{
  "type": "MD5",
  "indicator": "8c9896440fb0c8f2d36aff0382c9c2e4",
  "general": {
    "sections": [
      "general",
      "analysis"
    ],
    "type": "md5",
    "type_title": "FileHash-MD5",
    "indicator": "8c9896440fb0c8f2d36aff0382c9c2e4",
    "validation": [],
    "base_indicator": {
      "id": 330217,
      "indicator": "8c9896440fb0c8f2d36aff0382c9c2e4",
      "type": "FileHash-MD5",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 1,
      "pulses": [
        {
          "id": "572ff4e47740f10161c79daf",
          "name": "New Infostealer Trojan uses Fiddler Proxy",
          "description": "Zscaler ThreatLabZ came across a new Infostealer Trojan written in .NET that utilizes popular tools like Fiddler & Json.NET for its operation. In April, the new Infostealer family of Spanish origin was first noted targeting users in the U.S. and Mexico.\n\nThe malware authors are currently targeting users of Mexico's second largest bank, Banamex, but it is capable of updating the configuration file to include more financial institutions.",
          "modified": "2016-05-09T02:24:36.624000",
          "created": "2016-05-09T02:24:36.624000",
          "tags": [
            "infostealer",
            "fiddler",
            "banamex",
            "mexico",
            "windows",
            "u.s.",
            "zscaler"
          ],
          "references": [
            "https://www.zscaler.com/blogs/research/new-infostealer-trojan-uses-fiddler-proxy-jsonnet/"
          ],
          "public": 1,
          "adversary": null,
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 60,
          "upvotes_count": 4.0,
          "downvotes_count": 1.0,
          "votes_count": 3.0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 1,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "AlienVault",
            "id": "2",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png",
            "is_subscribed": true,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 5,
            "FileHash-MD5": 6
          },
          "indicator_count": 11,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 386462,
          "modified_text": "3673 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "FileHash-MD5",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://www.zscaler.com/blogs/research/new-infostealer-trojan-uses-fiddler-proxy-jsonnet/"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": []
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": []
        }
      }
    },
    "false_positive": []
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 1,
  "pulses": [
    {
      "id": "572ff4e47740f10161c79daf",
      "name": "New Infostealer Trojan uses Fiddler Proxy",
      "description": "Zscaler ThreatLabZ came across a new Infostealer Trojan written in .NET that utilizes popular tools like Fiddler & Json.NET for its operation. In April, the new Infostealer family of Spanish origin was first noted targeting users in the U.S. and Mexico.\n\nThe malware authors are currently targeting users of Mexico's second largest bank, Banamex, but it is capable of updating the configuration file to include more financial institutions.",
      "modified": "2016-05-09T02:24:36.624000",
      "created": "2016-05-09T02:24:36.624000",
      "tags": [
        "infostealer",
        "fiddler",
        "banamex",
        "mexico",
        "windows",
        "u.s.",
        "zscaler"
      ],
      "references": [
        "https://www.zscaler.com/blogs/research/new-infostealer-trojan-uses-fiddler-proxy-jsonnet/"
      ],
      "public": 1,
      "adversary": null,
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 60,
      "upvotes_count": 4.0,
      "downvotes_count": 1.0,
      "votes_count": 3.0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 1,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "AlienVault",
        "id": "2",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png",
        "is_subscribed": true,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 5,
        "FileHash-MD5": 6
      },
      "indicator_count": 11,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 386462,
      "modified_text": "3673 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "FileHash-MD5",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "8c9896440fb0c8f2d36aff0382c9c2e4",
    "type": "Hash"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "8c9896440fb0c8f2d36aff0382c9c2e4",
    "found": false,
    "verdict": "clean",
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780170250.8398597
}