{"id":4386,"date":"2022-03-14T18:42:24","date_gmt":"2022-03-14T18:42:24","guid":{"rendered":"https:\/\/fortgale.com\/news\/?p=4386"},"modified":"2023-09-16T10:59:14","modified_gmt":"2023-09-16T10:59:14","slug":"malware-qakbot-marzo-22","status":"publish","type":"post","link":"https:\/\/fortgale.com\/blog\/uncategorized-it\/malware-qakbot-marzo-22\/","title":{"rendered":"Malware Qakbot &#8211; Compromissioni Marzo 2022"},"content":{"rendered":"\n<p>In questi giorni, come gi\u00e0 sottolineato in precedenza (<a href=\"https:\/\/fortgale.com\/news\/2022\/02\/25\/russia-ucraina-attacchi-informatici\/\"><\/a><a href=\"https:\/\/fortgale.com\/news\/2022\/02\/25\/russia-ucraina-attacchi-informatici\/\" target=\"_blank\" rel=\"noreferrer noopener\">approfondimenti<\/a>) \u00e8 evidente un aumento generale delle attivit\u00e0 di compromissione.<\/p>\n\n\n\n<p>I gruppi criminali utilizzano i malware per diversi scopi, fra questi l&#8217;esecuzione di attacchi Ransomware, l&#8217;esfiltrazione di informazioni sensibili, la cattura di credenziali. Il malware Qakbot viene spesso utilizzato per questo genere ti attivit\u00e0, malware noto ormai da tempo, ampiamente descritto nella documentazione <a href=\"https:\/\/attack.mitre.org\/software\/S0650\/\" target=\"_blank\" rel=\"noreferrer noopener\">MITRE ATT&amp;CK<\/a>.<\/p>\n\n\n\n<p>Se l&#8217;utente vittima potrebbe non riconoscere un attacco di questo tipo, un team di analisti esperti invece ha tutti gli strumenti per poter intervenire in maniera efficace!<\/p>\n\n\n\n<p>A differenza delle precedenti campagne, si evidenzia una maggiore attenzione per la produzione dell&#8217;E-Mail di adescamento delle vittime. I criminali che dietro le campagne malware Qakbot si inseriscono nelle conversazioni degli utenti per inviare il malware. Nel caso specifico <strong>si tratta di una e-mail con allegato un file .zip (protetto da password) contenente un file Excel (xlsm)<\/strong>.<\/p>\n\n\n\n<p>Per assicurarsi di non essere stati impattati da compromissioni malware Qakbot si consiglia di applicare gli indicatori di compromissione presenti alla fine dell&#8217;articolo.<\/p>\n\n\n\n<div class=\"wp-block-yoast-seo-table-of-contents yoast-table-of-contents\"><h2>Indice<\/h2><ul><li><a href=\"#h-analisi-dell-e-mail\" data-level=\"2\">Analisi dell&#8217;E-Mail<\/a><\/li><li><a href=\"#h-analisi-del-file-xlsb\" data-level=\"2\">Analisi del file XLSB<\/a><\/li><li><a href=\"#h-analisi-di-rvr1-ocx\" data-level=\"2\">Analisi di rvr1.ocx<\/a><\/li><li><a href=\"#h-malware-qakbot-analisi-di-ghdddhopnqk-dll\" data-level=\"2\">Malware Qakbot &#8211; Analisi di ghdddhopnqk.dll<\/a><ul><li><a href=\"#h-defense-evasion-privilege-escalation\" data-level=\"3\">Defense Evasion &amp; Privilege Escalation<\/a><\/li><li><a href=\"#h-credential-access\" data-level=\"3\">Credential Access<\/a><\/li><li><a href=\"#h-exfiltration-command-control\" data-level=\"3\">Exfiltration &#8211; Command &amp; Control<\/a><\/li><\/ul><\/li><li><a href=\"#h-indicatori-di-compromissione\" data-level=\"2\">Indicatori di Compromissione<\/a><\/li><\/ul><\/div>\n\n\n\n<figure class=\"wp-block-image size-large\" id=\"Campagna-Malware-Qakbot\"><img decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2022\/03\/Qakbot-malware-email-1024x576.png\" alt=\"Campagna Malware Qakbot di Marzo 2022 \" class=\"wp-image-4405\" title=\"Campagna