Logo
Hamburger Menu Icon
Yoroi Background

Tag: malware

The Story of Manuel's Java RAT

Introduction During the last weeks, the Cybaze-Yoroi ZLab researchers identified infection attempts aimed to install RAT malware directed to the naval industry sector. The malicious email messages contained a particular Adwind/JRat variant delivered via several methods tailored to lure the target company. In the recent past, similar attack cases hit this industry, such as the […]

Read More

GreyEnergy: Welcome to 2019

Introduction In the first days of January, an interesting malware sample has been disclosed through the InfoSec community: a potential GreyEnergy implant still under investigation. This kind of threat, previously analyzed by third party firms, contains similarities with the infamous BlackEnergy malware, used in the attacks against the Ukrainian energy industry back in 2015. The […]

Read More

Campagna di Attacco tramite PEC

Proto: N040119. Con la presente Yoroi desidera informarLa relativamente ad una nuova ondata di attacchi rivolti ad Organizzazioni e utenti italiani. Le email fraudolente osservate sono dirette verso caselle di Posta Elettronica Certificata ed invitano l’utente ad aprire archivi compressi allegati all’interno dei messaggi. Gli archivi malevoli contengono script eseguibili VBS e/o Javascript che, una […]

Read More

The “AVE_MARIA” Malware

The  Cybaze-Yoroi ZLab researchers analyzed phishing attempts spreading in the last days of the past year against an italian organization operating in the Oil&Gas sector. The malicious emails try to impersonate a supplier’s sales office sending invoices and shipping orders confirmations. As usual, the mail conveys malicious Excel files exploiting the popular CVE-2017-11882 vulnerability to […]

Read More

Campagne di Attacco “Dichiarazione dei redditi”

Proto: N010119. Con la presente Yoroi desidera informarLa relativamente ad una nuova ondata di attacchi mirati a compromettere organizzazioni ed utenze italiane. La campagna malevola si manifesta con messaggi di posta fraudolenti preparati per indurre le vittime all'apertura di link remoti in grado di installare malware della famiglia Danabot. All'apertura del link inserito nei messaggi […]

Read More

The Enigmatic “Roma225” Campaign

Introduction The Cybaze-Yoroi ZLab researchers investigated a recent espionage malware implant weaponized to target companies in the Italian automotive sector. The malware was spread through well written phishing email trying to impersonate a senior partner of one of the major Brazilian business law firms: “Veirano Advogados”. The malicious email intercepted during the CSDC operations contains […]

Read More

Dissecting the Danabot Payload Targeting Italy

Introduction In the last weeks, a new variant of infamous botnet named Danabot hit Italy. Security firms such as Proofpoint and Eset analyzed other samples of the same threat targeting the Australian landscape back in May 2018 and, more recently, in Italy . The Cybaze-Yoroi ZLab dissected one of these recent Danabot variants spread across […]

Read More

Campagna di Attacco “Invio Documenti” (Ursnif)

Proto: N031218. Con la presente Yoroi desidera informarLa relativamente ad una nuova ondata di attacco rivolta a numerose Organizzazioni pubbliche e private italiane. Gli attacchi sono portati tramite l’utilizzo di messaggi di posta fraudolenti accuratamente preparati per indurre la vittima all’apertura del documento Excel allegato, richiedendo l’abilitazione dei contenuti dinamici. Nello specifico caso la tematizzazione […]

Read More

Dissecting the MuddyWater Infection Chain

Introduction In the last days of November, some Middle East countries have been targeted by a new wave of attacks related to the Iranian APT group known as "MuddyWater": their first campaign was observed back in 2017 and more recently Unit42 researchers reported attacks in the ME area. The MuddyWater’s TTPs seem to be quite invariant […]

Read More

Dissecting the latest Ursnif DHL-Themed Campaign

Introduction In the last weeks, a new variant of the infamous Ursnif malware was discovered hitting Italian users through a malspam campaign. In fact, Yoroi-Cybaze ZLAB isolated several malicious emails having the following content: Subject: “VS Spedizione DHL AWB 94856978972 proveniente dalla GRAN BRETAGNA AVVISO DI GIACENZA” Attachment: “GR930495-30495.zip”  The content of the attachment is a […]

Read More

Attacchi Ursnif “Nuovo Documento”

Proto:  N081118. Con la presente Yoroi desidera informarLa relativamente ad una nuova ondata di attacchi diretti ad Organizzazioni ed utenze italiane. La campagna si manifesta con messaggi di posta fraudolenti contenenti link volti allo scaricamento di archivi compressi “Nuovo documento 1.zip” (analogamente a quanto osservato in N071018 e N031018). All’interno del file zip è presente uno […]

Read More

Dissecting the Mindscrew-Powershell Obfuscation

Introduction Few days ago, the CERT-Yoroi bulletin N061118 disclosed a dangerous campaign attacking several Italian users. The attack wave contained some interesting techniques need to look into further, especially regarding the obfuscation used to hide the malicious dropping infrastructure. The Yoroi-Cybaze ZLAB dissected the VBS script embedded into the zip archives delivered to the victims,  […]

Read More
1 4 5 6 7 8 14
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram