VERY IMPORTANT

Last August, a group of researchers investigated an incident involving Ursnif malware, which resulted in Cobalt Strike being deployed. This was followed by the threat actors moving laterally throughout the environment using an admin account. The Ursnif malware family (also commonly referred to as Gozi or ISFB) is one of the oldest banking trojans still active today. It has an extensive past of code forks and evolutions that has led to several active variants in the last 5 years including Dreambot, IAP, RM2, RM3, and most recently, LDR4.