2021-05-14 (FRIDAY) - EMAIL ATTACHMENT FROM 10 DAYS AGO STILL PUSHING URSNIF (GOZI/ISFB)
- 2021-05-14-Ursnif-traffic-and-malware-and-IOCs.zip 1.1 MB (1,042,347 bytes)
- 2021-05-03-malspam-pushing-Ursnif.eml (134,798 bytes)
- 2021-05-14-IOCs-for-Ursnif-infection.txt (3,786 bytes)
- 2021-05-14-Ursnif-infection-traffic.pcap (821,237 bytes)
- I8m7XluZbbj10J53.xlsb (96,582 bytes)
- block.dll (312,832 bytes)
- All zip archives on this site are password-protected. If you don't know the password, see the "about" page of this website.
Shown above: Screenshot of the malicious email with sensitive information removed.
Shown above: Excel file attached to malicious email.
Shown above: Traffic from the infection filtered in Wireshark.
Click here to return to the main page.