ioc[.]one - OSINT Cyber Threat Intelligence Database

Battle Against Ursnif Malspam Campaign targeting Japan

Show in Graph

Common Information

Type	Value
UUID	82b8dc5f-f1fd-4ff2-89df-55b1dac14642
Fingerprint	d037c9731fa8216dea9d448b19e3bb791e8d3955ac21bfe1231bbd9d0e61e375
Analysis status	DONE
Considered CTI value	0
Text language
Published	Jan. 15, 2020, 1:22 p.m.
Added to db	March 12, 2024, 7:37 p.m.
Last updated	Aug. 31, 2024, 4:39 a.m.
Headline	Battle Against Ursnif Malspam Campaign targeting Japan
Title	Battle Against Ursnif Malspam Campaign targeting Japan
Detected Hints/Tags/Attributes	105/3/28

Source URLs

	Redirection	Url
Details	Source	https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_5_sajo-takeda-niwa_en.pdf

URL Provider

Details	Provider	Source level domain
Details	jpcert.or.jp	jsac.jpcert.or.jp

Attributes

Details	Type	#Events	Value
Details	Domain	26	www.lac.co.jp
Details	Domain	11	dnspod.com
Details	Domain	3	benkow.cc
Details	Domain	622	en.wikipedia.org
Details	File	2	20170523_001291.html
Details	File	1260	explorer.exe
Details	File	2	dreambotsas19.pdf
Details	IPv4	4	3.1.1.3
Details	IPv4	6	3.1.1.4
Details	IPv4	7	3.1.2.1
Details	IPv4	4	3.1.2.2
Details	IPv4	2	3.1.2.3
Details	IPv4	3	3.1.2.4
Details	IPv4	2	3.1.2.5
Details	IPv4	2	3.1.2.6
Details	IPv4	2	3.1.2.7
Details	IPv4	2	3.1.2.8
Details	IPv4	6	3.1.3.1
Details	IPv4	4	3.1.3.2
Details	IPv4	7	3.2.1.1
Details	IPv4	4	3.2.1.2
Details	IPv4	3	5.8.88.0
Details	IPv4	2	5.188.231.0
Details	Url	2	https://www.lac.co.jp/lacwatch/people/20170523_001291.html
Details	Url	2	https://www.proofpoint.com/us/threat-insight/post/sandiflux-another-fast-flux-infrastructure-used-malware-distribution-emerges
Details	Url	2	http://benkow.cc/dreambotsas19.pdf
Details	Url	2	https://en.wikipedia.org/wiki/active_defense
Details	Url	2	https://docs.google.com/spreadsheets/d/1udclsbnuzoi2nrpnviwsl3iudalajkhpuoakgpvsu6i/edit?usp=sharing