2021-04-28 (WEDNESDAY) - TA551 (SHATHAK) PUSHES URSNIF (GOZI/ISFB)
- 2021-04-28-TA551-Ursnif-IOCs.txt.zip 1.3 kB (1,274 bytes)
- 2021-04-28-TA551-Ursnif-infection-traffic.pcap.zip 862 kB (862,434 bytes)
- 2021-04-28-TA551-Ursnif-malware.zip 446 kB (445,937 bytes)
- All zip archives on this site are password-protected. If you don't know the password, see the "about" page of this website.
Shown above: Word doc extracted from password-protected zip archive.
Shown above: Artifact seen after enabling macros on the Word doc.
Shown above: Traffic from the infection filtered in Wireshark.
Click here to return to the main page.