Mr.Trunk · @mrtrunk
5 followers · 9452 posts · Server dromedary.seedoubleyou.meSecurityAffairs: WikiLoader malware-as-a-service targets Italian organizations https://securityaffairs.com/149025/cyber-crime/wikiloader-malware-as-a-service-italy.html #informationsecuritynews #ITInformationSecurity #PierluigiPaganini #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #CyberCrime #Cybercrime #WikiLoader #Hacking #Malware #malware #Ursnif
#informationsecuritynews #itinformationsecurity #pierluigipaganini #securityaffairs #breakingnews #securitynews #hackingnews #cybercrime #wikiloader #hacking #malware #ursnif
Redhotcyber · @redhotcyber
435 followers · 715 posts · Server mastodon.bida.im
Ursnif colpisce l’Italia. Una analisi completa del fenomeno dal CERT-AgID
Come già anticipato nelle scorse settimane, l’#Italia è stata interessata da una importante #campagna volta a distribuire il #malware #Ursnif. Dall’inizio del mese di marzo ad oggi sono state osservate almeno quattro campagne, che hanno avuto come temi #Agenzia delle #Entrate e #MISE/#MEF e che si sono distinte per il loro considerevole volume.
Il solo numero di indicatori individuati (più di 1200) rende l’idea della dimensione del fenomeno.
Scopriamo il fenomeno nell'analisi tecnica del CERT-AgID
#redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #privacy #infosecurity
#italia #campagna #malware #ursnif #agenzia #entrate #mise #redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #CyberSecurityAwareness #cybersecuritytraining #CyberSecurityNews #privacy #infosecurity
Bob Carver · @cybersecboardrm
86 followers · 103 posts · Server infosec.exchange
The malware downloader known as BATLOADER has been observed abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif. https://thehackernews.com/2023/03/batloader-malware-uses-google-ads-to.html #CyberSecurity #GoogleAds #BATLOADER #malware #VidarStealer #Ursnif
#cybersecurity #googleads #batloader #malware #VidarStealer #ursnif
S3rv0240X · @s3rv0240x
0 followers · 2 posts · Server infosec.exchange
The Hacker News: BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads
https://thehackernews.com/2023/03/batloader-malware-uses-google-ads-to.html
#cybersecurity #malware #batloader #vidarstealers #ursnif
Redhotcyber · @redhotcyber
387 followers · 468 posts · Server mastodon.bida.im
Malspam a tema Agenzia delle Entrate. Il malware URSNIF, cambia pelle. Fate attenzione!
Come abbiamo riportato qualche settimana fa, una #campagna di #malspam ai danni dell’#Agenzia delle #Entrate diffondeva il #malware #URSNIF.
Da quanto riporta il CERT-#AgID, sembrerebbe che tale campagna stia cambiando pelle e quindi stia modificando le proprie #tecniche #tattiche e #procedure (#TTP).
Nelle email che vengono inviati ai malcapitati, viene riportato un link dal nome “SCARICA IL DOCUMENTO”. Tale link nasconde l’utilizzo di #HTA che sfrutta #Certutil per il #download dell’#eseguibile.
Facciamo tutti molta attenzione.
#redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #cybersecuritytraining #cybersecuritynews #privacy #infosecurity
https://www.redhotcyber.com/post/il-vecchio-malspam-sullagenzia-delle-entrate-che-diffondeva-il-malware-ursnif-cambia-pelle/
#campagna #malspam #agenzia #entrate #malware #ursnif #agid #tecniche #tattiche #procedure #ttp #hta #Certutil #download #eseguibile #redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #cybersecuritytraining #CyberSecurityNews #privacy #infosecurity
Nicola Fabiano · @nicfab
267 followers · 1689 posts · Server mastodon.nicfab.it
RT @AgidCert
Campagna 🇮🇹 #Ursnif a tema #AgenziaEntrate utilizza #bitsadmin
📬 Oggetto: "Commissione di vigilanza sul registro tributario"
⚔️ TTP:
Email > Link > RAR > HTA > bitsadmin > DLL
💣 Disponibili gli #IoC 👇
🔗 https://cert-agid.gov.it/wp-content/uploads/2023/02/ursnif_agenzia-entrate_07-02-2023.json_.txt
Telegram: https://t.me/certagid/432
#ursnif #AgenziaEntrate #bitsadmin #ioc
Brad · @malware_traffic
2260 followers · 114 posts · Server infosec.exchange
Also posted at: https://twitter.com/malware_traffic/status/1621728889486671873
2023-02-03 (Friday) - DEV-0569 activity: Google ad fake CPUID page --> "FakeBat" Loader --> Redline Stealer & Gozi/ISFB/Ursnif
IOCs, pcap of the infection, and associated malware/artifacts available at: https://malware-traffic-analysis.net/2023/02/03/index.html
Tags: #DEV0569 #FakeBat #Gozi #ISFB #Malware #pcap #Redline #RedlineStealer #Ursnif
Hopefully, recent blogs about all these malicious Google ads will force Google to change something. But I have a feeling Google will keep on being Google.
