← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Unwrapping Ursnifs Gifts - The DFIR Report
WHITE Domain Admin text_account 2023-01-17 Modified: 2023-02-16
72
IOCs
HIGH VOLUME
A detailed report from security firm Crowdstrike on an incident involving Ursnif malware and Cobalt Strike, which took place in late August 2022, reveals how the malware was deployed and how it spread.
domain admincobalt strikeursnifredactedet malwareimpacketlnk fileursnif malwareursnif variantcnc beaconet infobumblebeepowershellaugustgoziisfbdreamboticedidbitscovenantmetasploitempireposhc2mimikatzwin64bypass
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Ursnif Cobalt Strike
Indicators of Compromise (72)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 SSLCertFingerprint URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 60375d64a9a496e220b6eb1b63e899b3 MD5 of d1b2dd93026b83672118940df78a41e2ee02be80 2023-01-17
FileHash-SHA1 d1b2dd93026b83672118940df78a41e2ee02be80 2023-01-17
FileHash-SHA256 8e570e32acb99abfd0daf62cff13a09eb694ebfa633a365d224aefc6449f97de SHA256 of d1b2dd93026b83672118940df78a41e2ee02be80 2023-01-17
FileHash-MD5 0c5862717f00f28473c39b9cba2953f4 2023-01-17
FileHash-MD5 3db94cf953886aeb630f1ae616a2ec25 MD5 of 743128253f1df9e0b8ee296cfec17e5fc614f98d 2023-01-17
FileHash-MD5 60ca7723edd4f3a0561ea9d3a42f82b4 MD5 of 87b699122dacf3235303a48c74fa2b7a75397c6b 2023-01-17
FileHash-MD5 6a4356bd2b70f7bd4a3a1f0e0bfec9a4 MD5 of 485a179756ff9586587f8728e173e7df83b1ffc3 2023-01-17
FileHash-MD5 6bb867e53c46aa55a3ae92e425c6df91 MD5 of 6d4f1a9658baccd2e406454b2ad40ca2353916ab 2023-01-17
FileHash-MD5 72a589da586844d7f0818ce684948eea 2023-01-17
FileHash-MD5 8ea6ad3b1acb9e7b2e64d08411af3c9a MD5 of 7c04c4567b77981d0d97d8c2eb4ebd1a24053f48 2023-01-17
FileHash-MD5 a1f634f177f73f112b5356b8ee04ad19 MD5 of 7c82b558a691834caf978621f288af0449400e03 2023-01-17
FileHash-MD5 c03f5e2bc4f2307f6ee68675d2026c82 MD5 of 4ce65da98f0fd0fc4372b97b3e6f8fbeec32deb3 2023-01-17
FileHash-MD5 c6b605a120e0d3f3cbd146bdbc358834 MD5 of 328afa8338d60202d55191912eea6151f80956d3 2023-01-17
FileHash-MD5 ce77f575cc4406b76c68475cb3693e14 2023-01-17
FileHash-MD5 d0432468fa4b7f66166c430e1334dbda MD5 of f72d978f4d1ca1c435b1164e7617464cc06a9381 2023-01-17
FileHash-MD5 d99cc31f3415a1337e57b8289ac5011e MD5 of f67ce90f66f6721c3eea30581334457d6da23aac 2023-01-17
FileHash-MD5 eb2335e887875619b24b9c48396d4d48 2023-01-17
FileHash-MD5 f176ba63b4d68e576b5ba345bec2c7b7 2023-01-17
FileHash-MD5 f7d85c971e9604cc6d2a2ffcac1ee4a3 MD5 of 67175143196c17f10776bdf5fbf832e50a646824 2023-01-17
FileHash-SHA1 017287804cae36c869f38a7f5671a7501e33178f 2023-01-17
FileHash-SHA1 0db8a8b54d54b52c139f9f7d5c261400d228f54b 2023-01-17
FileHash-SHA1 1f8e37351e7c5d89ce7808391edaef34bd8db6c0 2023-01-17
FileHash-SHA1 25832c23319fcfe92cde3d443cc731ac056a964a 2023-01-17
FileHash-SHA1 328afa8338d60202d55191912eea6151f80956d3 2023-01-17
FileHash-SHA1 485a179756ff9586587f8728e173e7df83b1ffc3 2023-01-17
FileHash-SHA1 4ce65da98f0fd0fc4372b97b3e6f8fbeec32deb3 2023-01-17
FileHash-SHA1 62347bcc80159f1e868a44c80759e85326875b79 2023-01-17
FileHash-SHA1 67175143196c17f10776bdf5fbf832e50a646824 2023-01-17
FileHash-SHA1 6d4f1a9658baccd2e406454b2ad40ca2353916ab 2023-01-17
FileHash-SHA1 743128253f1df9e0b8ee296cfec17e5fc614f98d 2023-01-17
FileHash-SHA1 7804decd2db84dd1d022801e782d84eca7ecff72 2023-01-17
