Cybercrime, Raccoon Stealer hidden in a fake complaint about a purchaseThe link points to a page from which you download an xll file: the loader.… Cybercrime, Raccoon Stealer hidden in a fake complaint about a purchase26 January 2023Francesco BussolettiCyber, Defence and Security The link points to a page from which you download an xll file: the loader. This then in turn downloads a zip with the malware inside.
Cybercrime, new zgRAT campaign via AgentTesla and fake offer listThe rar attachment contains an exe file: the first malware, that downloads the second payload. Cybercrime, new zgRAT campaign via AgentTesla and fake offer list26 January 2023Francesco BussolettiDefence and Security, Restricted Area The rar attachment contains an exe file: the first malware, that downloads the second payload.
Cybercrime, Formbook conveyed via false hotel bookingThe email rar attachment contains an exe file: the malware. Cybercrime, Formbook conveyed via false hotel booking12 December 2022Francesco BussolettiDefence and Security, Restricted Area The email rar attachment contains an exe file: the malware.
Cybercrime, multi-malware campaign via fake purchase orderThe xls attachment of the email first downloaded Putty and now Formbook. It is not… Cybercrime, multi-malware campaign via fake purchase order9 December 2022Francesco BussolettiDefence and Security, Restricted Area The xls attachment of the email first downloaded Putty and now Formbook. It is not excluded that it is targeted.
Cybercrime, “Re: Fw: Urgent Inquiry” spreads AgentTeslaThe Img attachment contains an exe file: the malware. Stolen data is exfiltered by smtp… Cybercrime, “Re: Fw: Urgent Inquiry” spreads AgentTesla2 December 2022Francesco BussolettiDefence and Security, Restricted Area The Img attachment contains an exe file: the malware. Stolen data is exfiltered by smtp to an email address.
Cybercrime, new Lokibot campaign via SWIFT transferThe doc attachment contacts a url from which it downloads the malware. The campaign is… Cybercrime, new Lokibot campaign via SWIFT transfer16 November 2022Francesco BussolettiDefence and Security, Restricted Area The doc attachment contacts a url from which it downloads the malware. The campaign is not geofenced and there are no blacklists.
Cybercrime, Emotet still in Italy with a document-themed campaignThe email xls attachment contacts a link from an internal list and downloads the dll,… Cybercrime, Emotet still in Italy with a document-themed campaign8 November 2022Francesco BussolettiDefence and Security, Restricted Area The email xls attachment contacts a link from an internal list and downloads the dll, using the epoch 4 botnet, starting the malware infection.
Cybercrime, double AgentTesla campaign with a courier / shipper themeThe emails contain a link that downloads an iso with the malware inside or directly… Cybercrime, double AgentTesla campaign with a courier / shipper theme3 November 2022Francesco BussolettiDefence and Security, Restricted Area The emails contain a link that downloads an iso with the malware inside or directly a 7z with the malicious exe.
Cybercrime, The mail “RE: Purchase Inquiry: KPC / PU-231 (MECH) NBI / 20-22” bait for LokibotThe message rar attachment contains an exe file: the malware itself. Cybercrime, The mail “RE: Purchase Inquiry: KPC / PU-231 (MECH) NBI / 20-22” bait for Lokibot19 October 2022Francesco BussolettiDefence and Security, Restricted Area The message rar attachment contains an exe file: the malware itself.
Cybercrime, “RE: Inovice no MUMXX NPVPXX” bait for FormbookThe email xlsx attachment contacts a link and downloads the malware via DBatloader. Cybercrime, “RE: Inovice no MUMXX NPVPXX” bait for Formbook18 October 2022Francesco BussolettiDefence and Security, Restricted Area The email xlsx attachment contacts a link and downloads the malware via DBatloader.