Cybercrime, fake BRT shipment brings Ursnif / Gozi to Italy
The email xls attachment contacts a single link and downloads the dll, starting the malware infection chain. But only from Italian IPs and not on the blacklist.
Cybercrime, new Ursnif / Gozi campaign in Italy via BRT
The email xls attachment contacts a single link and downloads the dll, activating the malware infection. Provided that the IP is Italian and not on the blacklist.
Cybercrime, Ursnif / Gozi back to Italy via Enel Energia
The bait are false invoice offsets. The xls attachment contacts single link from which it downloads the dll, starting the malware infection. But only from Italian IPs.
Cybercrime, Ursnif / Gozi back to Italy with a fake BRT courier email
The xls attachment contacts a single link and downloads the dll, which activates the malware infection. Provided that the IP is Italian and not on the blacklist.
Cybercrime, new wave of the Ursnif / Gozi campaign in Italy via BRT
The xlsm attachment contacts a single url from which it downloads the dll, starting the malware infection. But only from Italian IPs and if they’re not blacklisted.
Cybercrime, Ursnif/Gozi exploits again BRT for a campaign in Italy
The xlsm attachment contacts single url from which it downloads the dll, starting malware infection. But only from Italian IPs and if they are not blacklisted.
Cybercrime, new Ursnif/Gozi campaign in Italy via false BRT invoice
The email xlsm attachment contacts single url from which it downloads the dll, which starts malware infection. But only from Italian IPs and if they are not blacklisted.
Cybercrime, new Ursnif / Gozi campaign in Italy with IcedID template
The attack is part of the TA551 (Shathak) offensive. The doc file in the email zip attachment contacts a url to download the dll and start malware infection.
Cybercrime, Ursnif / Gozi campaign in Italy via fake Findomestic email
The xlsb attachment contacts a single url from which it downloads the dll, starting the infection of the malware. But only if the IP is Italian.
Cybercrime, Ursnif / Gozi is now delivered with the IcedID template
The attack is part of the TA551 (Shathak) campaign. The xlsm file in the email zip attachment contacts internal URLs to download the dll, starting malware infection.