{
	"id": "786c7c97-7713-43ae-9bc5-10b4e6e0cbc9",
	"created_at": "2026-04-06T00:07:29.194917Z",
	"updated_at": "2026-04-10T03:30:33.483316Z",
	"deleted_at": null,
	"sha1_hash": "d235a73e352b4cf5350ca64e5e4a55597ba31210",
	"title": "Gauss samples - Nation-state cyber-surveillance + Banking trojan",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48764,
	"plain_text": "Gauss samples - Nation-state cyber-surveillance + Banking trojan\r\nArchived: 2026-04-05 13:06:51 UTC\r\nGauss samples - Nation-state cyber-surveillance + Banking trojan\r\nJust a quick post for those who can't sleep until get to play with Gauss\r\nExcerpt:\r\nThe highest number of infections is recorded in Lebanon, with more than 1600 computers affected. The Gauss\r\ncode  (winshell.ocx) contains direct commands to intercept data required to work with Lebanese banks – including\r\nthe Bank of  Beirut, Byblos Bank and Fransabank. \r\nList of files for download:\r\n├───devwiz.ocx\r\n│       CBB982032AED60B133225A2715D94458_devwiz.ocx\r\n│\r\n├───dskapi.ocx\r\n│       08D7DDB11E16B86544E0C3E677A60E10_100-dskapi.ocx\r\n│       23D956C297C67D94F591FCB574D9325F_100-dskapi.ocx\r\n│\r\n├───mcdmn.ocx\r\n│       9CA4A49135BCCDB09931CF0DBE25B5A9-mcdmn.ocx\r\n│\r\nhttp://contagiodump.blogspot.com/2012/08/gauss-samples-nation-state-cyber.html\r\nPage 1 of 2\n\n├───smdk.ocx\r\n│       5604A86CE596A239DD5B232AE32E02C6_smdk.ocx\r\n│       90F5C45420C295C73067AF44028CE0DD_smdk.ocx\r\n│\r\n├───windig.ocx\r\n│       DE2D0D6C340C75EB415F7263388351\r\n25_windig.ocx\r\n│\r\n└───winshell.ocx\r\n        4FB4D2EB303160C5F419CEC2E9F57850_winshell.ocx\r\n        7AC2799B5337B4BE54E5D5B03B214572_winshell.ocx\r\n        EF6451FDE3751F698B49C8D4975A58B5_winshell.ocx\r\nSource: http://contagiodump.blogspot.com/2012/08/gauss-samples-nation-state-cyber.html\r\nhttp://contagiodump.blogspot.com/2012/08/gauss-samples-nation-state-cyber.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"http://contagiodump.blogspot.com/2012/08/gauss-samples-nation-state-cyber.html"
	],
	"report_names": [
		"gauss-samples-nation-state-cyber.html"
	],
	"threat_actors": [
		{
			"id": "75108fc1-7f6a-450e-b024-10284f3f62bb",
			"created_at": "2024-11-01T02:00:52.756877Z",
			"updated_at": "2026-04-10T02:00:05.273746Z",
			"deleted_at": null,
			"main_name": "Play",
			"aliases": null,
			"source_name": "MITRE:Play",
			"tools": [
				"Nltest",
				"AdFind",
				"PsExec",
				"Wevtutil",
				"Cobalt Strike",
				"Playcrypt",
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434049,
	"ts_updated_at": 1775791833,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d235a73e352b4cf5350ca64e5e4a55597ba31210.pdf",
		"text": "https://archive.orkl.eu/d235a73e352b4cf5350ca64e5e4a55597ba31210.txt",
		"img": "https://archive.orkl.eu/d235a73e352b4cf5350ca64e5e4a55597ba31210.jpg"
	}
}