Originally posted at: https://twitter.com/malware_traffic/status/1633952529804304384
2023-03-06 (Monday): Malspam targeting Italy leads to #Gozi (#ISFB/#Ursnif) infection - URL and server hosting malicious files from our test run still active today (Thursday 2023-03-09) - IoCs from our infection run available at https://github.com/pan-unit42/tweets/blob/master/2023-03-06-IOCs-for-Gozi-infection.txt
#pcap of the infection traffic, and the associated malware samples are available at https://malware-traffic-analysis.net/2023/03/06/index.html
Also posted at: https://twitter.com/malware_traffic/status/1621728889486671873
2023-02-03 (Friday) - DEV-0569 activity: Google ad fake CPUID page --> "FakeBat" Loader --> Redline Stealer & Gozi/ISFB/Ursnif
IOCs, pcap of the infection, and associated malware/artifacts available at: https://malware-traffic-analysis.net/2023/02/03/index.html
Tags: #DEV0569 #FakeBat #Gozi #ISFB #Malware #pcap #Redline #RedlineStealer #Ursnif
Hopefully, recent blogs about all these malicious Google ads will force Google to change something. But I have a feeling Google will keep on being Google.
#dev0569 #fakebat #gozi #isfb #malware #pcap #redline #RedLineStealer #ursnif