Marco Ramilli

Marco Ramilli, cyber security expert and Yoroi founder: The attacker, pretended to be a customer, sent to victims an email containing Microsoft XLS file, without Macro but with hidden malware.

Cybercrime, Emotet group attacks companies with an external SOC

The cyber security expert Marco Ramilli, founder of Yoroi-Cybaze analyzed a mail on a “weekly…

Cybercrime, Emotet group attacks companies with an external SOC

The cyber security expert Marco Ramilli, founder of Yoroi-Cybaze analyzed a mail on a “weekly report”. It hides a Word document within obfuscated Macros who drops-executes the malware.

Cyber espionage, what APT34 and MuddyWater have in common?

Cyber security expert and Yoroi founder, Marco Ramilli, analyzed the two state-sponsored groups to look…

Cyber espionage, what APT34 and MuddyWater have in common?

Cyber security expert and Yoroi founder, Marco Ramilli, analyzed the two state-sponsored groups to look for strong and weak similarities.

Is APT34 responsible for the Jason cyber espionage tool?

The cyber security expert, Marco Ramilli, analyzed it to match the clues e find if…

Is APT34 responsible for the Jason cyber espionage tool?

The cyber security expert, Marco Ramilli, analyzed it to match the clues e find if Iranian state-sponsored hackers are behind the operation. Something says Yes, something diverge.

Is Iran’s APT34 behind the Sea Turtle cyber espionage campaign?

The cyber security experts: There are many similarities on TTPs, targets and purposes. The credential…

Is Iran’s APT34 behind the Sea Turtle cyber espionage campaign?

The cyber security experts: There are many similarities on TTPs, targets and purposes. The credential harvesting could be complementary to the WebMask project on DNS Hijack.

APT, new free tool to help spotting them from Marco Ramilli

The cyber security expert: It’s easy, thanks to rules to identify specific set of binaries.…

APT, new free tool to help spotting them from Marco Ramilli

The cyber security expert: It’s easy, thanks to rules to identify specific set of binaries. But it also needs manual analysis to confirm if the threat is real o fake.