Gozi banking malware “IT chief” finally jailed after more than 10 years - Gozi threesome from way back in the late 2000s and early 2010s now all charged, convicted... https://nakedsecurity.sophos.com/2023/06/13/gozi-banking-malware-it-chief-finally-jailed-after-more-than-10-years/ #lawℴ #dataloss #paunescu #malware #bust #gozi #doj

Venerdi 16 e sabato 17 si terrà a #Bologna l’assemblea nazionale dei #LibDem #Europei con ospiti importanti come Carlo #Calenda, Riccardo #Magi, Matteo #Renzi. I LibDem, sono stati fondati a gennaio da Giuseppe #Benedetto, Alessandro #DeNicola, Oscar #Giannino, Sandro #Gozi. Al centro della discussione ci sarà il tema politico del progetto della “ricomposizione” dell’area centrista, “Oltre il Terzo Polo”.

La mia intervista al Prof. #DeNicola.
https://www.corrierepl.it/2023/06/06/oltre-il-terzo-polo-intervista-al-professor-alessandro-de-nicola/

Originally posted at: https://twitter.com/malware_traffic/status/1633952529804304384

2023-03-06 (Monday): Malspam targeting Italy leads to #Gozi (#ISFB/#Ursnif) infection - URL and server hosting malicious files from our test run still active today (Thursday 2023-03-09) - IoCs from our infection run available at https://github.com/pan-unit42/tweets/blob/master/2023-03-06-IOCs-for-Gozi-infection.txt

#pcap of the infection traffic, and the associated malware samples are available at https://malware-traffic-analysis.net/2023/03/06/index.html

‼️ Sandro #Gozi : "Strano che, dati il ministro Maldestro, lo statista Donzelli, il cecchino Fazzolari, l’atlantismo dei “ma…però”, la retromarcia su Zelensky a Sanremo, Meloni sia puntualmente esclusa dai vertici importanti. Zelensky da Sunak e poi con Macron e Scholz. E Meloni? Tonfo sovranista!"

Also posted at: https://twitter.com/malware_traffic/status/1621728889486671873

2023-02-03 (Friday) - DEV-0569 activity: Google ad fake CPUID page --> "FakeBat" Loader --> Redline Stealer & Gozi/ISFB/Ursnif

IOCs, pcap of the infection, and associated malware/artifacts available at: https://malware-traffic-analysis.net/2023/02/03/index.html

Tags: #DEV0569 #FakeBat #Gozi #ISFB #Malware #pcap #Redline #RedlineStealer #Ursnif

Hopefully, recent blogs about all these malicious Google ads will force Google to change something. But I have a feeling Google will keep on being Google.

للمره المليون لا تحميل او تدخل رابط من اعلان من بحث في قوقل
---
RT @1ZRR4H
1/ DEV-0569, current distribution via #GoogleAds.

1.- #Gozi aka #Ursnif (bot) ↓
2.- #RedLine (stealer) ↓
And if the conditions are right, possibly:
3.- #CobaltStrike (C2) ↓
4.- #Royal Ransomware 💥

(No more BatLoader in the infection chain)
https://twitter.com/1ZRR4H/status/1616682530832252930

Agenzia delle Entrate da 7 dicembre avvisa di un campagna di phishing che vede il ritorno del malware Gozi/Ursnif. Solo che nessuno legge sti avvisi.
#phishing #malware #Gozi #lavoro

Found in the wild! Allegedly Gozi malware stage 1.

Attack path:
phishing -> xlsx macro -> chechoa[.]com -> commandline calc.exe -s 6636702. -> Stage 2

https://bazaar.abuse.ch/sample/eef902138fc1ee637b41bbecd442a64b691b5b9aae15d2c822ac983ef93e4616/

https://www.virustotal.com/gui/file/eef902138fc1ee637b41bbecd442a64b691b5b9aae15d2c822ac983ef93e4616/detection/f-eef902138fc1ee637b41bbecd442a64b691b5b9aae15d2c822ac983ef93e4616-1669969590

#gozi #ursnif

@th3_protoCOL

Current #payloads:

-ZipCosdaz.exe (#RedLine)
C2: 193.56.146.114:44271
Botnet: NewBuild

- ZipCosdaz1.exe (#Ursnif aka #Gozi)
C2 servers:
45.11.182.97
79.132.128.108
91.241.93.98
79.132.128.109
91.242.217.28
91.241.93.111
Botnet: 2503

- ConsoleDWS.exe (Destroy Windows 10 Spying)
GitHub repo: https://github.com/spinda/Destroy-Windows-10-Spying

+ And another download URL: archiverportal[.]space/porn.php

Il terzo polo in un`Europa `potente`. Gozi su Renzi, Calenda, e un messaggio a Letta - Formiche.net #polo #uneuropa #potente #gozi #renzi #calenda #messaggio #letta #formichenet #15agosto https://parliamodi.news/article/aHR0cHM6Ly9mb3JtaWNoZS5uZXQvMjAyMi8wOC90ZXJ6by1wb2xvLXJlbnppLWNhbGVuZGEtZ296aS8=

Arrestato in USA l`inventore del virus Gozi: primo servizio a noleggio - Matrice Digitale #botnet #colombia #cybercrime #evidenza #gozi #USA #virus #24luglio https://parliamodi.news/article/aHR0cHM6Ly93d3cubWF0cmljZWRpZ2l0YWxlLml0L25vdGl6aWUvYXJyZXN0YXRvLWluLXVzYS1saW52ZW50b3JlLWRlbC12aXJ1cy1nb3ppLXByaW1vLXNlcnZpemlvLWEtbm9sZWdnaW8v

Last member of Gozi malware troika arrives in US for criminal trial - His co-conspirators went into and got out of prison years ago, while he remained free. No... https://nakedsecurity.sophos.com/2022/07/20/last-member-of-gozi-malware-troika-arrives-in-us-for-criminal-trial/ #bankingmalware #law&order #malware #spyeye #bust #gozi #zeus

Colombian police arrest Gozi malware suspect after 8 years at large - Safe at home, apparently, but not so safe overseas. https://nakedsecurity.sophos.com/2021/06/30/colombian-police-arrest-gozi-malware-suspect-after-8-years-at-large/ #law&order #malware #bust #gozi #doj

Malspam campaign sent from compromised email accounts, distributing #Gozi in Italy Spammed Excel (XLS) is completely undetected by AV

XLS:

https://bazaar.abuse.ch/sample/4b462d7cd8e4ba2d1da7332df73f99f89a4da71357fb855e9b9e8cc3949f40d6 …

EXE:

https://bazaar.abuse.ch/sample/d04ce36b2c6a5888bf4c413ed5a1c8d2e16af857957742059e7f4de74d36d854 …

Payload URL:

https://urlhaus.abuse.ch/url/350489/ pic.twitter.com/skuPg75WYS

Hackers Update Age-Old Excel 4.0 Macro Attack - XLS files sent via emails appear password protected but aren’t, opening automatically to install m... more: https://threatpost.com/hackers-update-age-old-excel-4-0-macro-attack/154898/ #microsoftoffice #velvetsweatshop #maliciousfiles #microsoftexcel #bankingtrojan #emailattacks #coronavirus #trustwave #covid-19 #malware #macros #hacks #excel #gozi #xls

RT @Brevesdepresse@twitter.com

⚡🇨🇵INFO - Sandro #Gozi, l'ex- candidat sur la liste #LREM lors des européennes, qui vient de rejoindre Matignon en tant que chargé de mission Affaires européennes, a été adhérent de la formation de jeunesse du parti néofasciste italien. (L'Opinion) https://www.lopinion.fr/edition/international/sandro-gozi-flirt-jeunesse-l-extreme-droite-qui-fait-remous-en-italie-195402

🐦🔗: https://twitter.com/Brevesdepresse/status/1164569606956224512

RT @mazzettam@twitter.com

Questo è uno dei tweet nei quali, appena due settimane fa, ho difeso la legittimità della scelta di #Gozi
Giusto per illuminare chi (come Rampino) ha straparlato di un mio attacco al soggetto, motivato da pregiudizio ideologio o salcazzo di complotto. https://twitter.com/mazzettam/status/1156496222917730304