• Consulting
  • Information Security
  • Networking
  • Software Development
  • R&D
  • BLOG

  • Advisory
  • Malware Analysis
  • Talk
  • Tech Tips
  • Gootkit malware campaign again from Italian certified mail

    15-05-2019

    In the previous weeks, Italian public administrations have been subjected to various malspam campaigns. Behind some of these campaigns, artifacts related to the Gootkit malware family have been identified. The following analysis is related to the last detected Gootkit malware. Analysis The following analysis is relative to the e-mail having the file ITXXXXXXX.zip as an […]

    New Ursnif version targets italian critical infrastructures

    09-05-2019

    Last malware activity that targets italy has been identified in the last hours. Probably the malicious agents detected belong to the Ursnif malware family. As usual the infection vector consists of compromised email addresses.In the following article I will explain the reversing steps that lead me to caught the Iocs. Analysis The email looks like […]

    New Gootkit campaign from italian certified mail

    07-05-2019

    During malware analysis activities for a customer of ours, I was facing a new Gootkit version, detected from a certified email message (PEC). With this article I would like to describe the malware structure, producing IOC’s and commenting on the reversed malware code. Analysis All is starting from the mail below. As you can see […]