Skip to content

Hide Navigation Hide TOC

Ursnif (3e501609-87e4-4c47-bd88-5054be0f1037)

Ursnif is a banking trojan and variant of the Gozi malware observed being spread through various automated exploit kits, Spearphishing Attachments, and malicious links.[NJCCIC Ursnif Sept 2016][ProofPoint Ursnif Aug 2016] Ursnif is associated primarily with data theft, but variants also include components (backdoors, spyware, file injectors, etc.) capable of a wide variety of behaviors.[TrendMicro Ursnif Mar 2015]

Cluster A Galaxy A Cluster B Galaxy B Level
Royal Ransomware Actors (86b97a39-49c3-431e-bcc8-f4e13dbfcdf5) Tidal Groups Ursnif (3e501609-87e4-4c47-bd88-5054be0f1037) Tidal Software 1
TA577 (28f3dbcc-b248-442f-9ff3-234210bb2f2a) Tidal Groups Ursnif (3e501609-87e4-4c47-bd88-5054be0f1037) Tidal Software 1
Ursnif (3e501609-87e4-4c47-bd88-5054be0f1037) Tidal Software TA551 (8951bff3-c444-4374-8a9e-b2115d9125b2) Tidal Groups 1