Hamburger Menu Icon
Yoroi Background

Tag: malware

New Cyber Attack Campaign Leverages the COVID-19 Infodemic

Introduction Nowadays, it is common to say that the physical world and the cyber world are strictly connected. The proof is the leverage of the current physical threat, the CoronaVirus, as a social engineering trick to infect the cyber world. It is not new for cyber-crooks to exploit social phenomena to spread malware in order […]

Read More

Transparent Tribe: Four Years Later

Introduction Operation Transparent Tribe was first spotted by Proofpoint Researchers in Feb 2016, in a series of espionages operations against Indian diplomats and military personnel in some embassies in Saudi Arabia and Kazakhstan. At that time, the researchers tracked the sources IP in Pakistan, the attacks were part of a wider operation that relies on multi vector such […]

Read More

Nuova Campagna di Attacco Ursnif

Proto: N040220. Con la presente Yoroi desidera informarLa ad un nuova campagna di attacco in corso ai danni di Aziende e utenti italiani. Gli attacchi si manifestano attraverso l’invio di email fraudolente a tema legale che invitano le vittime a scaricare e visionare li contenuto di un archivio compresso infetto. L’archivio, una volta aperto, è potenzialmente in […]

Read More

Launching the First “Yomi Hunting” Challenge!

About a year ago, we publicly released the Yomi Hunter sandbox for a few simple reasons: in Yoroi we believe in the InfoSec community value, we think it plays a central role in the fight of cyber-threats and we feel the need to support it.  Our sentiment regarding the InfoSec community led us to support […]

Read More

Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign

Introduction  Gamaredon Group is a Cyber Espionage persistent operation attributed to Russians FSB (Federal Security Service) in a long-term military and geo-political confrontation against the Ukrainian government and more in general against the Ukrainian military power.  Gamaredon has been active since 2014, and during this time, the modus operandi has remained almost the same. The […]

Read More

Aggah: How to run a botnet without renting a Server (for more than a year)

Introduction During the last year, we constantly kept track of the Aggah campaigns. We started deepening inside the Roma225 Campaign and went on with the RG Campaign, contributing to the joint effort to track the offensive activities of this threat actor. Recently, during our Cyber Defence monitoring operations, we spotted other attack attempts directed to […]

Read More

Unveiling JsOutProx: A New Enterprise Grade Implant

Introduction During our threat intelligence source monitoring operations, we spotted a new sophisticated malware implant that seems to be unrelated to mainstream cyber weapons. In fact, the recovered sample raised many interrogatives into the malware research community due to the extensive  usage of obfuscation anti-reverse techniques, hardening the investigative efforts.  For this reason, we decided […]

Read More

Nuovi Attacchi Ursnif in Corso "GLS-Italy"

Proto: N041219. Con la presente Yoroi desidera informarLa riguardo a nuovi attacchi in corso verso le aziende italiane. Le email fraudolente in circolazione tentano di simulare comunicazioni provenienti da noti Corrieri Espresso, al loro interno sono però presenti allegati Excel infetti appositamente studiati per attivarsi su PC di utenti italiani. Questi documenti sono usati per […]

Read More

Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign

Introduction Nowadays the Malware-As-A-Service is one of the criminal favorite ways to breach security perimeter. Agent Tesla is one of these “commodity malware”. It is a fully customizable password info-stealer and many cyber criminals are choosing it as their preferred recognition tool.   During our monitoring operations we discovered an infection-chain designed to deliver this kind […]

Read More

Dissecting the 10k Lines of the new TrickBot Dropper

Introduction TrickBot it is one of the best known Banking Trojan which has been infecting victims since 2016, it is considered a cyber-crime tool. But nowadays defining it a “Banking Trojan” is quite reductive: during the last years its modularity brought the malware to a higher level. In fact it can be considered a sort […]

Read More

Ondata di Attacchi Contro Aziende Italiane (Ursnif)

Proto: N020919. Con la presente Yoroi desidera informarLa riguardo al rilevamento di una pericolosa campagna di attacco in corso ai danni di utenti ed Aziende italiane. I messaggi di posta inviati dai cyber criminali contengono riferimenti a ipotetici documenti e fatture fittizie, ed invitano la vittima ad aprire un foglio Excel in grado di infettare […]

Read More

JSWorm: The 4th Version of the Infamous Ransomware

Introduction The ransomware attacks have no end. These cyber weapons are supported by a dedicated staff that constantly update and improve the malware in order to make harder detection and decryption. As the popular GandCrab, which was carried on up to version 5 until its shutdown, also other ransomware are continuously supported with the purpose […]

Read More
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram