Silent Push uncovers a large Russian Ursnif/Gozi banking trojan operation targeting global AnyDesk users. — Silent Push Threat Intelligence
Common Information
Type Value
UUID 39a614ec-aca1-4c1c-acc2-851597575400
Fingerprint 9093df9b95f33a9
Analysis status DONE
Considered CTI value 0
Text language
Published Dec. 19, 2024, midnight
Added to db Nov. 6, 2023, 8:05 p.m.
Last updated Dec. 9, 2024, 3:54 p.m.
Headline Silent Push uncovers a large Russian Ursnif/Gozi banking trojan operation targeting global AnyDesk users.
Title Silent Push uncovers a large Russian Ursnif/Gozi banking trojan operation targeting global AnyDesk users. — Silent Push Threat Intelligence
Detected Hints/Tags/Attributes 38/4/17
Attributes
Details Type #Events CTI Value
Details Domain 1
anydesk-access.com
Details Domain 10
anydesk.com
Details Domain 1
golunki.com
Details Domain 1
4zuki.com
Details Domain 3
reggy505.ru
Details Domain 5
gameindikdowd.ru
Details Domain 5
jhgfdlkjhaoiu.su
Details Domain 376
wscript.shell
Details Domain 4
silentpush.com
Details Domain 5
iujdhsndjfks.ru
Details File 39
anydesk.exe
Details File 37
c:\windows\system32\mshta.exe
Details md5 1
f04469b9a67701e9da38b1d86a10546e
Details sha256 1
61e2f9029baf7ce21d8de2eddea55405f20ed5db26ecbdaea42404ca28a08d7c
Details IPv4 3
94.198.54.97
Details Windows Registry Key 1
HKCU\Software\AppDataLow\Software\Microsoft\CE576D4B-D57C-3028-CFE2-D96473361DD8\StopTest
Details Windows Registry Key 1
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\AUTHROOT\CERTIFICATES