Ursnif is a banking trojan and variant of the Gozi malware observed being spread through various automated exploit kits, Spearphishing Attachments, and malicious links. Ursnif is associated primarily with data theft, but variants also include components (backdoors, spyware, file injectors, etc.) capable of a wide variety of behaviors.
IOCs Details :
HASH
|
2699af5c8bd8b6acda6d73e7210da4c3d7a317c65bb78f8eddf594c79fc41391
|
61abbbb52a550140bd76fa17fc31b595234132af2da03abbfadbfffa4a21fc13
|
d6d84702aaaef1598df34da796fd5546c0458c7e74104665ab5f57220ee7ce7e
|
d7bf250a6f5d49f5e5163cff89ac6e14bbf06adefb23f0640ed210133a441197
|
IP
|
217.138.205.170
|
46.102.153.16
|
173.209.43.53
|
185.158.250.29
|
45.11.181.32
|
68.168.123.78
|
37.10.71.149
|
Domain
|
samementolaniasicilia.website
|
odelpagamentorome.site
|
fatturapagamentodi.pw
|
megpagamil.pw
|
megpagamilmegpagamil.xyz
|
pizdelko.xyz
|
asistenzaonline.xyz
|
Malware Sample : https://github.com/netwrkspider/malwareSample/blob/master/25-feb-ursnif_malware_sample_zeroDay.zip
Password : infected
No comments:
Post a Comment