2020-03-31 - URSNIF (GOZI/IFSB) INFECTION

ASSOCIATED FILES:

• 2020-03-31-Ursnif-IOCs.txt.zip   1.4 kB (1,393 bytes)
• 2020-03-31-Ursnif-infection-traffic.pcap.zip   560 kB (559,599 bytes)
• 2020-03-31-Ursnif-malware.zip   2.0 MB (1,987,051 bytes)

NOTES:

• All zip archives on this site are password-protected with the standard password.  If you don't know it, see the "about" page of this website.

 

IMAGES

Shown above:  Downloading a password-protected zip archive from one of the links.

 

Shown above:  Extracting the EXE from the password-protected zip archive.

 

Shown above:  Traffic from the infection filtered in Wireshark.

 

Shown above:  Registry updates after the initial infection.

 

Click here to return to the main page.