355 lines
No EOL
12 KiB
JSON
355 lines
No EOL
12 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "0",
|
|
"date": "2022-04-21",
|
|
"extends_uuid": "",
|
|
"info": "Prynt Stealer Spotted In the Wild - A New Info Stealer Performing Clipper And Keylogger Activities",
|
|
"publish_timestamp": "1666603085",
|
|
"published": true,
|
|
"threat_level_id": "1",
|
|
"timestamp": "1666601854",
|
|
"uuid": "4b1c186d-8bf2-4297-9cbc-f8f00192770b",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#065000",
|
|
"local": false,
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"System Checks - T1497.001\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Password Stores - T1555\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Steal Web Session Cookie - T1539\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Steal Application Access Token - T1528\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Unsecured Credentials - T1552\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Account Discovery - T1087\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1518\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"System Time Discovery - T1124\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"System Service Discovery - T1007\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"System Location Discovery - T1614\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#909609",
|
|
"local": false,
|
|
"name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Web Service - T1567\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:malpedia=\"Prynt Stealer\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#004646",
|
|
"local": false,
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0071c3",
|
|
"local": false,
|
|
"name": "osint:lifetime=\"perpetual\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0087e8",
|
|
"local": false,
|
|
"name": "osint:certainty=\"50\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": false,
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#00223b",
|
|
"local": false,
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": false,
|
|
"name": "misp-galaxy:stealer=\"Prynt Stealer\"",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Object": [
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "Metadata used to generate an executive level report",
|
|
"meta-category": "misc",
|
|
"name": "report",
|
|
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
|
|
"template_version": "7",
|
|
"timestamp": "1666014687",
|
|
"uuid": "b4b2a5d5-5b31-47e4-a44f-ca8549f505a2",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "link",
|
|
"timestamp": "1666014687",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "26120d5f-55b4-46b7-b626-46bac2411e19",
|
|
"value": "https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "summary",
|
|
"timestamp": "1666014687",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "46e8942d-2722-42e5-8072-aebec14cc73c",
|
|
"value": "yble research labs discovered a new Infostealer named Prynt Stealer. The stealer is new on the cybercrime forums and comes with various capabilities. Along with stealing the victim\u2019s data, this stealer can also perform financial thefts using a clipper and keylogging operations. Additionally, it can target 30+ Chromium-based browsers, 5+ Firefox-based browsers, and a range of VPN, FTP, Messaging, and Gaming apps. Furthermore, a builder may customize the functionality of this stealer."
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "type",
|
|
"timestamp": "1666014687",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "7139e6d5-e4bd-4ff5-82f5-a86ec8cd1cb1",
|
|
"value": "Blog"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "24",
|
|
"timestamp": "1666334469",
|
|
"uuid": "cf8eb612-f45a-41af-9210-f6b21eda6b50",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1666334469",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "9349600a-b872-422c-bfa2-01ca9166ce9c",
|
|
"value": "719873f61eeb769493ac17d61603a6023a3db6dd"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1666334469",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "aed48c3a-9e44-45a2-bc31-8d7111b9540d",
|
|
"value": "ab913c26832cd6e038625e30ebd38ec2"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1666334469",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "bfe519a1-9b3d-4606-aa60-33b0c7f7fc17",
|
|
"value": "1283c477e094db7af7d912ba115c77c96223208c03841768378a10d1819422f2"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "24",
|
|
"timestamp": "1666334512",
|
|
"uuid": "16995933-cbd9-4403-81de-080ddc319f10",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1666334512",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "2888bba6-b4a2-4a94-8851-2985627379fd",
|
|
"value": "269e61eed692911c3a886a108374e2a6d155c8d1"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1666334512",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "4d35499c-b14b-48c5-94ea-70c2f80b0c5b",
|
|
"value": "0b75113f8a78dcc1dea18d0e9aabc10a"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1666334512",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "64d10c94-6585-4dbb-8a3e-db1d84c0a5c7",
|
|
"value": "808385d902d8472046e5899237e965d8087da09d623149ba38b3814659689906"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "24",
|
|
"timestamp": "1666334675",
|
|
"uuid": "66ab9352-06ba-42d9-ae66-e74b8e0460c9",
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1666334675",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "de9755c4-6b81-4bd9-a335-e4caac861c4d",
|
|
"value": "1a638a81b9135340bc7d1f5e7eae5f3f06667a42"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1666334675",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "b3f49049-93e8-429e-9923-2d2865b23eef",
|
|
"value": "661842995f7fdd2e61667dbc2f019ff3"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1666334675",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "e5c26ebe-403a-4d74-a740-c0fa1653cbbc",
|
|
"value": "4569670aca0cc480903b07c7026544e7e15b3f293e7c1533273c90153c46cc87"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
} |