FileHash-SHA1 7c04c4567b77981d0d97d8c2eb4ebd1a24053f48 2023-01-17
FileHash-SHA1 7c82b558a691834caf978621f288af0449400e03 2023-01-17
FileHash-SHA1 80fdc4712ae450cfa41a37a24ce0129eff469fb7 2023-01-17
FileHash-SHA1 83cd09b0f73c909bfc14883163a649e1d207df22 2023-01-17
FileHash-SHA1 87b699122dacf3235303a48c74fa2b7a75397c6b 2023-01-17
FileHash-SHA1 9bf023ceba17aab3d2595c03a8e2345aa08bb976 2023-01-17
FileHash-SHA1 a674ee246bd02271f5e46d00010320112c9df17c 2023-01-17
FileHash-SHA1 b5e783a6d5f2ea0a77f68fb646bfb1b2304e3996 2023-01-17
FileHash-SHA1 b658ab9ac2453cde5ca82be667040ac94bfcbe2e 2023-01-17
FileHash-SHA1 c253c57c627b6d8cbcfa06320a3ad1ba2b9dedd4 2023-01-17
FileHash-SHA1 f67ce90f66f6721c3eea30581334457d6da23aac 2023-01-17
FileHash-SHA1 f72d978f4d1ca1c435b1164e7617464cc06a9381 2023-01-17
FileHash-SHA1 fac67328275e58413f299ed4f69219ff40803d70 2023-01-17
FileHash-SHA256 16323b3e56a0cbbba742b8d0af8519f53a78c13f9b3473352fcce2d28660cb37 SHA256 of 328afa8338d60202d55191912eea6151f80956d3 2023-01-17
FileHash-SHA256 1cdbf7c8a45b753bb5c2ea1c9fb2e53377d07a3c84eb29a1b15cdc140837f654 SHA256 of 743128253f1df9e0b8ee296cfec17e5fc614f98d 2023-01-17
FileHash-SHA256 4aa4ee8efcf68441808d0055c26a24e5b8f32de89c6a7a0d9b742cce588213ed 2023-01-17
FileHash-SHA256 5b51bd2518ad4b9353898ed329f1b2b60f72142f90cd7e37ee42579ee1b645be SHA256 of 6d4f1a9658baccd2e406454b2ad40ca2353916ab 2023-01-17
FileHash-SHA256 6a9b7c289d7338760dd38d42a9e61d155ae906c14e80a1fed2ec62a4327a4f71 SHA256 of 4ce65da98f0fd0fc4372b97b3e6f8fbeec32deb3 2023-01-17
FileHash-SHA256 6c5338d84c208b37a4ec5e13baf6e1906bd9669e18006530bf541e1d466ba819 SHA256 of 485a179756ff9586587f8728e173e7df83b1ffc3 2023-01-17
FileHash-SHA256 7d99c80a1249a1ec9af0f3047c855778b06ea57e11943a271071985afe09e6c2 SHA256 of f72d978f4d1ca1c435b1164e7617464cc06a9381 2023-01-17
FileHash-SHA256 7ebd70819a79be55d4c92c66e74e90e3309ec977934920aee22cd8d922808c9d 2023-01-17
FileHash-SHA256 b94810947c33a0a0dcd79743a8db049b8e45e73ca25c9bfbf4bfed364715791b SHA256 of f67ce90f66f6721c3eea30581334457d6da23aac 2023-01-17
FileHash-SHA256 bbcceb987c01024d596c28712e429571f5758f67ba12ccfcae197aadb8ab8051 SHA256 of 87b699122dacf3235303a48c74fa2b7a75397c6b 2023-01-17
FileHash-SHA256 c77ea4ad228ecad750fb7d4404adc06d7a28dbb6a5e0cf1448c694d692598f4f SHA256 of 7c82b558a691834caf978621f288af0449400e03 2023-01-17
FileHash-SHA256 dfdfd0a339fe03549b2475811b106866d035954e9bc002f20b0f69e0f986838f SHA256 of 7c04c4567b77981d0d97d8c2eb4ebd1a24053f48 2023-01-17
FileHash-SHA256 e999890ce5eb5b456563650145308ae837d940e38aec50d2f02670671d472b99 SHA256 of 67175143196c17f10776bdf5fbf832e50a646824 2023-01-17
SSLCertFingerprint 6e:ce:5e:ce:41:92:68:3d:2d:84:e2:5b:0b:a7:e0:4f:9c:b7:eb:7c 2023-01-17
URL http://193.201.9.199:443 2023-01-17
URL https://www.13cubed.com/downloads/impacket_exec_commands_cheat_sheet_poster.pdf a9ab2744712bf0cc25d6550462f492f44fa51f95c3d362bd6f1b69db1bed6b54 2023-01-17
domain denterdrigx.com 2023-01-17
domain digserchx.at 2023-01-17
domain internetlined.com 2023-01-17
domain internetlines.in 2023-01-17
domain medialists.ru 2023-01-17
domain medialists.su 2023-01-17
domain mediawagi.info 2023-01-17
domain mediawagi.ru 2023-01-17
domain superliner.top 2023-01-17
domain superlinez.top 2023-01-17
domain superstarts.top 2023-01-17
hostname www.13cubed.com 2023-01-17
References (1)
↗ https://thedfirreport.com/2023/01/09/unwrapping-ursnifs-gifts/