{
	"id": "b9182573-4320-44cd-9205-0be842c06c8f",
	"created_at": "2026-04-06T03:37:13.45463Z",
	"updated_at": "2026-04-10T13:13:01.353139Z",
	"deleted_at": null,
	"sha1_hash": "97713f9cb440cf67832199fc3bd6da510e7fb84a",
	"title": "LevelBlue - Open Threat Exchange",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 251704,
	"plain_text": "LevelBlue - Open Threat Exchange\r\nBy Gnostis\r\nArchived: 2026-04-06 02:52:28 UTC\r\n171 Subscribers\r\n171 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:Fobber\r\nPage 1 of 3\n\nThreat Research | FireEye Inc\r\nFind out more about FireEye.com, the world's leading cyber security company, which provides security services to\r\nmore than 1.5 million customers across the globe, and offers a wide range of products and services.\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:Fobber\r\nPage 2 of 3\n\n17 Subscribers\r\nActive Fobber DGA(s) for 20190706\r\nSome active Fobber domains generated via DGA for 20190706. For our Enterprise Threat Data services, please\r\nvisit https://malwarepatrol.net/ or contact us at commercial@malwarepatrol.net.\r\n3,431 Subscribers\r\nNew Banking Trojan Fobber, a new variant of Tinba\r\nFobber, a new variant of Tinba uses an interesting and unusual approach to make static analysis harder: In the\r\noriginal sample, there was no sign of Man-in-the-Browser (MitB) aiming to steal banking credentials but, since\r\nthe malware has the capability to update itself, this possibility can be later added by the attackers. On our analysis,\r\napart from the update feature, we only found the form-grabbing / cookie stealing malicious feature. Although this\r\nanalysis is pretty comprehensive, this cannot be considerate ultimate, there are still pieces of the puzzles missing\r\nand possible misinterpretation in it.\r\n350 Subscribers\r\nSource: https://otx.alienvault.com/browse/pulses?q=tag:Fobber\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:Fobber\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://otx.alienvault.com/browse/pulses?q=tag:Fobber"
	],
	"report_names": [
		"pulses?q=tag:Fobber"
	],
	"threat_actors": [],
	"ts_created_at": 1775446633,
	"ts_updated_at": 1775826781,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/97713f9cb440cf67832199fc3bd6da510e7fb84a.pdf",
		"text": "https://archive.orkl.eu/97713f9cb440cf67832199fc3bd6da510e7fb84a.txt",
		"img": "https://archive.orkl.eu/97713f9cb440cf67832199fc3bd6da510e7fb84a.jpg"
	}
}