[EP_X0FF]

https://www.documentcloud.org/documents ... ent-R.html

[Xylitol]

http://securityblog.s21sec.com/2014/08/ ... -here.html

i just retrieved some old screenshots of the webinjects tied to it from a draft post on my blog i never published.
As mentioned by S21 it was targeting french banks, in more detail: Caisse d'épargne, BNP Paribas, LCL, La banque postale, CIC...
they was using proachater.com, privedmidved.net, securetargeting.com, 109.234.34.156 and probably many other domains i forgot.
i've surely have their server dump somewhere, in the meantime web controller attached (i know 2 versions and both are same crap, just cosmetic changes)

[Antelox]

A good article from @hasherezade about Kronos.

Inside the Kronos malware – part 1
https://blog.malwarebytes.com/cybercrim ... s-malware/

BR,

Antelox

[Antelox]

Part 2 is out.

Inside the Kronos malware – part 2
https://blog.malwarebytes.com/cybercrim ... alware-p2/

BR,

Antelox

[ynvb]

Following the recent affairs, we've took a deeper look on the similarities between Kronos and UPAS-Kit.
(Not suggesting in any way a relation between *any of the malware* to @MalwareTechBlog ofcourse, simply a technical analysis).

https://research.checkpoint.com/deep-di ... vs-kronos/