2019-05-03 - QUICK POST: URSNIF INFECTIONS WITH DRIDEX OR NYMAIM
ASSOCIATED FILES:
- 2019-04-29-Word-docs-with-macro-for-Ursnif-all-named-info_04.29.doc.zip (784,425 bytes)
- 2019-04-30-Word-docs-with-macro-for-Ursnif-all-named-info_04.30.doc.zip (907,414 bytes)
- 2019-05-01-Word-docs-with-macro-for-Ursnif-all-named-info_05.01.doc.zip (1,112,233 bytes)
- 2019-05-02-Word-docs-with-macro-for-Ursnif-all-named-info_05.02.doc.zip (1,148,520 bytes)
- 2019-05-03-Word-docs-with-macro-for-Ursnif-all-named-info_05.03.doc.zip (624,249 bytes)
- 2019-05-01-Ursnif-infection-with-Dridex.pcap.zip (862,193 bytes)
- 2019-05-03-Ursnif-infection-with-Nymaim.pcap.zip (8,317,054 bytes)
- 2019-05-03-Ursnif-and-Nymaim-malware-and-artifacts.zip (5,669,865 bytes)
NOTES:
- This is a data dump for activity from malspam with attached Word docs that have macros for Ursnif.
- I most often see Dridex as the follow-up malware for Ursnif, but today (Friday) I saw Nymaim as the follow-up malware.
- I searched VirusTotal Intelligence for Word docs with macros for Ursnif this week, which I've included with this blog post.
- Zip archives are password-protected with a standard password. If you don't know it, see the "about" page of this website.
Click here to return to the main page.