{
  "name": "Stealer Distributed via Crafted Minecraft Source Pack",
  "slug": "stealer-distributed-via-crafted-minecraft-source-pack",
  "description": "This report details the operation of the zEus stealer malware, which is distributed through a crafted Minecraft source pack. The malware collects sensitive information from victims' systems, including login credentials, browser data, and cryptocurrency wallets. It employs anti-analysis techniques and drops various script files to maintain persistence, disable security tools, and establish command-and-control communication. The report emphasizes the risks associated with downloading unverified files and the importance of enabling multi-factor authentication and threat intelligence services.",
  "published": "2024-05-08T09:09:07+00:00",
  "created_at": "2024-05-08T09:09:07+00:00",
  "modified_at": "2024-05-08T15:24:46+00:00",
  "created_at_opencti": "2024-05-08T09:09:07+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-05-03",
    "2024-05-04",
    "2024-05-05",
    "2024-05-06",
    "2024-05-07",
    "2024-05-08",
    "anti-analysis",
    "minecraft",
    "persistence",
    "screenshots",
    "stealer",
    "zeus panda"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "d1865d2aaf11e3f8bccefe9c4847510234f14aaa5378ce9e8e97553537cf2ca1"
      },
      {
        "id": "",
        "name": "c9687714cf799e5ce9083c9afa3e622c978136d339fc9c15e272b0df9cd7e21c"
      },
      {
        "id": "",
        "name": "c2c8a7050b28d86143f4d606a6d245b53c588bc547a639094fce857962246da4"
      },
      {
        "id": "",
        "name": "9d3409852348caa65d28e674008dd6bb986eed4fb507957c7a8b73a41e00be70"
      },
      {
        "id": "",
        "name": "9940da9d02d29489c3e26d27feb15b6f4bbf49547b962592125441917c952f12"
      },
      {
        "id": "",
        "name": "8a2f6d5f6cf7d1a7534454e3c3007337b71d7da470e86f7636eb02d68b2db8cc"
      },
      {
        "id": "",
        "name": "6063c8285e13d10eabbe363e2ab0d8748bcd595b470698e0cffee31ba255a566"
      },
      {
        "id": "",
        "name": "5840f3e43a0c635be94b5fbf2e300d727545371b582361a52682b4a9e08bcebd"
      },
      {
        "id": "",
        "name": "4e0a96ab28570936d095ac3910dcd239c7ceeb2b38a070468404584f8b902dd1"
      },
      {
        "id": "",
        "name": "2ceae724f0e96e2d8c47296dd1e73ac592e22ee3288eabf11c8d039c6d6d4f8b"
      },
      {
        "id": "",
        "name": "1cdd580176eeb4342a0333b50454da061e473358274e6e543df1411186c12042"
      },
      {
        "id": "",
        "name": "fbf967295dac00f1e9cb67e9a40b6729b003dd12cf022eb15d626df09716442d"
      },
      {
        "id": "",
        "name": "ed59a797521db06abdf4c88dad7b1666e5978aaa6670a5952a55b7e11f7b790e"
      },
      {
        "id": "",
        "name": "df6156fdbbcc7b6f8c9cb4c5c1b0018fc3f1e1ca7d949b5538ec27dc86d026a4"
      },
      {
        "id": "",
        "name": "d9d394cc2a743c0147f7c536cbb11d6ea070f2618a12e7cc0b15816307808b8a"
      },
      {
        "id": "",
        "name": "d1a18b436f947611914ced09e4465b49807cec4f3a62b0973c9017b6d82c9f70"
      },
      {
        "id": "",
        "name": "be9ea302bcfb52fbfdf006b2df8357388cd4c078059aabc5b5928676c3361e50"
      },
      {
        "id": "",
        "name": "b6e8b612e99c54dd98af1756f7c9b8a8c19e31ed9b2836878c2a5144563ff1b2"
      },
      {
        "id": "",
        "name": "aabfbef31ab073d99c01ecae697f66bbf6f14aa5d9c295c7a6a548879381fb24"
      },
      {
        "id": "",
        "name": "9ba19d614af029c3c198b576ccdf1de87d80ac14b12103e8a15376229a2a7860"
      },
      {
        "id": "",
        "name": "51ede75315d858209f9aa60d791c097c18d38f44b9d050b555ff1f4de0ae672d"
      },
      {
        "id": "",
        "name": "20009fd157a898ad6d50fae6b8127056c5b1f50e31f90f01d2e6c13e6b4c38f8"
      },
      {
        "id": "",
        "name": "03983b56d8b1a6cc43109f6cd67a13666367595a2ea07766127cb1fe4d4bb1a5"
      }
    ],
    "malware": [
      {
        "id": "3963b8bc-1f99-4754-bb27-d76fe2a4b95a",
        "name": "Zeus Panda - S0330",
        "slug": "zeus-panda-s0330"
      }
    ],
    "intrusion_sets": [
      {
        "id": "b81fd13c-ffb9-4ffd-bf35-7561077d229a",
        "name": "zEus",
        "slug": "zeus"
      }
    ],
    "attack_patterns": [
      {
        "id": "f56f09d8-2e08-4170-817a-5b314a669ea1",
        "name": "T1145"
      },
      {
        "id": "cc9a1424-474f-468a-bdbe-21802217f1ff",
        "name": "T1139"
      },
      {
        "id": "3645c785-310f-40a0-8db8-cdb47f81389c",
        "name": "T1081"
      },
      {
        "id": "6b5f1e68-aec7-4ea0-9777-62156da790a7",
        "name": "T1069"
      },
      {
        "id": "5c67e5d2-bc85-4ce0-822d-f2f5d3b0ae4e",
        "name": "T1185"
      },
      {
        "id": "32817170-4c07-427e-b8a5-80a733ae2550",
        "name": "T1497"
      },
      {
        "id": "6efb8bea-11d7-418d-a429-9f4a3e6c50f6",
        "name": "T1087"
      },
      {
        "id": "a72b6e11-a5d5-4f5a-8f0d-8861e90c34f7",
        "name": "T1555"
      },
      {
        "id": "8e0fea81-4d54-4e88-a7dd-3aa8b26558ed",
        "name": "T1113"
      },
      {
        "id": "f1bb7823-4f4b-4565-b472-bf0cfca467b1",
        "name": "T1486"
      },
      {
        "id": "b9a3b4f8-b9c0-4ed8-bf5e-bf759b9804d6",
        "name": "T1564"
      },
      {
        "id": "29398669-98ed-4766-9dac-f9632f7175ff",
        "name": "T1518"
      },
      {
        "id": "45082a8e-9c79-470e-ad1b-decac7188e8f",
        "name": "T1083"
      },
      {
        "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e",
        "name": "T1071"
      },
      {
        "id": "af9ed2e3-4663-4723-beab-c606ddc312e0",
        "name": "T1543"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      },
      {
        "id": "bb20a9e1-f4f6-459d-94f4-470c6867dc2d",
        "name": "T1053"
      },
      {
        "id": "09124a92-c11f-4571-b35b-ab0bce6dd081",
        "name": "T1112"
      },
      {
        "id": "0b2b1ecd-d52e-492a-af08-050954bc03e5",
        "name": "T1056"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ]
  },
  "external_refs": [
    "https://www.fortinet.com/blog/threat-research/zeus-stealer-distributed-via-crafted-minecraft-source-pack",
    "https://otx.alienvault.com/pulse/663b5d535aa28025d768bc62"
  ]
}