2021-06-18 (FRIDAY) - TA551 (SHATHAK) ENGLISH-TEMPLATE WORD DOCS PUSH GOZI/ISFB/URSNIF
ASSOCIATED FILES:
- 2021-06-18-TA551-IOCs-for-Gozi-ISFB-Urnsif.txt.zip 4.0 kB (4,038 bytes)
- 2021-06-18-TA551-malspam-2-examples.zip 106 kB (105,870 bytes)
- 2021-06-18-TA551-Gozi-ISFB-Ursnif-infection-traffic.pcap.zip 8.2 MB (8,214,662 bytes)
- 2021-06-18-TA551-Gozi-ISFB-Ursnif-malware.zip 3.8 MB (3,755,858 bytes)
NOTES:
- All zip archives on this site are password-protected. If you don't know the password, see the "about" page of this website.
- As recently as Tuesday 2021-06-08, TA551 (Shathak) was pushing IcedID (Bokbot) using English-template Word docs.
- However, since Thursday 2021-06-10, TA551 has been pushing Gozi/ISFB/Ursnif using the same type of English-template Word docs. I have not seen IcedID from TA551 since then.
IMAGES
Shown above: Traffic from an infection filtered in Wireshark.
Click here to return to the main page.