Malware Qakbot\" srcset=\"https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/03\/Qakbot-malware-email-1024x576.png 1024w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/03\/Qakbot-malware-email-300x169.png 300w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/03\/Qakbot-malware-email-768x432.png 768w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/03\/Qakbot-malware-email-1536x864.png 1536w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/03\/Qakbot-malware-email.png 1920w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" loading=\"lazy\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-analisi-dell-e-mail\">Analisi dell&#8217;E-Mail<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"676\" height=\"568\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2022\/03\/image-9.png\" alt=\"\" class=\"wp-image-4411\" srcset=\"https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/03\/image-9.png 676w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/03\/image-9-300x252.png 300w\" sizes=\"(max-width: 676px) 100vw, 676px\" loading=\"lazy\" \/><\/figure>\n<\/div>\n\n\n<p>Per massimizzare le possibilit\u00e0 di compromissioni, convincendo le vittime ad aprire l&#8217;allegato malevolo, l&#8217;attaccante sfrutta la funzione &#8220;Rispondi a tutti&#8221; inserendo nel corpo del messaggio una frase generica con la richiesta di download di un documento. Questo meccanismo rende pi\u00f9 difficile, per le vittime, l&#8217;identificazione delle anomalie.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-analisi-del-file-xlsb\">Analisi del file XLSB<\/h2>\n\n\n\n<p>Il link contenuto nella mail porta al download di un file zip contenente il file xlsb \u201c<strong>oermlrdmroeu.xlsb<\/strong>\u201d. All\u2019apertura del file viene richiesto all\u2019utente di abilitare le macro, questo avvia la compromissione del sistema.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"811\" height=\"525\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2022\/03\/image-1.png\" alt=\"\" class=\"wp-image-4389\" srcset=\"https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/03\/image-1.png 811w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/03\/image-1-300x194.png 300w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/03\/image-1-768x497.png 768w\" sizes=\"(max-width: 811px) 100vw, 811px\" loading=\"lazy\" \/><figcaption class=\"wp-element-caption\">Contenuto del file XLSB<\/figcaption><\/figure>\n<\/div>\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table><tbody><tr><td><strong>NAME<\/strong><strong><\/strong><\/td><td>Oermlrdmroeu.xslb<\/td><\/tr><tr><td><strong>MD5<\/strong><strong><\/strong><\/td><td>C2A6F0DEAD1AE3B86C0361D483AE0967<\/td><\/tr><tr><td><strong>SHA1<\/strong><strong><\/strong><\/td><td>400602F0A71899BF4CFDB028AFEB2F31DB4DE1FF<\/td><\/tr><tr><td><strong>SHA256<\/strong><strong><\/strong><\/td><td>72B0B629C772BF3FCE97CDBB589DC12B516484851D48FFA132BE2E2EA56B24AA<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-analisi-di-rvr1-ocx\">Analisi di rvr1.ocx<\/h2>\n\n\n\n<p>L&#8217;attivazione della Macro avvia il processo di compromissione del sistema, con una chiamata all\u2019indirizzo <strong>ksindesign.com[.]br<\/strong> (IP <strong>108.179.252[.]104<\/strong>) per il download del file <strong>rvr1.ocx<\/strong>, al path, C:\\Xnvr\\rvr1.ocx.