721a71-b714-42be-83f2-462d02de0b81", "value": "e35cff87fec389a90bfe287aaa927fd7342977c7" }, { "category": "Payload delivery", "comment": "Sample - Xchecked via VT: 50f729589fa850ade5834dd7fcd5f354f35b4515c8ecabbff91de3ceb45de052", "deleted": false, "disable_correlation": false, "timestamp": "1467095665", "to_ids": true, "type": "md5", "uuid": "57721a71-6770-4209-8c97-49db02de0b81", "value": "dcfb8e42173746bb97436782b6b644bd" }, { "category": "External analysis", "comment": "Sample - Xchecked via VT: 50f729589fa850ade5834dd7fcd5f354f35b4515c8ecabbff91de3ceb45de052", "deleted": false, "disable_correlation": false, "timestamp": "1467095665", "to_ids": false, "type": "link", "uuid": "57721a71-90fc-42ad-a4c1-405d02de0b81", "value": "https://www.virustotal.com/file/50f729589fa850ade5834dd7fcd5f354f35b4515c8ecabbff91de3ceb45de052/analysis/1467090120/" }, { "category": "Payload delivery", "comment": "Sample - Xchecked via VT: 1166ce980f783c5ba18fd1904e00350dd3d25c19e64674816a1b35da4319ae54", "deleted": false, "disable_correlation": false, "timestamp": "1467095665", "to_ids": true, "type": "sha1", "uuid": "57721a71-50fc-48c9-b413-4f2a02de0b81", "value": "2713fd96a36f08e14fcea92fe455bcbb4f752e91" }, { "category": "Payload delivery", "comment": "Sample - Xchecked via VT: 1166ce980f783c5ba18fd1904e00350dd3d25c19e64674816a1b35da4319ae54", "deleted": false, "disable_correlation": false, "timestamp": "1467095666", "to_ids": true, "type": "md5", "uuid": "57721a72-7c60-481b-a0dc-40be02de0b81", "value": "1c73db1b06b2b0967a33b39267972126" }, { "category": "External analysis", "comment": "Sample - Xchecked via VT: 1166ce980f783c5ba18fd1904e00350dd3d25c19e64674816a1b35da4319ae54", "deleted": false, "disable_correlation": false, "timestamp": "1467095666", "to_ids": false, "type": "link", "uuid": "57721a72-bacc-4de5-abb1-459802de0b81", "value": "https://www.virustotal.com/file/1166ce980f783c5ba18fd1904e00350dd3d25c19e64674816a1b35da4319ae54/analysis/1467090115/" }, { "category": "Payload delivery", "comment": "Sample - Xchecked via VT: 0cf2c0165cdc3962ad8c3ac27258fdab4dcecb7121ba97856b66d22fd77aefca", "deleted": false, "disable_correlation": false, "timestamp": "1467095666", "to_ids": true, "type": "sha1", "uuid": "57721a72-bc3c-4515-af66-402702de0b81", "value": "a7057daba35ecd78876900a4212f2f5d03df1edb" }, { "category": "Payload delivery", "comment": "Sample - Xchecked via VT: 0cf2c0165cdc3962ad8c3ac27258fdab4dcecb7121ba97856b66d22fd77aefca", "deleted": false, "disable_correlation": false, "timestamp": "1467095666", "to_ids": true, "type": "md5", "uuid": "57721a72-e328-43ca-8f9d-435502de0b81", "value": "bf00ad68411fcd868d71c6bd6812f3df" }, { "category": "External analysis", "comment": "Sample - Xchecked via VT: 0cf2c0165cdc3962ad8c3ac27258fdab4dcecb7121ba97856b66d22fd77aefca", "deleted": false, "disable_correlation": false, "timestamp": "1467095666", "to_ids": false, "type": "link", "uuid": "57721a72-acd4-48da-9114-4bbd02de0b81", "value": "https://www.virustotal.com/file/0cf2c0165cdc3962ad8c3ac27258fdab4dcecb7121ba97856b66d22fd77aefca/analysis/1467090112/" } ] } }