Malware-Traffic-Analysis.net - 2019-10-17 - Data dump: Ursnif infection traffic from Italian malspam

2019-10-17 - DATA DUMP: URSNIF INFECTION TRAFFIC FROM ITALIAN MALSPAM

ASSOCIATED FILES:

2019-10-17-Ursnif-IOCs.txt.zip 1.3 kB (1,271 bytes)

2019-10-17-Ursnif-IOCs.txt (2,558 bytes)

2019-10-17-Ursnif-infection-from-Italian-malspam.pcap.zip 2.3 MB (2,260,847 bytes)

2019-10-17-Ursnif-infection-from-Italian-malspam.pcap (4,801,007 bytes)

2019-10-17-malware-and-artifacts-from-Ursnif-infection.zip 3.8 MB (3,808,542 bytes)

2019-10-17-Word-doc-with-macro-for-Ursnif.doc (78,848 bytes)

2019-10-17-initial-Ursnif-binary.exe (3,715,072 bytes)

2019-10-17-javascript-dropped-by-macro-from-Word-doc.txt (1,454 bytes)

2019-10-17-Windows-registry-updates-from-Ursnif.txt (10,579,864 bytes)

NOTES:

Zip archives are password-protected with the standard password. If you don't know it, see the "about" page of this website.

IMAGES

Shown above: Searching for malspam pushing today's Ursnif in VirusTotal.

Shown above: Still the same "777" password for zip archives attached to this malspam.

Shown above: Traffic from a santized pcap of the infection traffic.

Click here to return to the main page.