バンキングマルウェア「URSNIF」 解析レポート
Common Information
| Type | Value |
|---|---|
| UUID | c2de107e-25cc-416d-95d4-2f28f1890e2a |
| Fingerprint | 68e000929c2c3082591443f3d62164fceff618456c4c8a390f10f5c35327aaec |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 26, 2016, 7:02 p.m. |
| Added to db | March 11, 2024, 7:53 p.m. |
| Last updated | Aug. 31, 2024, 3:50 a.m. |
| Headline | バンキングマルウェア「URSNIF」 解析レポート |
| Title | バンキングマルウェア「URSNIF」 解析レポート |
| Detected Hints/Tags/Attributes | 41/2/43 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://jp.security.ntt/resources/URSNIF.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | www.sy |
|
| Details | Domain | 1 | mantec.com |
|
| Details | Domain | 15 | www.npa.go.jp |
|
| Details | Domain | 3 | www.jc3.or.jp |
|
| Details | Domain | 18 | blog.trendmicro.co.jp |
|
| Details | Domain | 1 | threatgeek.com |
|
| Details | Domain | 57 | www.owasp.org |
|
| Details | File | 1 | the_state_of_financial_trojans_2013.pdf |
|
| Details | File | 1 | 111215_1.pdf |
|
| Details | File | 1 | h280303_banking.pdf |
|
| Details | File | 1 | gozi.html |
|
| Details | File | 1 | panel_c.exe |
|
| Details | File | 1 | ロセスインジェクションされたpanel_c.exe |
|
| Details | File | 1 | api-pnet.exe |
|
| Details | File | 1 | 第1引数にapi-pnet.exe |
|
| Details | File | 1 | を引数としてapi-pnet.exe |
|
| Details | File | 1 | スが起動している場合にはapi-pnet.exe |
|
| Details | File | 1 | 終了するまでapi-pnet.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 56 | iexplorer.exe |
|
| Details | File | 1 | コードインジェクションされたexplorer.exe |
|
| Details | File | 1 | にapi_pnet.exe |
|
| Details | File | 1 | new-ursnif-variant-targeting-italy-and-us.html |
|
| Details | File | 1206 | index.php |
|
| Details | File | 1122 | svchost.exe |
|
| Details | md5 | 1 | ca5e4c6c93b29caf70471b5737f91d7c |
|
| Details | md5 | 1 | 5c92b8e619d31a07bd68777c7cd3a7cc |
|
| Details | md5 | 1 | 94bcc117f87979cf2e4b4ea6bc8f3e2a |
|
| Details | md5 | 1 | fbcf05d8b9b06f3593497f2437ccf71d |
|
| Details | md5 | 1 | cd862b423b01c908ad9a7a6a479ed642 |
|
| Details | md5 | 1 | ab2dd02be6f450929dd6cecd9ab00708 |
|
| Details | md5 | 1 | ead9bf15c9cd3f5529a315b5fb15bd9d |
|
| Details | md5 | 1 | 8d3b4da716344ce57f28ab5210e82bfc |
|
| Details | md5 | 2 | 4df3ce5c9a83829c0f81ee1e3121c6ea |
|
| Details | md5 | 1 | 02a21634b654846fa8bfb831b1edaf46 |
|
| Details | md5 | 1 | be6e523e7940b4810395bab095deab89 |
|
| Details | Url | 1 | http://www.sy |
|
| Details | Url | 1 | https://www.npa.go.jp/cyber/warning/h23/111215_1.pdf |
|
| Details | Url | 1 | https://www.npa.go.jp/cyber/pdf/h280303_banking.pdf |
|
| Details | Url | 1 | https://www.jc3.or.jp/topics/gozi.html |
|
| Details | Url | 1 | http://blog.trendmicro.co.jp/archives/13471 |
|
| Details | Url | 1 | https://www.owasp.org/index.php/man-in-the-browser_attack |
|
| Details | Windows Registry Key | 1 | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\R |