API tools faq
paste
ExecuteMalware

2021-07-29 Ursnif IOCs

ExecuteMalware
Jul 29th, 2021
15,246
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.10 KB | None | 0 0
raw download clone embed print report
  1. THREAT IDENTIFICATION: URSNIF (Gozi / ISFB)
  2.  
  3. SUBJECTS OBSERVED
  4. Subjects were from stolen existing email threads.
  5.  
  6. SENDERS OBSERVED
  7. [email protected]
  8. [email protected]
  9.  
  10. MALDOC DOWNLOAD URLS
  11. https://1drv.ms/u/s!AtBlemOC0Q1pd4CN8VJWYHnJBw0?e=ismUCc
  12. https://1drv.ms/u/s!AvM5mBtIMcgibvCR9VNK3nsXaO0?e=3wLGd5
  13.  
  14. https://onedrive.live.com/?authkey=%21APCR9VNK3nsXaO0&cid=22C831481B9839F3&id=22C831481B9839F3%21110&parId=22C831481B9839F3%21104&action=locate
  15.  
  16. https://onedrive.live.com/?authkey=%21AICN8VJWYHnJBw0&cid=690DD182637A65D0&id=690DD182637A65D0%21119&parId=690DD182637A65D0%21104&action=locate
  17.  
  18. ZIP FILE HASHES
  19. documentation_67198.zip
  20. 3cf67ced1a6f6949bd1e7b1f7a2b3a92
  21.  
  22. information_48447.zip
  23. a717b5ea2aa061688f1842c8afcb44c3
  24.  
  25. VBS FILE HASHES
  26. documentation_67198.vbs
  27. 7e4d4e318c85af75ce9bb40e83a3c051
  28.  
  29. information_48447.vbs
  30. 490181c69f494126eb586e622b93d5ed
  31.  
  32. URSNIF C2
  33. gtr.antoinfer.com
  34. app.bighomegl.at
  35.  
  36. SUPPORTING EVIDENCE
  37. https://twitter.com/ps66uk/status/1420875603851497477
  38. https://app.any.run/tasks/18a76498-793c-4c5d-a28c-835aab8739bb/
  39. https://tria.ge/210729-wvpcwx5t4s
  40.  
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!