misp-circl-feed/feeds/circl/misp/56e96cfd-a958-4012-b575-4fe7950d210f.json

{
  "Event": {
    "analysis": "2",
    "date": "2016-03-16",
    "extends_uuid": "",
    "info": "OSINT - Malicious iBanking application with new uninstall countermeasures",
    "publish_timestamp": "1458138632",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1458138550",
    "uuid": "56e96cfd-a958-4012-b575-4fe7950d210f",
    "Orgc": {
      "name": "CIRCL",
      "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
    },
    "Tag": [
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:white",
        "relationship_type": ""
      },
      {
        "colour": "#004646",
        "local": false,
        "name": "type:OSINT",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1458138428",
        "to_ids": false,
        "type": "comment",
        "uuid": "56e96d3c-8ccc-4883-be59-4dda950d210f",
        "value": "Our CERT laboratory recently received a sample of iBanking malware (along with a malicious JavaScript code snippet associated with it), posing as the mobile Trusteer Rapport antimalware solution. The attack scenario isn\u00e2\u20ac\u2122t new, it has been used many times in the past, but recently we see an increase in attacks on Polish users of electronic banking using this method. In comparison to previous, similar programs, the analyzed application has proven much more difficult to remove and it\u00e2\u20ac\u2122s code was much better obfuscated."
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1458138442",
        "to_ids": false,
        "type": "link",
        "uuid": "56e96d4a-2d60-4f6b-8810-4ad5950d210f",
        "value": "http://www.cert.pl/news/11166/langswitch_lang/en"
      },
      {
        "category": "Payload delivery",
        "comment": "Samples",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1458138469",
        "to_ids": true,
        "type": "sha256",
        "uuid": "56e96d65-2f18-490c-849b-43f7950d210f",
        "value": "aa6f87e50e9df2a88fc2146ba477abe8099459012ed1b9d4f6c03ec54ed2f754"
      },
      {
        "category": "Payload delivery",
        "comment": "Samples",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1458138469",
        "to_ids": true,
        "type": "sha256",
        "uuid": "56e96d65-4b90-4a88-863f-44da950d210f",
        "value": "30f75776b1ea0df28186e0e6a141c039e50089e80becb62918915643249fb726"
      },
      {
        "category": "Payload delivery",
        "comment": "Samples - Xchecked via VT: 30f75776b1ea0df28186e0e6a141c039e50089e80becb62918915643249fb726",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1458138509",
        "to_ids": true,
        "type": "sha1",
        "uuid": "56e96d8d-5944-4c31-9149-61d902de0b81",
        "value": "193f632478571d0621fb11bcc82556b545ca1c00"
      },
      {
        "category": "Payload delivery",
        "comment": "Samples - Xchecked via VT: 30f75776b1ea0df28186e0e6a141c039e50089e80becb62918915643249fb726",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1458138510",
        "to_ids": true,
        "type": "md5",
        "uuid": "56e96d8e-c4c4-458e-9749-61d902de0b81",
        "value": "27a850af72e228eb2209879168b5f9d4"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1458138510",
        "to_ids": false,
        "type": "link",
        "uuid": "56e96d8e-6a70-40b6-a3a6-61d902de0b81",
        "value": "https://www.virustotal.com/file/30f75776b1ea0df28186e0e6a141c039e50089e80becb62918915643249fb726/analysis/1455733718/"
      },
      {
        "category": "Payload delivery",
        "comment": "Samples - Xchecked via VT: aa6f87e50e9df2a88fc2146ba477abe8099459012ed1b9d4f6c03ec54ed2f754",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1458138510",
        "to_ids": true,
        "type": "sha1",
        "uuid": "56e96d8e-6d60-4d53-b57c-61d902de0b81",
        "value": "a1cf8299bfee707073510de81bbb6f92311ab176"
      },
      {
        "category": "Payload delivery",
        "comment": "Samples - Xchecked via VT: aa6f87e50e9df2a88fc2146ba477abe8099459012ed1b9d4f6c03ec54ed2f754",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1458138511",
        "to_ids": true,
        "type": "md5",
        "uuid": "56e96d8f-b9b4-41e2-8b65-61d902de0b81",
        "value": "1a2ec7c92d07f437fe2abe6de0bcdd72"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1458138511",
        "to_ids": false,
        "type": "link",
        "uuid": "56e96d8f-9d34-404e-83c4-61d902de0b81",
        "value": "https://www.virustotal.com/file/aa6f87e50e9df2a88fc2146ba477abe8099459012ed1b9d4f6c03ec54ed2f754/analysis/1457870277/"
      },
      {
        "category": "Antivirus detection",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1458138550",
        "to_ids": false,
        "type": "text",
        "uuid": "56e96db6-17f4-4166-9aec-4c4c950d210f",
        "value": "Android.Trojan.HesperBot."
      }
    ]
  }
}