Emerging Threats
Malware2023, 2019
Ursnif
4Rules
5References
2Folders
2025-10-22Latest
Summary
Ursnif is tracked here as a malware family or toolset with 4 Sigma detections spanning 2023, 2019. Coverage centers on proxy, windows / process_creation, windows / registry_add.
Related Detections
Search this threatEmerging Threathightest
Potential Ursnif Malware Activity - Registry
Detects registry keys related to Ursnif malware.
WindowsRegistry Add
TA0003 · PersistenceTA0005 · StealthTA0002 · ExecutionT1112 · Modify Registry+1
megan201296Wed Feb 132019
Emerging Threathightest
Ursnif Redirection Of Discovery Commands
Detects the redirection of Ursnif discovery commands as part of the initial execution of the malware.
WindowsProcess Creation
TA0002 · ExecutionT1059 · Command and Scripting Interpreterdetection.emerging-threats
kostastsaleSun Jul 162023
Emerging Threathighstable
Ursnif Malware Download URL Pattern
Detects download of Ursnif malware done by dropper documents.
Proxy Log
TA0011 · Command and ControlT1071.001 · Web Protocolsdetection.emerging-threats
Thomas PatzkeThu Dec 192019
Emerging Threatcriticalstable
Ursnif Malware C2 URL Pattern
Detects Ursnif C2 traffic.
Proxy Log
TA0001 · Initial AccessT1566.001 · Spearphishing AttachmentTA0002 · ExecutionT1204.002 · Malicious File+3
Thomas PatzkeThu Dec 192019
References
125
Resolving title…
blog.yoroi.companyResolving title…
blog.trendmicro.com3
4Resolving title…
Internal ResearchResolving title…
notebook.communityResolving title…
fortinet.com