{"Event": {"info": "OSINT - New Version of the Kronos Banking Trojan Discovered", "Tag": [{"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:banker=\"Kronos\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}, {"colour": "#284800", "exportable": true, "name": "malware_classification:malware-category=\"Trojan\""}, {"colour": "#002f76", "exportable": true, "name": "ms-caro-malware-full:malware-family=\"Banker\""}], "publish_timestamp": "0", "timestamp": "1532589815", "analysis": "2", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5b583145-9dd4-4cd6-a181-4956950d210f", "timestamp": "1532589533", "to_ids": false, "value": "https://www.bleepingcomputer.com/news/security/new-version-of-the-kronos-banking-trojan-discovered/", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "Period: June 27-30, 2018 - Campaign type: Malspam, macro-laced Word docs - Target: Users of 5 German financial institutions", "category": "Network activity", "uuid": "5b587781-a54c-4c28-9f1d-95e8950d210f", "timestamp": "1532524417", "to_ids": true, "value": "http://jhrppbnh4d674kzh.onion/kpanel/connect.php", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "Period: July 13, 2018 \t - Campaign type: RIG EK - Target:Users of 13 Japanese financial institutions", "category": "Network activity", "uuid": "5b587781-6c90-4103-a398-95e8950d210f", "timestamp": "1532524417", "to_ids": true, "value": "http://jmjp2l7yqgaj5xvv.onion/kpanel/connect.php", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "External analysis", "uuid": "5b587782-6c60-442f-a060-95e8950d210f", "timestamp": "1532524418", "to_ids": false, "value": "CVE-2017-11882", "disable_correlation": false, "object_relation": null, "type": "vulnerability"}, {"comment": "Period: July 15-16, 2018 - Campaign type:Malspam, CVE-2017-11882- Target:Users in Poland", "category": "Network activity", "uuid": "5b587782-4d38-41d3-bd2b-95e8950d210f", "timestamp": "1532524418", "to_ids": true, "value": "http://suzfjfguuis326qw.onion/kpanel/connect.php", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "Period: July 20, 2018 - Campaign type:Software download site \t - Target:Test run", "category": "Network activity", "uuid": "5b587783-4c94-493e-8534-95e8950d210f", "timestamp": "1532524419", "to_ids": true, "value": "http://mysmo35wlwhrkeez.onion/kpanel/connect.php", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "External analysis", "uuid": "5b587dbd-4ae0-4551-9117-95e9950d210f", "timestamp": "1532589513", "to_ids": false, "value": "A new version of the Kronos banking trojan is making the rounds, according to Proofpoint security researchers, who say they've identified at last three campaigns spreading a revamped version of this old trojan that had its heyday back in 2014.\r\n\r\nAccording to a report published yesterday evening, first samples of this new Kronos variant have been spotted in April, this year.\r\n\r\nWhile initial samples appeared to be tets, real-life campaigns got off the ground in late June, when researchers started detecting malspam and exploit kits delivering this new version to users in the wild.", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "text"}], "extends_uuid": "", "published": false, "date": "2018-07-25", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5b58311f-df38-4c0f-a1dd-4655950d210f"}}