Detecting Ursnif Infected Word Documents through metadata.

Good Afternoon, I have recently been working on methods to detect an Information Stealer/Trojan known as Ursnif. The difficulty in detection relies on the use of encrypted Word documents. These documents use an additional encryption pack that comes by default with Office 2007 SP2 or higher. The encryption pack is known as the “High Encryption… Continue reading Detecting Ursnif Infected Word Documents through metadata.