#dev0569 #fakebat #gozi #isfb #malware #pcap #redline #RedLineStealer #ursnif
Tony Lambert · @ForensicITGuy
119 followers · 44 posts · Server infosec.exchangeNew blog post! In this one I look at a #BATLoader MSI sample referenced by @malwrhunterteam which resulted in #Ursnif and #Redline execution. Some fun twists and turns in this. https://forensicitguy.github.io/batloader-ursnif-redline-oh-my/
#batloader #ursnif #redline #malware
7AZEM :ve: · @7M
6 followers · 577 posts · Server techhub.social
للمره المليون لا تحميل او تدخل رابط من اعلان من بحث في قوقل
---
RT @1ZRR4H
1/ DEV-0569, current distribution via #GoogleAds.
1.- #Gozi aka #Ursnif (bot) ↓
2.- #RedLine (stealer) ↓
And if the conditions are right, possibly:
3.- #CobaltStrike (C2) ↓
4.- #Royal Ransomware 💥
(No more BatLoader in the infection chain)
https://twitter.com/1ZRR4H/status/1616682530832252930
#googleads #gozi #ursnif #redline #cobaltstrike #royal
Redhotcyber · @redhotcyber
340 followers · 360 posts · Server mastodon.bida.im
Altro che rimborsi dell’Agenzia delle Entrate: è phishing!
La #PoliziaPostale e delle Comunicazioni ha segnalato una nuova campagna di #phishing sempre a tema Agenzia delle Entrate condotta in parallelo rispetto alla campagna del #malware #Ursnif.
Stavolta con una variazione. Infatti, le e-mail contraffatte ricevute dai contribuenti consistono in una comunicazione di #rimborso, con tanto di indicazione di una delibera direttoriale all’interno del corpo del testo e l’invito a #scaricare un #allegato .xls ...
A cura di Stefano Gazzella.
#redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #privacy #infosecurity
#infosecurity #privacy #CyberSecurityNews #cybersecuritytraining #CyberSecurityAwareness #cybercrime #cybersecurity #hacking #dataprotection #ethicalhacking #informationsecurity #redhotcyber #allegato #scaricare #rimborso #ursnif #malware #phishing #poliziapostale
Redhotcyber · @redhotcyber
277 followers · 235 posts · Server mastodon.bida.im
Campagna a tema Agenzia delle Entrate che diffonde il malware Ursnif
Ne dà evidenza il #Cert-#Agid, riportando anche la mail con la falsa comunicazione: Per ottenere ulteriori #informazioni, la vittima è invitata a scaricare l’archivio allegato, dove si trova una cartella che è denominata “Dicembre” e contiene due file: un Internet Shortcut denominato “Dicembre[.]url” e un’immagine “Logo_Agenzia_Entrate[.]jpg”.
Sui #sistemi Windows, l’eseguibile di #Ursnif viene scaricato ed eseguito tramite le istruzioni presenti nel file “Dicembre[.]url”.
Scopriamolo Ursnif nel dettaglio.
A cura di Maria Elena Iafolla.
#redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #privacy #infosecurity
#infosecurity #privacy #CyberSecurityNews #cybersecuritytraining #CyberSecurityAwareness #cybercrime #cybersecurity #hacking #dataprotection #ethicalhacking #informationsecurity #redhotcyber #ursnif #sistemi #informazioni #agid #cert
SASSnRaaS · @SASSnRaaS
3 followers · 15 posts · Server infosec.exchange
Final release so far is exotic animal lover Nikultsev. Can't pick up birds himself, so has to pay to get them to touch him. #URSNIF #drama #URSNIFleaks #ransomware #hohono #leakurshit #cybersecurity #infosecurity https://twitter.com/URSNIFleak/status/1600448283079368705
#ursnif #drama #ursnifleaks #ransomware #hohono #leakurshit #cybersecurity #infosecurity
SASSnRaaS · @SASSnRaaS
3 followers · 15 posts · Server infosec.exchange
Next up is #badlukBoris, keeping sailors happy since 1980. Likes fishing, but mostly only catches crabs. https://borisborisenko.com #URSNIF #drama #URSNIFleaks #ransomware #hohono #leakurshit #cybersecurity #infosec
https://twitter.com/URSNIFleak/status/1600355169681580033
#badlukboris #ursnif #drama #ursnifleaks #ransomware #hohono #leakurshit #cybersecurity #infosec
SASSnRaaS · @SASSnRaaS
3 followers · 13 posts · Server infosec.exchange
1st release was Ruslan, sad start, he is so unimportant even his picture couldn't be bothered with him. https://ruslanzhuravel.com #URSNIF #drama #URSNIFleaks #ransomware #hohono #leakurshit #cybersecurity #infosec
https://twitter.com/URSNIFleak/status/1600269124952694784
#ursnif #drama #ursnifleaks #ransomware #hohono #leakurshit #cybersecurity #infosec
SASSnRaaS · @SASSnRaaS
3 followers · 10 posts · Server infosec.exchange
Plenty of files to go through, but theres always time for a meme. Criminal life be hard
#ransomware #leakurshit #URSNIF #hohono #cybersecurity #infosec #Drama
#ransomware #leakurshit #ursnif #hohono #cybersecurity #infosec #drama
SASSnRaaS · @SASSnRaaS
3 followers · 11 posts · Server infosec.exchange
As you might have seen on Twitter, the source gifted some juicy screenshots from the Jabber chats he plans to leak on #URSNIF ransomware group. Starting to pull them apart, but these two are spicy. #ransomware #leakurshit #hohono #cybersecurity #infosec #drama
#ursnif #ransomware #leakurshit #hohono #cybersecurity #infosec #drama
SASSnRaaS · @SASSnRaaS
3 followers · 11 posts · Server infosec.exchange
Following #yanluowang leaks (see Twitter) people have reached out with leads on ransomware leaks. Our source has said one of these is going forward today. #URSNIF actors are about to have their Christmas ruined
#infosec #cybersecurity #ransomware
#Yanluowang #ursnif #infosec #cybersecurity #ransomware
imlordoftherings · @Imlordofthering
250 followers · 459 posts · Server infosec.exchangeFound in the wild! Allegedly Gozi malware stage 1.
Attack path:
phishing -> xlsx macro -> chechoa[.]com -> commandline calc.exe -s 6636702. -> Stage 2
https://bazaar.abuse.ch/sample/eef902138fc1ee637b41bbecd442a64b691b5b9aae15d2c822ac983ef93e4616/
Germán Fernández :verified: · @1ZRR4H
42 followers · 11 posts · Server infosec.exchange
Current #payloads:
-ZipCosdaz.exe (#RedLine)
C2: 193.56.146.114:44271
Botnet: NewBuild
- ZipCosdaz1.exe (#Ursnif aka #Gozi)
C2 servers:
45.11.182.97
79.132.128.108
91.241.93.98
79.132.128.109
91.242.217.28
91.241.93.111
Botnet: 2503
- ConsoleDWS.exe (Destroy Windows 10 Spying)
GitHub repo: https://github.com/spinda/Destroy-Windows-10-Spying
+ And another download URL: archiverportal[.]space/porn.php
#payloads #redline #ursnif #gozi
Parliamo di news! · @parliamodinews
16 followers · 87685 posts · Server masthead.socialFive Eyes: ecco i malware in uso nel mondo - Matrice Digitale #AgentTesla #AZORult #cybersecurity #evidenza #Formbook #GootLoader #LokiBot #malware #MOUSEISLAND #NanoCore #Qakbot #Ransomware #Remcos #trickbot #Ursnif #8agosto https://parliamodi.news/article/aHR0cHM6Ly93d3cubWF0cmljZWRpZ2l0YWxlLml0L2luY2hpZXN0ZS9maXZlLWV5ZXMtZWNjby1pLW1hbHdhcmUtaW4tdXNvLW5lbC1tb25kby8=
#8agosto #ursnif #trickbot #Remcos #ransomware #qakbot #NanoCore #MOUSEISLAND #malware #lokibot #GootLoader #FormBook #evidenza #cybersecurity #AZORult #AgentTesla