{ "type": "bundle", "id": "bundle--4b1c186d-8bf2-4297-9cbc-f8f00192770b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-24T08:57:34.000Z", "modified": "2022-10-24T08:57:34.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--4b1c186d-8bf2-4297-9cbc-f8f00192770b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-24T08:57:34.000Z", "modified": "2022-10-24T08:57:34.000Z", "name": "Prynt Stealer Spotted In the Wild - A New Info Stealer Performing Clipper And Keylogger Activities", "published": "2022-10-24T09:18:05Z", "object_refs": [ "x-misp-object--b4b2a5d5-5b31-47e4-a44f-ca8549f505a2", "indicator--cf8eb612-f45a-41af-9210-f6b21eda6b50", "indicator--16995933-cbd9-4403-81de-080ddc319f10", "indicator--66ab9352-06ba-42d9-ae66-e74b8e0460c9" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "misp-galaxy:mitre-attack-pattern=\"System Checks - T1497.001\"", "misp-galaxy:mitre-attack-pattern=\"Credentials from Password Stores - T1555\"", "misp-galaxy:mitre-attack-pattern=\"Steal Web Session Cookie - T1539\"", "misp-galaxy:mitre-attack-pattern=\"Steal Application Access Token - T1528\"", "misp-galaxy:mitre-attack-pattern=\"Unsecured Credentials - T1552\"", "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "misp-galaxy:mitre-attack-pattern=\"Account Discovery - T1087\"", "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1518\"", "misp-galaxy:mitre-attack-pattern=\"System Time Discovery - T1124\"", "misp-galaxy:mitre-attack-pattern=\"System Service Discovery - T1007\"", "misp-galaxy:mitre-attack-pattern=\"System Location Discovery - T1614\"", "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Web Service - T1567\"", "misp-galaxy:malpedia=\"Prynt Stealer\"", "type:OSINT", "osint:lifetime=\"perpetual\"", "osint:certainty=\"50\"", "osint:source-type=\"blog-post\"", "misp-galaxy:stealer=\"Prynt Stealer\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--b4b2a5d5-5b31-47e4-a44f-ca8549f505a2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-17T13:51:27.000Z", "modified": "2022-10-17T13:51:27.000Z", "labels": [ "misp:name=\"report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "link", "object_relation": "link", "value": "https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/", "category": "External analysis", "uuid": "26120d5f-55b4-46b7-b626-46bac2411e19" }, { "type": "text", "object_relation": "summary", "value": "yble research labs discovered a new Infostealer named Prynt Stealer. The stealer is new on the cybercrime forums and comes with various capabilities. Along with stealing the victim\u2019s data, this stealer can also perform financial thefts using a clipper and keylogging operations. Additionally, it can target 30+ Chromium-based browsers, 5+ Firefox-based browsers, and a range of VPN, FTP, Messaging, and Gaming apps. Furthermore, a builder may customize the functionality of this stealer.", "category": "Other", "uuid": "46e8942d-2722-42e5-8072-aebec14cc73c" }, { "type": "text", "object_relation": "type", "value": "Blog", "category": "Other", "uuid": "7139e6d5-e4bd-4ff5-82f5-a86ec8cd1cb1" } ], "x_misp_meta_category": "misc", "x_misp_name": "report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--cf8eb612-f45a-41af-9210-f6b21eda6b50", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-21T06:41:09.000Z", "modified": "2022-10-21T06:41:09.000Z", "pattern": "[file:hashes.MD5 = 'ab913c26832cd6e038625e30ebd38ec2' AND file:hashes.SHA1 = '719873f61eeb769493ac17d61603a6023a3db6dd' AND file:hashes.SHA256 = '1283c477e094db7af7d912ba115c77c96223208c03841768378a10d1819422f2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-21T06:41:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--16995933-cbd9-4403-81de-080ddc319f10", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-21T06:41:52.000Z", "modified": "2022-10-21T06:41:52.000Z", "pattern": "[file:hashes.MD5 = '0b75113f8a78dcc1dea18d0e9aabc10a' AND file:hashes.SHA1 = '269e61eed692911c3a886a108374e2a6d155c8d1' AND file:hashes.SHA256 = '808385d902d8472046e5899237e965d8087da09d623149ba38b3814659689906']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-21T06:41:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--66ab9352-06ba-42d9-ae66-e74b8e0460c9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2022-10-21T06:44:35.000Z", "modified": "2022-10-21T06:44:35.000Z", "pattern": "[file:hashes.MD5 = '661842995f7fdd2e61667dbc2f019ff3' AND file:hashes.SHA1 = '1a638a81b9135340bc7d1f5e7eae5f3f06667a42' AND file:hashes.SHA256 = '4569670aca0cc480903b07c7026544e7e15b3f293e7c1533273c90153c46cc87']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2022-10-21T06:44:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }