Trusted Design

New Banking Trojan Fobber, a new variant of Tinba

概要

Fobber, a new variant of Tinba uses an interesting and unusual approach to make static analysis harder: In the original sample, there was no sign of Man-in-the-Browser (MitB) aiming to steal banking credentials but, since the malware has the capability to update itself, this possibility can be later added by the attackers. On our analysis, apart from the update feature, we only found the form-grabbing / cookie stealing malicious feature. Although this analysis is pretty comprehensive, this cannot be considerate ultimate, there are still pieces of the puzzles missing and possible misinterpretation in it.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Gootkit banking Trojan jumps the Channel (score: 0.70)
Updated Blackmoon banking Trojan (score: 0.65)
Tale of the Two Payloads – TrickBot and Nitol (score: 0.64)
Avast: The evolution of the Retefe banking Trojan (score: 0.64)
US Banks Targeted with Trickbot Trojan - FlashPoint (score: 0.64)

このPulseに関連する脅威アクター (事実ベース)

Transparent Tribe

Score: 6.29

Matched TTPs:

T1608.004 - Drive-by Target
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

LuminousMoth

Score: 3.03

Matched TTPs:

T1608.004 - Drive-by Target

MITREへのリンク →

Dragonfly

Score: 6.29

Matched TTPs:

T1608.004 - Drive-by Target
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

CURIUM

Score: 4.80

Matched TTPs:

T1608.004 - Drive-by Target
T1189 - Drive-by Compromise

MITREへのリンク →

APT32

Score: 8.96

Matched TTPs:

T1608.004 - Drive-by Target
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1078.003 - Local Accounts

MITREへのリンク →

FIN7

Score: 10.24

Matched TTPs:

T1608.004 - Drive-by Target
T1674 - Input Injection
T1078.003 - Local Accounts

MITREへのリンク →

Threat Group-3390

Score: 9.44

Matched TTPs:

T1608.004 - Drive-by Target
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1588.003 - Code Signing Certificates

MITREへのリンク →

Mustard Tempest

Score: 4.80

Matched TTPs:

T1608.004 - Drive-by Target
T1189 - Drive-by Compromise

MITREへのリンク →

Lazarus Group

Score: 11.24

Matched TTPs:

T1010 - Application Window Discovery
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Volt Typhoon

Score: 3.84

Matched TTPs:

T1010 - Application Window Discovery

MITREへのリンク →

HEXANE

Score: 3.84

Matched TTPs:

T1010 - Application Window Discovery

MITREへのリンク →

Contagious Interview

Score: 10.91

Matched TTPs:

T1657 - Financial Theft
T1480 - Execution Guardrails
T1204.004 - Malicious Copy and Paste

MITREへのリンク →

Kimsuky

Score: 8.34

Matched TTPs:

T1657 - Financial Theft
T1588.003 - Code Signing Certificates
T1078.003 - Local Accounts

MITREへのリンク →

Scattered Spider

Score: 6.66

Matched TTPs:

T1657 - Financial Theft
T1204 - User Execution

MITREへのリンク →

Medusa Group

Score: 7.06

Matched TTPs:

T1657 - Financial Theft
T1218.014 - MMC

MITREへのリンク →

Play

Score: 5.19

Matched TTPs:

T1657 - Financial Theft
T1078.003 - Local Accounts

MITREへのリンク →

BlackByte

Score: 3.84

Matched TTPs:

T1480 - Execution Guardrails

MITREへのリンク →

Gamaredon Group

Score: 8.38

Matched TTPs:

T1480 - Execution Guardrails
T1001 - Data Obfuscation

MITREへのリンク →

LAPSUS$

Score: 4.13

Matched TTPs:

T1204 - User Execution

MITREへのリンク →

Mustang Panda

Score: 13.32

Matched TTPs:

T1678 - Delay Execution
T1203 - Exploitation for Client Execution
T1588.003 - Code Signing Certificates
T1027.007 - Dynamic API Resolution