<\/p>\n\n\n\n<p>Questo file \u00e8 una libreria dinamica che viene eseguita tramite <strong>regsvr32<\/strong>. L\u2019esecuzione della <em><strong>dll <\/strong><\/em>porta all\u2019avvio di <strong>OneDriveSetup.exe<\/strong> ed al seguente download e creazione del file: <strong>ghdddhopnqk.dll<\/strong>, all\u2019interno di <strong>AppData\/Roaming\/Microsoft\/Kleqaiwaulq<\/strong>. <\/p>\n\n\n\n<p>Tramite questo file parte la compromissione.<\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table><tbody><tr><td><strong>NAME<\/strong><\/td><td>Rvr1.ocx<\/td><\/tr><tr><td><strong>MD5<\/strong><\/td><td>cb94f597357fca51e3ac47187193730e<\/td><\/tr><tr><td><strong>SHA1<\/strong><\/td><td>d22380908f9bcb95d875696f857646f701fd9a0c<\/td><\/tr><tr><td><strong>SHA256<\/strong><\/td><td>cf00a86bfe97ad6975122ed5b53af40d96d505b7e3caed80cc1f6f9010927692<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-malware-qakbot-analisi-di-ghdddhopnqk-dll\">Malware Qakbot &#8211; Analisi di ghdddhopnqk.dll<\/h2>\n\n\n\n<p>Dall&#8217;analisi dinamica del malware Qakbot \u00e8 stato possibile identificare le interazioni che avvengono tra il malware e il sistema della vittima. Di seguito sono riportate alcune delle operazioni eseguite dal malware durante la compromissione.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-defense-evasion-privilege-escalation\">Defense Evasion &amp; Privilege Escalation<\/h3>\n\n\n\n<p>La <strong>DLL <\/strong>malevola viene creata, all\u2019interno del percorso &#8220;AppData\/Roaming\/Microsoft\/Kleqaiwaulq&#8221;, attraverso l&#8217;uso del processo <strong>OneDriveSetup<\/strong>.<\/p>\n\n\n\n<p>Successivamente viene eseguito <strong>regsvr32<\/strong> al quale viene passata la DLL appena creata.<\/p>\n\n\n\n<p>Subito dopo l\u2019esecuzione di questo comando si assiste ad una <strong>injection <\/strong>della DLL sul processo di <strong>OneDriveSetup<\/strong>.<\/p>\n\n\n\n<p>Questa tecnica viene eseguita per ottenere l&#8217;<strong>escalation di privilegi<\/strong>, probabilmente attraverso la nota tecnica: <strong>Token Impersonation<\/strong>, viene infatti creato un nuovo processo con privilegi elevati il quale permette al malware di eseguire i successivi passaggi per raccogliere ed esfiltrare i dati dalla macchina della vittima.<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\"><\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-credential-access\">Credential Access<\/h3>\n\n\n\n<p>Il malware raccoglie le informazioni riguardanti le credenziali delle vittime accedendo:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>alle credenziali memorizzate nei Browsers,<\/li>\n\n\n\n<li>alle password gestite da Credential Manager (lsass)<\/li>\n<\/ul>\n\n\n\n<p>Tuttavia dall&#8217;analisi di questo sample sembrerebbe che il processo che tenta di accedere al Credential Manager non abbia i privilegi necessari per completare l&#8217;operazione.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-exfiltration-command-control\">Exfiltration &#8211; Command &amp; Control<\/h3>\n\n\n\n<p>Durante l\u2019esecuzione viene avviata una connessione attraverso il protocollo SSH (porta 22) all\u2019indirizzo <strong>72.12.115[.]90 <\/strong>e una connessione in HTTPS all\u2019indirizzo<strong>102.65.38[.]67 <\/strong>(porta 443)(IP associato a Qakbot).