2019-10-17 - DATA DUMP: URSNIF INFECTION TRAFFIC FROM ITALIAN MALSPAM

ASSOCIATED FILES:

  • 2019-10-17-Ursnif-IOCs.txt   (2,558 bytes)
  • 2019-10-17-Ursnif-infection-from-Italian-malspam.pcap   (4,801,007 bytes)
  • 2019-10-17-Word-doc-with-macro-for-Ursnif.doc   (78,848 bytes)
  • 2019-10-17-initial-Ursnif-binary.exe   (3,715,072 bytes)
  • 2019-10-17-javascript-dropped-by-macro-from-Word-doc.txt   (1,454 bytes)
  • 2019-10-17-Windows-registry-updates-from-Ursnif.txt   (10,579,864 bytes)

NOTES:

 

IMAGES


Shown above:  Searching for malspam pushing today's Ursnif in VirusTotal.

 


Shown above:  Still the same "777" password for zip archives attached to this malspam.

 


Shown above:  Traffic from a santized pcap of the infection traffic.

 

Click here to return to the main page.