2020-01-24 - ITALIAN MALSPAM PUSHES URSNIF
NOTICE:
- The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.
ASSOCIATED FILES:
- 2020-01-24-Ursnif-IOCs.txt.zip 1.7 kB (1,721 bytes)
- 2020-01-24-Ursnif-IOCs.txt (3,223 bytes)
- 2020-01-24-Ursnif-malspam-4-email-examples.zip 278 kB (277,852 bytes)
- 2020-01-24-Ursnif-malspam-example-1-of-4-0706-UTC.eml (204,882 bytes)
- 2020-01-24-Ursnif-malspam-example-2-of-4-0750-UTC.eml (95,532 bytes)
- 2020-01-24-Ursnif-malspam-example-3-of-4-0827-UTC.eml (92,097 bytes)
- 2020-01-24-Ursnif-malspam-example-4-of-4-0919-UTC.eml (89,903 bytes)
- 2020-01-24-Ursnif-infection-traffic.pcap.zip 633 kB (632,686 bytes)
- 2020-01-24-Ursnif-infection-traffic.pcap (958,317 bytes)
- 2020-01-24-Ursnif-malware-and-artifacts.zip 652 kB (652,200 bytes)
- 2020-01-24-Ursnif-DLL-retrieved-using-XSL-file-example-4-of-4.bin (279,552 bytes)
- 2020-01-24-XSL-file-dropped-after-enabling-macros-on-Word-doc-example-4-of-4.txt (3,740 bytes)
- 2020-01-24-extracted-Word-doc-with-macro-for-Ursnif-example-1-of-4.doc (67,329 bytes)
- 2020-01-24-extracted-Word-doc-with-macro-for-Ursnif-example-2-of-4.doc (67,240 bytes)
- 2020-01-24-extracted-Word-doc-with-macro-for-Ursnif-example-3-of-4.doc (67,331 bytes)
- 2020-01-24-extracted-Word-doc-with-macro-for-Ursnif-example-4-of-4.doc (67,331 bytes)
- 2020-01-24-password-protected-zip-archive-with-Word-doc-for-Ursnif-example-1-of-4-password-111.zip (60,667 bytes)
- 2020-01-24-password-protected-zip-archive-with-Word-doc-for-Ursnif-example-2-of-4-password-222.zip (60,573 bytes)
- 2020-01-24-password-protected-zip-archive-with-Word-doc-for-Ursnif-example-3-of-4-password-111.zip (60,668 bytes)
- 2020-01-24-password-protected-zip-archive-with-Word-doc-for-Ursnif-example-4-of-4-password-111.zip (60,668 bytes)
IMAGES
Shown above: Traffic from an infection filtered in Wireshark.
Click here to return to the main page.