• Consulting
  • Information Security
  • Networking
  • Software Development
  • R&D
  • BLOG

  • Advisory
  • Malware Analysis
  • Talk
  • Tech Tips
  • Gootkit malware campaign again from Italian certified mail


    In the previous weeks, Italian public administrations have been subjected to various malspam campaigns. Behind some of these campaigns, artifacts related to the Gootkit malware family have been identified. The following analysis is related to the last detected Gootkit malware. Analysis The following analysis is relative to the e-mail having the file ITXXXXXXX.zip as an […]

    New Ursnif version targets italian critical infrastructures


    Last malware activity that targets italy has been identified in the last hours. Probably the malicious agents detected belong to the Ursnif malware family. As usual the infection vector consists of compromised email addresses.In the following article I will explain the reversing steps that lead me to caught the Iocs. Analysis The email looks like […]

    New Gootkit campaign from italian certified mail


    During malware analysis activities for a customer of ours, I was facing a new Gootkit version, detected from a certified email message (PEC). With this article I would like to describe the malware structure, producing IOC’s and commenting on the reversed malware code. Analysis All is starting from the mail below. As you can see […]