2020-03-31 - URSNIF (GOZI/IFSB) INFECTION
ASSOCIATED FILES:
- 2020-03-31-Ursnif-IOCs.txt.zip 1.4 kB (1,393 bytes)
- 2020-03-31-Ursnif-infection-traffic.pcap.zip 560 kB (559,599 bytes)
- 2020-03-31-Ursnif-malware.zip 2.0 MB (1,987,051 bytes)
NOTES:
- All zip archives on this site are password-protected with the standard password. If you don't know it, see the "about" page of this website.
IMAGES
Shown above: Downloading a password-protected zip archive from one of the links.
Shown above: Extracting the EXE from the password-protected zip archive.
Shown above: Traffic from the infection filtered in Wireshark.
Shown above: Registry updates after the initial infection.
Click here to return to the main page.