Mastodawn

D3Lab Dec 6, 2024

🌐 Campagne #Malware in Italia - Week 49

📞 #APK Bank
🕵️‍♂️ #SpyNote / #Antidot / #Irata / #DroidBot / #SmSSpy
✉️ Email Campaigns
💼 #Formbook: Preventivo
📦 #AgentTesla: Spedizione
📑 #Remcos: Fattura
💰 #GuLoader: Pagamento
🧾 #XWorm: Fattura
🐍 #SnakeKeyLogger: Bonifico
🔖 #Lokibot: Prezzo
©️ #Rhadamanthys: Copyright
📄 #VipKeyLoggerL: Documento

📢 Resta vigile! 🚨

#mwitaly #CyberSecurity #StaySafe

D3Lab Nov 24, 2023

Campagne #Malware #Italy Week 47

mwitalyenti 🔥 ☠️
#AgentTesla: Richiesta Urgente
#SmsSpy: APK Banking
#Pikabot: Resend
#RemcosRAT - #SystemBC: AgenziaEntrate

D'Eccezione 💣 👻
#StrRat: Fake e-commerce
#Vidar: Resend

#mwitaly

D3Lab Oct 27, 2023

Campagne #Malware #Italy Week 43

🔥💣☠️

#AgentTesla: Ordini e Pagamenti
#Remcos: Contabili
#Pikabot: Resend 📧
#GuLoader: Preventivi
#SMSSpy: App di Sicurezza Gratuita

#mwitaly

D3Lab Sep 22, 2023

Campagne #Malware #Italy Week 38

☠️💣🔥

#AgentTesla: Pagamento Bancario
#Brata - #SMSSpy: #APK Bank
#Ursnif: Pagamenti SMB
#AveMaria - #AsyncRAT: Ordine
#Formbook: Fornitura
#ScreenConnect: Pagamento
#BitRAT - #RemcosRat: Documento

#mwitaly

OneCert Cyber Security

Sep 15, 2023

🚨#Malware Alert
File type: #Apk #Android
Threat name: #IRATA #spyware
(IRATA - Iranian Remote Access Tool Android)

- Payload URLs:

hXXp://eblaghshekayatname.hyperphp.com/sana.apk

IP : 185.27.134.59
ISP: AS 34119 ( WILDCARD-AS - Wildcard UK Limited ) GB
Registrar: NAMECHEAP INC

- Payload:

https://bazaar.abuse.ch/sample/91e5c5dbb6e64f5399cd4786f2e91192525b6582a088a8b583a7599a82838567/

#smsspy #spyware #Phishing

MalwareBazaar | Checking your browser

OneCert Cyber Security

Sep 9, 2023

🚨#Malware Alert
File type: #Apk #Android
Threat name: #IRATA #spyware
(IRATA - Iranian Remote Access Tool Android)

- Payload URLs:

hXXps://openaico.ir/bot/stream/dl/?q=r6wp3wkS4rU

IP : 157.90.108.250
ISP: AS 24940 ( Hetzner Online GmbH ) DE

- Payload:

https://bazaar.abuse.ch/sample/f403f15de411e46b588b0454694a868adf692ac5e7294d07bd3216d500971d3f/

- C2

gamerdet[.]tk

IP : 172.67.174.204, 104.21.72.41
ISP: AS 13335 ( CLOUDFLARENET ) US

#smsspy #spyware #Phishing

MalwareBazaar | Checking your browser

OneCert Cyber Security

Sep 4, 2023

🚨#Malware Alert
File type: #Apk #Android
Threat name: #IRATA #spyware
(IRATA - Iranian Remote Access Tool Android)

- Payload URLs:

hXXps://ceryew2ir.com/ed.apk

IP : 185.143.234.120
ISP: AS 205585 ( Noyan Abr Arvan Co. ) IR
Registrar: NAMECHEAP INC

- Payload:

https://bazaar.abuse.ch/sample/95daed761fda53bc7acdce7b880c1cb661bf75988084914e0958d33314768fa1/

- C2

hXXps://xreyz.com/000
hXXps://xreyz.com/000/rat.php
hXXps://xreyz.com
hXXps://xreyz.com/000/url.txt

IP : 185.143.234.120
ISP: AS 205585 ( Noyan Abr Arvan Co. ) IR
Registrar: NAMECHEAP INC

#smsspy #spyware #Phishing

MalwareBazaar | Checking your browser

OneCert Cyber Security

Aug 20, 2023

🚨#Malware Alert
File type: #Apk #Android
Threat name: #IRATA #spyware
(IRATA - Iranian Remote Access Tool Android)

- Payload URLs:
hXXps://site2.ebl-ir.org/adl.apk
hXXps://site3.ebl-ir.org/adl.apk
hXXps://site4.ebl-ir.org/adl.apk
hXXps://site5.ebl-ir.org/adl.apk
hXXps://site6.ebl-ir.org/adl.apk
hXXps://site7.ebl-ir.org/adl.apk
hXXps://site8.ebl-ir.org/adl.apk
hXXps://site9.ebl-ir.org/adl.apk
hXXps://site10.ebl-ir.org/adl.apk
hXXps://site11.ebl-ir.org/adl.apk
hXXps://site12.ebl-ir.org/adl.apk
hXXps://site13.ebl-ir.org/adl.apk
hXXps://site14.ebl-ir.org/adl.apk
hXXps://site15.ebl-ir.org/adl.apk
hXXps://site16.ebl-ir.org/adl.apk
hXXps://site17.ebl-ir.org/adl.apk
hXXps://site18.ebl-ir.org/adl.apk
hXXps://site19.ebl-ir.org/adl.apk
hXXps://site20.ebl-ir.org/adl.apk