2019-10-17 - DATA DUMP: URSNIF INFECTION TRAFFIC FROM ITALIAN MALSPAM
ASSOCIATED FILES:
- 2019-10-17-Ursnif-IOCs.txt.zip 1.3 kB (1,271 bytes)
- 2019-10-17-Ursnif-IOCs.txt   (2,558 bytes)
- 2019-10-17-Ursnif-infection-from-Italian-malspam.pcap.zip 2.3 MB (2,260,847 bytes)
- 2019-10-17-Ursnif-infection-from-Italian-malspam.pcap   (4,801,007 bytes)
- 2019-10-17-malware-and-artifacts-from-Ursnif-infection.zip 3.8 MB (3,808,542 bytes)
- 2019-10-17-Word-doc-with-macro-for-Ursnif.doc   (78,848 bytes)
- 2019-10-17-initial-Ursnif-binary.exe   (3,715,072 bytes)
- 2019-10-17-javascript-dropped-by-macro-from-Word-doc.txt   (1,454 bytes)
- 2019-10-17-Windows-registry-updates-from-Ursnif.txt   (10,579,864 bytes)
NOTES:
- Zip archives are password-protected with the standard password. If you don't know it, see the "about" page of this website.
IMAGES
Shown above: Searching for malspam pushing today's Ursnif in VirusTotal.
Shown above: Still the same "777" password for zip archives attached to this malspam.
Shown above: Traffic from a santized pcap of the infection traffic.
Click here to return to the main page.