2021-04-16 (FRIDAY) - TA551 (SHATHAK) GERMAN-TEMPLATE WORD DOCS PUSH URSNIF (GOZI/ISFB)

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2021-04-16-TA551-IOCs-for-Ursnif.txt.zip   4.9 kB   (4,936 bytes)
• 2021-04-16-TA551-malspam-2-examples.zip   306 kB   (306,207 bytes)
• 2021-04-16-TA551-Word-docs-62-examples.zip   8.7 MB   (8,652,323 bytes)
• 2021-04-16-TA551-installer-DLL-and-HTA-files.zip   3.9 MB   (3,949,106 bytes)
• 2021-04-16-Ursnif-related-files-from-an-infected-host.zip   2.3 MB   (2,288,367 bytes)
• 2021-04-16-TA551-Ursnif-traffic.pcap.zip   2.8 MB   (2,785,050 bytes)

NOTES:

• Starting this week, the TA551 (Shathak) campaign switched to German-language templates for their Word docs and targeted German-speaking victims.
• TA551 was active earlier this week on Tuesday 2021-04-13 and Wednesday 2021-04-14, also targeting German-speaking victims.

 

Click here to return to the main page.