MITREへのリンク →

APT28

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Andariel

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

APT29

Score: 4.16

Matched TTPs:

T1203 - Exploitation for Client Execution
T1078.003 - Local Accounts

MITREへのリンク →

BlackTech

Score: 4.65

Matched TTPs:

T1203 - Exploitation for Client Execution
T1588.003 - Code Signing Certificates

MITREへのリンク →

Patchwork

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Axiom

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Leviathan

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

APT37

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

BRONZE BUTLER

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Sea Turtle

Score: 4.16

Matched TTPs:

T1203 - Exploitation for Client Execution
T1078.003 - Local Accounts

MITREへのリンク →

Tropic Trooper

Score: 4.16

Matched TTPs:

T1203 - Exploitation for Client Execution
T1078.003 - Local Accounts

MITREへのリンク →

APT41

Score: 5.63

Matched TTPs:

T1203 - Exploitation for Client Execution
T1595.003 - Wordlist Scanning

MITREへのリンク →

Elderwood

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Darkhotel

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

OilRig

Score: 12.80

Matched TTPs:

T1203 - Exploitation for Client Execution
T1137.004 - Outlook Home Page
T1555.004 - Windows Credential Manager
T1588.003 - Code Signing Certificates

MITREへのリンク →

Volatile Cedar

Score: 4.13

Matched TTPs:

T1595.003 - Wordlist Scanning

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1555.004 - Windows Credential Manager

MITREへのリンク →

Turla

Score: 8.05

Matched TTPs:

T1555.004 - Windows Credential Manager
T1189 - Drive-by Compromise
T1078.003 - Local Accounts

MITREへのリンク →

Wizard Spider

Score: 6.77

Matched TTPs:

T1555.004 - Windows Credential Manager
T1588.003 - Code Signing Certificates

MITREへのリンク →

PROMETHIUM

Score: 4.43

Matched TTPs:

T1189 - Drive-by Compromise
T1078.003 - Local Accounts

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

FIN8

Score: 3.15

Matched TTPs:

T1588.003 - Code Signing Certificates

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Mustang Panda

Score: 0.79

Matched TTPs:

T1588.003 - Code Signing Certificates
T1678 - Delay Execution
T1203 - Exploitation for Client Execution
T1027.007 - Dynamic API Resolution

MITREへのリンク →

OilRig

Score: 0.73

Matched TTPs:

T1555.004 - Windows Credential Manager
T1588.003 - Code Signing Certificates
T1203 - Exploitation for Client Execution
T1137.004 - Outlook Home Page

MITREへのリンク →

FIN7

Score: 0.70

Matched TTPs:

T1078.003 - Local Accounts
T1674 - Input Injection
T1608.004 - Drive-by Target

MITREへのリンク →

Contagious Interview

Score: 0.66

Matched TTPs:

T1657 - Financial Theft
T1480 - Execution Guardrails
T1204.004 - Malicious Copy and Paste

MITREへのリンク →

Lazarus Group

Score: 0.65

Matched TTPs:

T1010 - Application Window Discovery
T1203 - Exploitation for Client Execution
T1027.007 - Dynamic API Resolution
T1189 - Drive-by Compromise

MITREへのリンク →

Threat Group-3390

Score: 0.61

Matched TTPs:

T1588.003 - Code Signing Certificates
T1203 - Exploitation for Client Execution
T1608.004 - Drive-by Target
T1189 - Drive-by Compromise

MITREへのリンク →

APT32

Score: 0.57

Matched TTPs:

T1078.003 - Local Accounts
T1203 - Exploitation for Client Execution
T1608.004 - Drive-by Target
T1189 - Drive-by Compromise

MITREへのリンク →

Turla

Score: 0.56

Matched TTPs:

T1555.004 - Windows Credential Manager
T1078.003 - Local Accounts
T1189 - Drive-by Compromise

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る