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-indicatori-di-compromissione\">Indicatori di Compromissione<\/h2>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table><tbody><tr><td><strong>XLSB FILE HASHES<\/strong><\/td><\/tr><tr><td><\/td><td>C2A6F0DEAD1AE3B86C0361D483AE0967<\/td><\/tr><tr><td><\/td><td>334fcb9c5b1d79dd9d8959cfede1772d<\/td><\/tr><tr><td><\/td><td>73186b922d42e153b2bd828571784656<\/td><\/tr><tr><td><\/td><td>eaaa834e6736ee29894c7f5751f8859e<\/td><\/tr><tr><td><\/td><td>fa9aec61e273625eec2b591ea6b7b491<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table><tbody><tr><td><strong>ZIP FILE HASHES<\/strong><\/td><\/tr><tr><td><\/td><td>6B3FFD489F59D6952302A18FFC36B56A<\/td><\/tr><tr><td><\/td><td>16b6cb76eb9e377e7ef2f0ec2f6253de<\/td><\/tr><tr><td><\/td><td>38b2443c9c5e34f4148856f5333bc435<\/td><\/tr><tr><td><\/td><td>c388ed56f887b2bde94a2fab698eabc4<\/td><\/tr><tr><td><\/td><td>e5492cb8abff84556c652d3ea02b57b2<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table><tbody><tr><td><strong>PAYLOAD DOWNLOAD <br>DOMAINS<\/strong><\/td><\/tr><tr><td><\/td><td>ksindesign.com[.]br<\/td><\/tr><tr><td><\/td><td>tradicaodaroca[.]net<\/td><\/tr><tr><td><\/td><td>gpsadvanceconsulting[.]com<\/td><\/tr><tr><td><\/td><td>perfectbreezencool[.]com<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table><tbody><tr><td><strong>QAKBOT C2s<\/strong><\/td><\/tr><tr><td><\/td><td>http:\/\/72.12.115.90:22<\/td><\/tr><tr><td><\/td><td>https:\/\/102.65.38.67:442<\/td><\/tr><tr><td><\/td><td>http:\/\/89.211.187.185:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/176.67.56.24:443<\/td><\/tr><tr><td><\/td><td>http:\/\/208.101.87.127:443<\/td><\/tr><tr><td><\/td><td>http:\/\/172.114.160.106:995<\/td><\/tr><tr><td><\/td><td>http:\/\/139.64.13.107:995<\/td><\/tr><tr><td><\/td><td>http:\/\/173.21.10.39:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/136.143.11.80:443<\/td><\/tr><tr><td><\/td><td>http:\/\/47.180.172.31:50010<\/td><\/tr><tr><td><\/td><td>http:\/\/105.186.127.92:995<\/td><\/tr><tr><td><\/td><td>http:\/\/47.156.191.199:443<\/td><\/tr><tr><td><\/td><td>http:\/\/86.184.85.167:443<\/td><\/tr><tr><td><\/td><td>http:\/\/24.43.99.59:443<\/td><\/tr><tr><td><\/td><td>http:\/\/203.212.24.122:995<\/td><\/tr><tr><td><\/td><td>http:\/\/40.134.247.111:995<\/td><\/tr><tr><td><\/td><td>http:\/\/90.74.16.202:6881<\/td><\/tr><tr><td><\/td><td>http:\/\/144.202.2.83:995<\/td><\/tr><tr><td><\/td><td>http:\/\/201.42.65.134:995<\/td><\/tr><tr><td><\/td><td>http:\/\/45.241.221.89:995<\/td><\/tr><tr><td><\/td><td>http:\/\/86.97.209.174:1194<\/td><\/tr><tr><td><\/td><td>http:\/\/24.55.67.19:443<\/td><\/tr><tr><td><\/td><td>http:\/\/197.89.108.186:443<\/td><\/tr><tr><td><\/td><td>http:\/\/140.82.49.132:443<\/td><\/tr><tr><td><\/td><td>http:\/\/75.99.168.90:61201<\/td><\/tr><tr><td><\/td><td>http:\/\/80.14.188.21:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/86.98.11.218:443<\/td><\/tr><tr><td><\/td><td>http:\/\/108.60.213.191:443<\/td><\/tr><tr><td><\/td><td>http:\/\/121.74.187.113:995<\/td><\/tr><tr><td><\/td><td>http:\/\/70.51.139.5:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/102.65.38.176:443<\/td><\/tr><tr><td><\/td><td>http:\/\/72.76.94.44:443<\/td><\/tr><tr><td><\/td><td>http:\/\/180.183.125.108:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/108.4.67.197:443<\/td><\/tr><tr><td><\/td><td>http:\/\/105.224.105.76:995<\/td><\/tr><tr><td><\/td><td>http:\/\/189.146.51