S0386 - Ursnif

Threat Intelligence Feed

Feed ID: CA-k9IkBYAdeK0KLMzMm

Ursnif is a banking trojan and variant of the Gozi malware observed being spread through various automated exploit kits, Spearphishing Attachments, and malicious links. Ursnif is associated primarily with data theft, but variants also include components (backdoors, spyware, file injectors, etc.) capable of a wide variety of behaviors.


Select the way you want to use this feed:


Download Feed

Download this Threat Intelligence feed directly or through code:

  • Several different formats (Simple IoC lists or full context JSON)
  • Code snippets available on how to download it in different programming languages.


    • Integrate Feed

    Automate your Security Operations by integrating this feed data real time into your Security Stack:

  • Onboard Maltiverse Feeds on security devices (SIEM, SOAR, Firewalls, etc)
  • Create your own feed and deploy new IoCs insantly across you security devices.


    • Feed composition

    Feed composition by type

    IP Address Hostname URL Sample Total

    Feed ingestion over time ()

    Feed composition by type

    results found for: “classification:malicious AND blacklist.external_references.external_id:"S0386"”