Wireshark Tutorial: Examining Ursnif Infections

Ursnif is banking malware sometimes referred to as Gozi or IFSB. The Ursnif family of malware has been active for years, and current samples generate distinct traffic patterns.

This tutorial reviews packet captures (pcaps) of infection Ursnif traffic using Wireshark. Understanding these traffic patterns can be critical for security professionals when detecting and investigating Ursnif infections.

This tutorial covers the following:

  • Ursnif distribution methods
  • Categories of Ursnif traffic
  • Five examples of pcaps from Ursnif infections

Read more…
Source: Palo Alto