{"id":120,"date":"2018-09-04T18:22:31","date_gmt":"2018-09-04T16:22:31","guid":{"rendered":"https:\/\/fortgale.com\/news\/?p=120"},"modified":"2018-09-04T18:22:31","modified_gmt":"2018-09-04T16:22:31","slug":"indicatori-di-compromissione-4-settembre-2018","status":"publish","type":"post","link":"https:\/\/fortgale.com\/blog\/cyber-security-news\/indicatori-di-compromissione-4-settembre-2018\/","title":{"rendered":"Indicatori di Compromissione &#8211; 4 Settembre 2018"},"content":{"rendered":"<p style=\"text-align: justify\">Indicatori di compromissione relativi ad infezioni da malware bancari (<strong>Emotet e TrickBot<\/strong>) utilizzati durante campagne malware nei confronti di infrastrutture italiane.<\/p>\n<p style=\"text-align: justify\">Le compromissioni sono relative ad attivit\u00e0 svolte nel periodo Agosto-Settembre 2018.<\/p>\n<p style=\"text-align: justify\">Campagne di questa tipologia risultano colpire costantemente sistemi e infrastrutture informatiche. In alcuni periodi si rilevano fino a 4 diverse campagne malware con l&#8217;utilizzo dello stesso malware nel periodo di 30 giorni.<\/p>\n<p style=\"text-align: justify\" class=\"\"><strong>Malware Emotet\/TrickBot (HASH SHA256):<\/strong><\/p>\n<table class=\"crayon-table\">\n<tbody>\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums \" data-settings=\"show\">\n<div class=\"crayon-nums-content\">\n<div class=\"crayon-num\" data-line=\"crayon-5c3750d7d96e6286111603-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c3750d7d96e6286111603-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c3750d7d96e6286111603-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c3750d7d96e6286111603-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c3750d7d96e6286111603-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c3750d7d96e6286111603-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c3750d7d96e6286111603-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c3750d7d96e6286111603-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c3750d7d96e6286111603-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c3750d7d96e6286111603-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c3750d7d96e6286111603-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c3750d7d96e6286111603-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c3750d7d96e6286111603-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c3750d7d96e6286111603-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c3750d7d96e6286111603-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c3750d7d96e6286111603-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c3750d7d96e6286111603-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c3750d7d96e6286111603-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c3750d7d96e6286111603-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c3750d7d96e6286111603-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c3750d7d96e6286111603-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c3750d7d96e6286111603-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c3750d7d96e6286111603-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c3750d7d96e6286111603-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c3750d7d96e6286111603-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c3750d7d96e6286111603-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c3750d7d96e6286111603-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c3750d7d96e6286111603-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c3750d7d96e6286111603-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c3750d7d96e6286111603-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c3750d7d96e6286111603-31\">31<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c3750d7d96e6286111603-32\">32<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c3750d7d96e6286111603-33\">33<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\">\n<div class=\"crayon-line\" id=\"crayon-5c3750d7d96e6286111603-1\"><strong><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">1st<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Stage<\/span><span class=\"crayon-sy\">)<\/span><\/strong><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c3750d7d96e6286111603-2\"><span class=\"crayon-cn\">6EF5C474B7706E547257B65711D44C5D8183420ACF6D1D673A445FC30D3E2ACD<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c3750d7d96e6286111603-3\"><span class=\"crayon-cn\">483375f638c20330ccdc6425483a59d84dfc7e4da81f2a26363b7ee16a5a3cd9<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c3750d7d96e6286111603-4\"><span class=\"crayon-cn\">1c1e2db21c30fe50d3dcb4b4f756bc154d319cf1365afb3962631941b9513859<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c3750d7d96e6286111603-5\"><span class=\"crayon-cn\">14b8461975d56583ef0a575e6b3edee10da4583d4d9d2959ea5abd99996fe68a<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c3750d7d96e6286111603-6\"><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c3750d7d96e6286111603-7\"><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/fluorescent[.]cc\/IkSd44UwZs<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c3750d7d96e6286111603-8\"><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/www.inancspor[.]com\/1ymVXSaT7J<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c3750d7d96e6286111603-9\"><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/mainlis[.]pt\/0f9WStspZ<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c3750d7d96e6286111603-10\"><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/thexda[.]com\/ZptEBCytV<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c3750d7d96e6286111603-11\"><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/samarthdparikh[.]com\/mConYIy<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c3750d7d96e6286111603-12\"><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/imrenocakbasi&lt;span&gt;[.]com\/pNDq<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c3750d7d96e6286111603-13\"><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/opaljeans&lt;span&gt;[.]com\/T<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c3750d7d96e6286111603-14\"><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/atoliyeh&lt;span&gt;[.]com\/fhlb<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c3750d7d96e6286111603-15\"><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/linkbio&lt;span&gt;[.]net\/mYKl<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c3750d7d96e6286111603-16\"><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/proinnovation2013[.]com\/0k6vpL79<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c3750d7d96e6286111603-17\"><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/rtnbd24[.]com\/JLbh1WGtMu<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c3750d7d96e6286111603-18\"><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/goldsellingsuccess[.]com\/pXo3156n2G<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c3750d7d96e6286111603-19\"><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/cuentocontigo[.]net\/eS663S6XX2<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c3750d7d96e6286111603-20\"><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/manatour[.]cl\/6Vo9r2CAU<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c3750d7d96e6286111603-21\"><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/omlinux[.]com\/SGNChoG&amp;gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c3750d7d96e6286111603-22\"><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c3750d7d96e6286111603-23\"><strong><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">2nd<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Stage<\/span><span class=\"crayon-sy\">)<\/span><\/strong><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c3750d7d96e6286111603-24\"><span class=\"crayon-cn\">02b969c4d126d1b50d6e7092282064d3c3127a6c4b70b5420fe5ae8033b4a290<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c3750d7d96e6286111603-25\"><span class=\"crayon-s\">&#8220;C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\searchatsd.exe&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c3750d7d96e6286111603-26\"><span class=\"crayon-s\">&#8220;HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run&#8221;<\/span><span class=\"crayon-h\"> <\/span><strong><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">Key<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">searchatsd<\/span><span class=\"crayon-sy\">)<\/span><\/strong><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c3750d7d96e6286111603-27\"><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c3750d7d96e6286111603-28\"><strong><span class=\"crayon-v\">(Command<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-h\">\u00a0<\/span><span class=\"crayon-v\">Control<\/span><span class=\"crayon-sy\">)<\/span><\/strong><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c3750d7d96e6286111603-29\"><span class=\"crayon-cn\">81<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-cn\">21<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-cn\">85<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-cn\">89<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">7080<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c3750d7d96e6286111603-30\"><span class=\"crayon-cn\">213<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-cn\">12<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-cn\">182<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-cn\">53<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">7080<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c3750d7d96e6286111603-31\"><span class=\"crayon-cn\">136<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-cn\">56<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-cn\">30<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-cn\">168<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c3750d7d96e6286111603-32\"><span class=\"crayon-cn\">128<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-cn\">97<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-cn\">187<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">8443<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c3750d7d96e6286111603-33\"><span class=\"crayon-cn\">76<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-cn\">120<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-cn\">104<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-cn\">107<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">443<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Indicatori di compromissione relativi ad infezioni da malware bancari (Emotet e TrickBot) utilizzati durante campagne malware nei confronti di infrastrutture italiane. Le compromissioni sono relative ad attivit\u00e0 svolte nel periodo Agosto-Settembre 2018. Campagne di questa tipologia risultano colpire costantemente sistemi e infrastrutture informatiche. In alcuni periodi si rilevano fino a 4 diverse campagne malware con [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":126,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[125,185,337,361],"class_list":["post-120","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security-news","tag-emotet","tag-ioc","tag-statistics","tag-trickbot"],"_links":{"self":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/120","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/comments?post=120"}],"version-history":[{"count":0,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/120\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media?parent=120"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/categories?post=120"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/tags?post=120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}