.48:443<\/td><\/tr><tr><td><\/td><td>http:\/\/149.28.238.197:995<\/td><\/tr><tr><td><\/td><td>http:\/\/47.23.89.154:995<\/td><\/tr><tr><td><\/td><td>http:\/\/80.11.74.90:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/45.76.167.250:995<\/td><\/tr><tr><td><\/td><td>http:\/\/47.156.131.194:443<\/td><\/tr><tr><td><\/td><td>http:\/\/140.82.63.187:995<\/td><\/tr><tr><td><\/td><td>http:\/\/69.159.200.219:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/209.59.248.232:443<\/td><\/tr><tr><td><\/td><td>http:\/\/186.10.247.217:443<\/td><\/tr><tr><td><\/td><td>http:\/\/96.246.158.161:995<\/td><\/tr><tr><td><\/td><td>http:\/\/96.246.158.161:995<\/td><\/tr><tr><td><\/td><td>http:\/\/182.191.92.100:995<\/td><\/tr><tr><td><\/td><td>http:\/\/206.217.0.36:995<\/td><\/tr><tr><td><\/td><td>http:\/\/188.55.223.214:995<\/td><\/tr><tr><td><\/td><td>http:\/\/89.101.97.209:443<\/td><\/tr><tr><td><\/td><td>http:\/\/86.97.209.21:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/82.152.39.243:443<\/td><\/tr><tr><td><\/td><td>http:\/\/86.198.170.44:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/31.215.70.56:443<\/td><\/tr><tr><td><\/td><td>http:\/\/183.82.103.61:443<\/td><\/tr><tr><td><\/td><td>http:\/\/79.167.199.84:995<\/td><\/tr><tr><td><\/td><td>http:\/\/5.32.41.236:443<\/td><\/tr><tr><td><\/td><td>http:\/\/83.110.153.33:61200<\/td><\/tr><tr><td><\/td><td>http:\/\/82.205.15.163:995<\/td><\/tr><tr><td><\/td><td>http:\/\/41.143.155.190:443<\/td><\/tr><tr><td><\/td><td>http:\/\/45.63.1.30:995<\/td><\/tr><tr><td><\/td><td>http:\/\/120.150.218.201:995<\/td><\/tr><tr><td><\/td><td>http:\/\/76.69.155.150:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/71.13.93.72:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/41.205.12.161:443<\/td><\/tr><tr><td><\/td><td>http:\/\/187.199.203.192:443<\/td><\/tr><tr><td><\/td><td>http:\/\/207.170.238.224:443<\/td><\/tr><tr><td><\/td><td>http:\/\/191.99.191.138:443<\/td><\/tr><tr><td><\/td><td>http:\/\/109.12.111.197:443<\/td><\/tr><tr><td><\/td><td>http:\/\/70.46.220.161:443<\/td><\/tr><tr><td><\/td><td>http:\/\/217.128.93.144:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/45.9.20.111:443<\/td><\/tr><tr><td><\/td><td>http:\/\/173.174.216.222:443<\/td><\/tr><tr><td><\/td><td>http:\/\/209.210.95.107:32100<\/td><\/tr><tr><td><\/td><td>http:\/\/58.105.167.83:50000<\/td><\/tr><tr><td><\/td><td>http:\/\/201.145.160.98:443<\/td><\/tr><tr><td><\/td><td>http:\/\/5.95.58.122:2087<\/td><\/tr><tr><td><\/td><td>http:\/\/208.107.221.60:443<\/td><\/tr><tr><td><\/td><td>http:\/\/73.151.236.251:443<\/td><\/tr><tr><td><\/td><td>http:\/\/72.12.115.67:22<\/td><\/tr><tr><td><\/td><td>http:\/\/85.1.164.168:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/1.161.97.196:995<\/td><\/tr><tr><td><\/td><td>http:\/\/76.70.9.162:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/2.50.27.49:443<\/td><\/tr><tr><td><\/td><td>http:\/\/190.73.3.200:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/124.41.193.83:443<\/td><\/tr><tr><td><\/td><td>http:\/\/75.99.168.34:443<\/td><\/tr><tr><td><\/td><td>http:\/\/197.237.74.221:995<\/td><\/tr><tr><td><\/td><td>http:\/\/140.82.63.58:443<\/td><\/tr><tr><td><\/td><td>http:\/\/175.145.235.105:443<\/td><\/tr><tr><td><\/td><td>http:\/\/86.195.158.28:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/191.112.19.218:443<\/td><\/tr><tr><td><\/td><td>http:\/\/81.229