URSNIF Data Theft Malware Shared on Microsoft OneDrive
Tags
country: United States Of America
attack-pattern: Data Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 0def855f-2977-417e-988b-e7b231377daa
Fingerprint ac17abda88a22afb
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 2, 2016, 5:40 p.m.
Added to db Jan. 18, 2023, 11:31 p.m.
Last updated Nov. 18, 2024, 2:36 a.m.
Headline URSNIF Data Theft Malware Shared on Microsoft OneDrive
Title URSNIF Data Theft Malware Shared on Microsoft OneDrive
Detected Hints/Tags/Attributes 42/2/22
Source URLs
Redirection Url
Details Source https://www.netskope.com/blog/ursnif-data-theft-malware-shared-on-microsoft-onedrive/
URL Provider
Details Provider Source level domain
Details netskope.com www.netskope.com
Attributes
Details Type #Events CTI Value
Details Domain 13 
hybrid-analysis.com
Details Domain 38 
wtfismyip.com
Details Domain 1 
aagheresherecliallow.me
Details Domain 1 
usallowalclientallow.me
Details Domain 1 
z1.zedo.com
Details File 1 
aeevuser.exe
Details File 1260 
explorer.exe
Details File 71 
nss3.dll
Details File 25 
nspr4.dll
Details File 130 
ws2_32.dll
Details File 18 
chrome.dll
Details File 146 
wininet.dll
Details File 1 
e8e4.bin
Details File 259 
robots.txt
Details File 1 
bnsjqhq.bmp
Details File 1 
z.gif
Details md5 1 
d92f138fdc7217ef4793c6373ed16b8a
Details md5 1 
492ea0e9d246e0af878a0ea215e15744
Details md5 1 
B40cffd21b6c2297dc8552c44f04fccd
Details md5 1 
51f303a577b47bc12fe019190dac1383
Details IPv4 1 
91.213.126.113
Details Url 2 
https://wtfismyip.com