2020-03-31 - URSNIF (GOZI/IFSB) INFECTION

ASSOCIATED FILES:

NOTES:

 

IMAGES


Shown above:  Downloading a password-protected zip archive from one of the links.

 


Shown above:  Extracting the EXE from the password-protected zip archive.

 


Shown above:  Traffic from the infection filtered in Wireshark.

 


Shown above:  Registry updates after the initial infection.

 

Click here to return to the main page.