Sitemap

A list of all the posts and pages found on the site. For you robots out there, there is an XML version available for digesting as well.

Pages

Posts

Ursnif New Variant Latest Attack Activity Analysis Report

3 minute read

Published:

1. Overview

Recently, Antiy CERT captured a Ursnif banking Trojan attack activity during network monitoring. This attack activity delivered an initial payload in the form of an email containing a malicious macro document. The content of the email was a payment reminder written in Italian. After the macro code in the document was run, it would access a remote server to download and load a malicious dll (downloader). After the dll was loaded, it would collect information about the victim’s host and send it back to the attacker’s server, while receiving the data of subsequent modules in the response data. As of the time of analysis, the server had become invalid, and it was temporarily impossible to know the detailed functions of the subsequent modules.

publications

Publications

Published in , 2024

This paper is about the number 1. The number 2 is left for future work.