Wireshark Tutorial: Examining Ursnif Infections
Tags
| attack-pattern: | Data Direct Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 |
Common Information
| Type | Value |
|---|---|
| UUID | 22c61576-9361-46e3-9c59-088bf2ed5398 |
| Fingerprint | a4377979e43adae7 |
| Analysis status | DONE |
| Considered CTI value | -2 |
| Text language | |
| Published | Dec. 23, 2019, 2 p.m. |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 20, 2024, 5:43 a.m. |
| Headline | Wireshark Tutorial: Examining Ursnif Infections |
| Title | Wireshark Tutorial: Examining Ursnif Infections |
| Detected Hints/Tags/Attributes | 44/1/53 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | w8.wensa.at |
|
| Details | Domain | 1 | api2.casys.at |
|
| Details | Domain | 1 | h1.wensa.at |
|
| Details | Domain | 1 | foo.fulldin.at |
|
| Details | Domain | 1 | one.ahah100.at |
|
| Details | Domain | 1 | api.ahah100.at |
|
| Details | Domain | 1 | ghinatronx.com |
|
| Details | Domain | 1 | bjanicki.com |
|
| Details | Domain | 1 | prodrigo29lbkf20.com |
|
| Details | Domain | 5 | opendns.com |
|
| Details | Domain | 14 | dns.qry.name |
|
| Details | Domain | 35 | resolver1.opendns.com |
|
| Details | Domain | 35 | myip.opendns.com |
|
| Details | Domain | 1 | sinicaleer.com |
|
| Details | Domain | 709 | google.com |
|
| Details | Domain | 1 | ghdy656262oe.com |
|
| Details | Domain | 1183 | gmail.com |
|
| Details | Domain | 455 | www.google.com |
|
| Details | Domain | 1 | tnzf3380au.top |
|
| Details | Domain | 1 | xijamaalj.com |
|
| Details | Domain | 1 | vnt69tnjacynthe.com |
|
| Details | Domain | 1 | carresqautomotive.com |
|
| Details | Domain | 1 | oklogallem.com |
|
| Details | Domain | 1 | kh2714ldb.com |
|
| Details | Domain | 1 | s9971kbjjessie.com |
|
| Details | Domain | 1 | startuptshirt.my |
|
| Details | Domain | 1 | plledsaprell.byargt9wailen.voting |
|
| Details | Domain | 1 | ritalislum.com |
|
| Details | Domain | 1 | sopopf8.cab |
|
| Details | Domain | 1 | k55gaisi.com |
|
| Details | Domain | 1 | bon11ljgarry.com |
|
| Details | Domain | 1 | www.search-error.com |
|
| Details | Domain | 1 | leinwqoa.com |
|
| Details | Domain | 1 | n9maryjanef.com |
|
| Details | Domain | 1 | testedsolutionbe.com |
|
| Details | Domain | 88 | malware-traffic-analysis.net |
|
| Details | File | 1 | t64.dat |
|
| Details | File | 1 | s64.dat |
|
| Details | File | 1 | ndltman-dsamutb.spi |
|
| Details | File | 1 | zarref.php |
|
| Details | File | 1 | sopopf8.cab |
|
| Details | File | 1 | uaasdqweeeeqsd.rar |
|
| Details | IPv4 | 1 | 8.208.24.139 |
|
| Details | IPv4 | 27 | 208.67.222.222 |
|
| Details | IPv4 | 1 | 194.1.236.191 |
|
| Details | IPv4 | 1 | 94.140.114.6 |
|
| Details | IPv4 | 1 | 5.61.34.51 |
|
| Details | IPv4 | 1 | 185.118.165.109 |
|
| Details | IPv4 | 1 | 185.99.133.38 |
|
| Details | Url | 1 | http://api2.casys.at/jvassets/xi/t64.dat |
|
| Details | Url | 1 | http://one.ahah100.at/jvassets/o1/s64.dat |
|
| Details | Url | 1 | http://ritalislum.com/obedle/zarref.php?l=sopopf8.cab |
|
| Details | Url | 1 | https://testedsolutionbe.com/wp-content/plugins/apikey/uaasdqweeeeqsd.rar |