.130.58:443<\/td><\/tr><tr><td><\/td><td>http:\/\/91.177.173.176:995<\/td><\/tr><tr><td><\/td><td>http:\/\/120.61.2.218:443<\/td><\/tr><tr><td><\/td><td>http:\/\/187.170.7.174:443<\/td><\/tr><tr><td><\/td><td>http:\/\/38.70.253.154:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/24.178.196.213:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/177.207.67.89:995<\/td><\/tr><tr><td><\/td><td>http:\/\/71.74.12.7:443<\/td><\/tr><tr><td><\/td><td>http:\/\/114.79.148.235:443<\/td><\/tr><tr><td><\/td><td>http:\/\/103.51.26.2:995<\/td><\/tr><tr><td><\/td><td>http:\/\/100.1.108.50:443<\/td><\/tr><tr><td><\/td><td>http:\/\/76.169.147.170:32103<\/td><\/tr><tr><td><\/td><td>http:\/\/72.252.201.125:995<\/td><\/tr><tr><td><\/td><td>http:\/\/47.180.172.94:443<\/td><\/tr><tr><td><\/td><td>http:\/\/144.202.2.173:443<\/td><\/tr><tr><td><\/td><td>http:\/\/63.153.150.149:443<\/td><\/tr><tr><td><\/td><td>http:\/\/45.63.1.190:443<\/td><\/tr><tr><td><\/td><td>http:\/\/32.221.225.252:995<\/td><\/tr><tr><td><\/td><td>http:\/\/67.209.195.35:443<\/td><\/tr><tr><td><\/td><td>http:\/\/92.177.45.31:2078<\/td><\/tr><tr><td><\/td><td>http:\/\/128.106.122.65:443<\/td><\/tr><tr><td><\/td><td>http:\/\/144.202.3.6:995<\/td><\/tr><tr><td><\/td><td>http:\/\/63.143.92.45:995<\/td><\/tr><tr><td><\/td><td>http:\/\/186.64.87.198:443<\/td><\/tr><tr><td><\/td><td>http:\/\/74.15.2.254:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/103.87.95.251:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/75.188.35.78:443<\/td><\/tr><tr><td><\/td><td>http:\/\/75.159.9.13:443<\/td><\/tr><tr><td><\/td><td>http:\/\/201.40.225.12:443<\/td><\/tr><tr><td><\/td><td>http:\/\/217.165.79.198:995<\/td><\/tr><tr><td><\/td><td>http:\/\/45.76.167.69:443<\/td><\/tr><tr><td><\/td><td>http:\/\/217.128.122.189:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/76.25.142.219:443<\/td><\/tr><tr><td><\/td><td>http:\/\/83.110.218.105:32101<\/td><\/tr><tr><td><\/td><td>http:\/\/78.100.194.148:6883<\/td><\/tr><tr><td><\/td><td>http:\/\/149.28.238.112:443<\/td><\/tr><tr><td><\/td><td>http:\/\/217.165.79.36:443<\/td><\/tr><tr><td><\/td><td>http:\/\/31.35.28.87:443<\/td><\/tr><tr><td><\/td><td>http:\/\/201.170.181.167:443<\/td><\/tr><tr><td><\/td><td>http:\/\/41.228.22.30:443<\/td><\/tr><tr><td><\/td><td>http:\/\/102.184.187.63:995<\/td><\/tr><tr><td><\/td><td>http:\/\/139.228.65.124:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/39.44.188.207:995<\/td><\/tr><tr><td><\/td><td>http:\/\/92.99.229.84:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/68.204.7.67:443<\/td><\/tr><tr><td><\/td><td>http:\/\/96.21.251.170:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/70.57.207.61:443<\/td><\/tr><tr><td><\/td><td>http:\/\/93.48.80.155:995<\/td><\/tr><tr><td><\/td><td>http:\/\/189.253.32.41:995<\/td><\/tr><tr><td><\/td><td>http:\/\/86.97.9.17:443<\/td><\/tr><tr><td><\/td><td>http:\/\/1.161.97.130:443<\/td><\/tr><tr><td><\/td><td>http:\/\/196.203.37.117:80<\/td><\/tr><tr><td><\/td><td>http:\/\/47.156.191.214:443<\/td><\/tr><tr><td><\/td><td>http:\/\/63.153.150.197:443<\/td><\/tr><tr><td><\/td><td>http:\/\/24.43.99.252:443<\/td><\/tr><tr><td><\/td><td>http:\/\/81.229.130.186:443<\/td><\/tr><tr><td><\/td><td>http:\/\/217.128.93.160:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/86.195.158.221:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/217.165.79.106:443<\