Ongoing Encrypted #Gozi/#Ursnif XLS Documents with 0 VT hits for a #Medicare targeted campaign.
This also has a very interesting Sha256 letting us know it's "BAD" before we even look at it!
Indicators
Date Observed | Indicator Type | Indicator |
---|---|---|
4/27/2020 | XLS Document | bad5df570284733e7fc74cfc5ace74bada4a0dc2a97f5d9f14b4a2acb4fc47d8 |
4/27/2020 | Domain Name | guiapocos.xyz |
4/27/2020 | IP Address | 91.211.246.148 AS61053 LT VPSNET-AS |