Contact Us Get Support

IQ-FA001: Ongoing Encrypted #Gozi/#Ursnif XLS Documents with 0 VT hits for a #Medicare targeted campaign

Posted on 2020-04-27 by William MacArthur

Ongoing Encrypted #Gozi/#Ursnif XLS Documents with 0 VT hits for a #Medicare targeted campaign.

This also has a very interesting Sha256 letting us know it's "BAD" before we even look at it!

Indicators

Date Observed Indicator Type Indicator
4/27/2020 XLS Document bad5df570284733e7fc74cfc5ace74bada4a0dc2a97f5d9f14b4a2acb4fc47d8
4/27/2020 Domain Name guiapocos.xyz
4/27/2020 IP Address 91.211.246.148 AS61053 LT VPSNET-AS
Tags

All Flash Alerts

Forward Arrow Icon
This website stores cookies on your computer. These cookies are used to improve the usability of this website and provide more personalized experience for you, both on this website and through other websites. To find out more, see our Privacy Policy.
Accept