Tag: malware
New Cyber Attack Campaign Leverages the COVID-19 Infodemic
02/25/2020
Introduction Nowadays, it is common to say that the physical world and the cyber world are strictly connected. The proof is the leverage of the current physical threat, the CoronaVirus, as a social engineering trick to infect the cyber world. It is not new for cyber-crooks to exploit social phenomena to spread malware in order […]
Transparent Tribe: Four Years Later
02/21/2020
Introduction Operation Transparent Tribe was first spotted by Proofpoint Researchers in Feb 2016, in a series of espionages operations against Indian diplomats and military personnel in some embassies in Saudi Arabia and Kazakhstan. At that time, the researchers tracked the sources IP in Pakistan, the attacks were part of a wider operation that relies on multi vector such […]
Nuova Campagna di Attacco Ursnif
02/18/2020
Proto: N040220. Con la presente Yoroi desidera informarLa ad un nuova campagna di attacco in corso ai danni di Aziende e utenti italiani. Gli attacchi si manifestano attraverso l’invio di email fraudolente a tema legale che invitano le vittime a scaricare e visionare li contenuto di un archivio compresso infetto. L’archivio, una volta aperto, è potenzialmente in […]
Launching the First “Yomi Hunting” Challenge!
02/17/2020
About a year ago, we publicly released the Yomi Hunter sandbox for a few simple reasons: in Yoroi we believe in the InfoSec community value, we think it plays a central role in the fight of cyber-threats and we feel the need to support it. Our sentiment regarding the InfoSec community led us to support […]
Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign
02/17/2020
Introduction Gamaredon Group is a Cyber Espionage persistent operation attributed to Russians FSB (Federal Security Service) in a long-term military and geo-political confrontation against the Ukrainian government and more in general against the Ukrainian military power. Gamaredon has been active since 2014, and during this time, the modus operandi has remained almost the same. The […]
Aggah: How to run a botnet without renting a Server (for more than a year)
01/27/2020
Introduction During the last year, we constantly kept track of the Aggah campaigns. We started deepening inside the Roma225 Campaign and went on with the RG Campaign, contributing to the joint effort to track the offensive activities of this threat actor. Recently, during our Cyber Defence monitoring operations, we spotted other attack attempts directed to […]
Unveiling JsOutProx: A New Enterprise Grade Implant
12/20/2019
Introduction During our threat intelligence source monitoring operations, we spotted a new sophisticated malware implant that seems to be unrelated to mainstream cyber weapons. In fact, the recovered sample raised many interrogatives into the malware research community due to the extensive usage of obfuscation anti-reverse techniques, hardening the investigative efforts. For this reason, we decided […]
Nuovi Attacchi Ursnif in Corso "GLS-Italy"
12/18/2019
Proto: N041219. Con la presente Yoroi desidera informarLa riguardo a nuovi attacchi in corso verso le aziende italiane. Le email fraudolente in circolazione tentano di simulare comunicazioni provenienti da noti Corrieri Espresso, al loro interno sono però presenti allegati Excel infetti appositamente studiati per attivarsi su PC di utenti italiani. Questi documenti sono usati per […]
Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign
09/20/2019
Introduction Nowadays the Malware-As-A-Service is one of the criminal favorite ways to breach security perimeter. Agent Tesla is one of these “commodity malware”. It is a fully customizable password info-stealer and many cyber criminals are choosing it as their preferred recognition tool. During our monitoring operations we discovered an infection-chain designed to deliver this kind […]
Dissecting the 10k Lines of the new TrickBot Dropper
09/11/2019
Introduction TrickBot it is one of the best known Banking Trojan which has been infecting victims since 2016, it is considered a cyber-crime tool. But nowadays defining it a “Banking Trojan” is quite reductive: during the last years its modularity brought the malware to a higher level. In fact it can be considered a sort […]
Ondata di Attacchi Contro Aziende Italiane (Ursnif)
09/04/2019
Proto: N020919. Con la presente Yoroi desidera informarLa riguardo al rilevamento di una pericolosa campagna di attacco in corso ai danni di utenti ed Aziende italiane. I messaggi di posta inviati dai cyber criminali contengono riferimenti a ipotetici documenti e fatture fittizie, ed invitano la vittima ad aprire un foglio Excel in grado di infettare […]
JSWorm: The 4th Version of the Infamous Ransomware
09/04/2019
Introduction The ransomware attacks have no end. These cyber weapons are supported by a dedicated staff that constantly update and improve the malware in order to make harder detection and decryption. As the popular GandCrab, which was carried on up to version 5 until its shutdown, also other ransomware are continuously supported with the purpose […]