[tildedennis]

* https://www.proofpoint.com/us/threat-in ... the-market
* https://blog.fox-it.com/2016/06/07/link ... therlands/

Definitely feels Zeus-based to me. 2.2.5 is the latest version that I've seen and it started appearing in the wild in early July.

https://www.virustotal.com/en/file/cda1 ... /analysis/

Sample, decrypted config and webinjects (targeting mostly .us and .ca) from eluidess[.]pw attached. The config JSON is the real deal, but the webinject JSON is my parsing to make them Zeus formatted.

[Xylitol]

Who Let the Pandas Out? Zeus, Zeus, Zeus, Zeus ~ https://www.arbornetworks.com/blog/aser ... zeus-zeus/

[tildedennis]

Forcepoint also released a post: https://blogs.forcepoint.com/security-l ... s-uk-banks

* https://www.virustotal.com/en/file/3439 ... /analysis/
* https://www.virustotal.com/en/file/ee76 ... /analysis/

Samples, config, and webinjects attached.

[darkbro]

Unpacked sample b8cf2c0d278a505707fed24e385bb580 from pandas.zip

[tildedennis]

Our malware zoo welcomed a brand new baby panda (banker) into the wild the other day, please say hi to version 2.2.6:

https://www.virustotal.com/en/file/571b ... /analysis/

A quick scan using Diaphora's "Relaxed calculations of differences ratios" shows there are very few changes compared to 2.2.5, mostly rearranged encrypted string indexes and some different API hashes.

Sample, config, webinjects attached. Mostly focusing on .ca banks.

[ikolor]

We are not from ZOO .Some people hard work to find some malware sample .Please remember .

[entdark]

anyone has a sample?