← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
New Infostealer Trojan uses Fiddler Proxy
WHITE AlienVault 2016-05-09 Modified: 2016-05-09
11
IOCs
MEDIUM VOLUME
Zscaler ThreatLabZ came across a new Infostealer Trojan written in .NET that utilizes popular tools like Fiddler & Json.NET for its operation. In April, the new Infostealer family of Spanish origin was first noted targeting users in the U.S. and Mexico. The malware authors are currently targeting users of Mexico's second largest bank, Banamex, but it is capable of updating the configuration file to include more financial institutions.
infostealerfiddlerbanamexmexicowindowsu.s.zscaler
Indicators of Compromise (11)
All URL FileHash-MD5
TYPEINDICATORDESCRIPTIONCREATED
URL http://saysa.com.co/js/rfc.pdf.exe 2016-05-09
URL http://denticenter.com.co/js/slick/curp.pdf.exe 2016-05-09
URL http://cigm.co/js/slick/curp.pdf.exe 2016-05-09
URL http://bestdentalimplants.co.in/js/curp.pdf.exe 2016-05-09
URL http://saysa.com.co/js/curp.pdf.exe 2016-05-09
FileHash-MD5 8c9896440fb0c8f2d36aff0382c9c2e4 2016-05-09
FileHash-MD5 98bbc1917613c4a73b1fe35e3ba9a8d9 2016-05-09
FileHash-MD5 123f4c1d2d3d691c2427aca42289fe85 2016-05-09
FileHash-MD5 070ab6aa63e658ff8a56ea05426a71b4 2016-05-09
FileHash-MD5 06f3da0adf8a18679d51c6adaa100bd4 2016-05-09
FileHash-MD5 ac6027d316070dc6d2fd3b273162f2ee 2016-05-09
References (1)
↗ https://www.zscaler.com/blogs/research/new-infostealer-trojan-uses-fiddler-proxy-jsonnet/