2019-05-03 - QUICK POST: URSNIF INFECTIONS WITH DRIDEX OR NYMAIM

ASSOCIATED FILES:

• 2019-04-29-Word-docs-with-macro-for-Ursnif-all-named-info_04.29.doc.zip   (784,425 bytes)
• 2019-04-30-Word-docs-with-macro-for-Ursnif-all-named-info_04.30.doc.zip   (907,414 bytes)
• 2019-05-01-Word-docs-with-macro-for-Ursnif-all-named-info_05.01.doc.zip   (1,112,233 bytes)
• 2019-05-02-Word-docs-with-macro-for-Ursnif-all-named-info_05.02.doc.zip   (1,148,520 bytes)
• 2019-05-03-Word-docs-with-macro-for-Ursnif-all-named-info_05.03.doc.zip   (624,249 bytes)

• 2019-05-01-Ursnif-infection-with-Dridex.pcap.zip   (862,193 bytes)

• 2019-05-03-Ursnif-infection-with-Nymaim.pcap.zip   (8,317,054 bytes)
• 2019-05-03-Ursnif-and-Nymaim-malware-and-artifacts.zip   (5,669,865 bytes)

NOTES:

• This is a data dump for activity from malspam with attached Word docs that have macros for Ursnif.
• I most often see Dridex as the follow-up malware for Ursnif, but today (Friday) I saw Nymaim as the follow-up malware.
• I searched VirusTotal Intelligence for Word docs with macros for Ursnif this week, which I've included with this blog post.
• Zip archives are password-protected with a standard password.  If you don't know it, see the "about" page of this website.

 

Click here to return to the main page.