2019-07-29 - URSNIF INFECTION WITH PUSHDO
- 2019-07-29-DHL-themed-Ursnif-malspam-examples.zip 194 kB (194,114 bytes)
- 2019-07-29-Ursnif-infection-with-Pushdo.pcap.zip 6.5 MB (6,519,413 bytes)
- 2019-07-29-Ursnif-and-Pushdo-malware-and-artifacts.zip 2.5 MB (2,478,867 bytes)
- 2019-07-29-Ursnif-with-Pushdo-IOCs.txt.zip 1 kB (1,040 bytes)
- First saw info about the malspam from this tweet.
- Zip archives are password-protected with the standard password. If you don't know it, see the "about" page of this website.
Shown above: Infection traffic filtered in Wireshark.
Shown above: Fiddler shows info on the HTTPS traffic generated by the spreadsheet macro.
Shown above: Filtering for spambot traffic in the pcap.
Shown above: One of the emails sent out from my newly-infected host (part 1 of 2).
Shown above: One of the emails sent out from my newly-infected host (part 2 of 2).
Click here to return to the main page.