/td><\/tr><tr><td><\/td><td>http:\/\/79.167.199.93:995<\/td><\/tr><tr><td><\/td><td>http:\/\/32.221.225.129:995<\/td><\/tr><tr><td><\/td><td>http:\/\/24.55.67.47:443<\/td><\/tr><tr><td><\/td><td>http:\/\/92.99.229.203:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/76.25.142.112:443<\/td><\/tr><tr><td><\/td><td>http:\/\/121.74.187.253:995<\/td><\/tr><tr><td><\/td><td>http:\/\/70.57.207.141:443<\/td><\/tr><tr><td><\/td><td>http:\/\/188.55.223.192:995<\/td><\/tr><tr><td><\/td><td>http:\/\/206.217.0.104:995<\/td><\/tr><tr><td><\/td><td>http:\/\/172.114.160.109:995<\/td><\/tr><tr><td><\/td><td>http:\/\/86.198.170.59:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/72.12.115.60:22<\/td><\/tr><tr><td><\/td><td>http:\/\/89.211.187.38:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/47.156.131.87:443<\/td><\/tr><tr><td><\/td><td>http:\/\/72.76.94.162:443<\/td><\/tr><tr><td><\/td><td>http:\/\/70.51.139.188:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/80.14.188.20:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/108.60.213.193:443<\/td><\/tr><tr><td><\/td><td>http:\/\/201.42.65.212:995<\/td><\/tr><tr><td><\/td><td>http:\/\/31.215.70.238:443<\/td><\/tr><tr><td><\/td><td>http:\/\/140.82.63.195:995<\/td><\/tr><tr><td><\/td><td>http:\/\/45.241.221.196:995<\/td><\/tr><tr><td><\/td><td>http:\/\/5.32.41.232:443<\/td><\/tr><tr><td><\/td><td>http:\/\/76.169.147.89:32103<\/td><\/tr><tr><td><\/td><td>http:\/\/207.170.238.235:443<\/td><\/tr><tr><td><\/td><td>http:\/\/63.143.92.135:995<\/td><\/tr><tr><td><\/td><td>http:\/\/67.209.195.222:443<\/td><\/tr><tr><td><\/td><td>http:\/\/1.161.97.133:443<\/td><\/tr><tr><td><\/td><td>http:\/\/75.99.168.188:61201<\/td><\/tr><tr><td><\/td><td>http:\/\/208.107.221.170:443<\/td><\/tr><tr><td><\/td><td>http:\/\/75.188.35.173:443<\/td><\/tr><tr><td><\/td><td>http:\/\/144.202.2.159:443<\/td><\/tr><tr><td><\/td><td>http:\/\/5.95.58.146:2087<\/td><\/tr><tr><td><\/td><td>http:\/\/80.11.74.95:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/93.48.80.229:995<\/td><\/tr><tr><td><\/td><td>http:\/\/71.74.12.146:443<\/td><\/tr><tr><td><\/td><td>http:\/\/201.170.181.244:443<\/td><\/tr><tr><td><\/td><td>http:\/\/86.97.209.23:1194<\/td><\/tr><tr><td><\/td><td>http:\/\/209.59.248.178:443<\/td><\/tr><tr><td><\/td><td>http:\/\/40.134.247.11:995<\/td><\/tr><tr><td><\/td><td>http:\/\/108.4.67.121:443<\/td><\/tr><tr><td><\/td><td>http:\/\/31.35.28.166:443<\/td><\/tr><tr><td><\/td><td>http:\/\/196.203.37.212:80<\/td><\/tr><tr><td><\/td><td>http:\/\/92.177.45.230:2078<\/td><\/tr><tr><td><\/td><td>http:\/\/71.13.93.136:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/217.165.79.231:995<\/td><\/tr><tr><td><\/td><td>http:\/\/85.1.164.199:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/70.46.220.176:443<\/td><\/tr><tr><td><\/td><td>http:\/\/144.202.2.177:995<\/td><\/tr><tr><td><\/td><td>http:\/\/197.89.108.170:443<\/td><\/tr><tr><td><\/td><td>http:\/\/140.82.49.113:443<\/td><\/tr><tr><td><\/td><td>http:\/\/91.177.173.192:995<\/td><\/tr><tr><td><\/td><td>http:\/\/86.97.9.1:443<\/td><\/tr><tr><td><\/td><td>http:\/\/45.9.20.43:443<\/td><\/tr><tr><td><\/td><td>http:\/\/82.152.39.231:443<\/td><\/tr><tr><td><\/td><td>http:\/\/83.110.218.246:32101<\/td><\/tr><tr><td><\/td><td>http:\/\/90.74.16.198:6881<\/td><\/tr><tr><td><\/td><td>http:\/\/39.44.188.124:995<\/td><\/tr><tr><td><\/td><td>http:\/\/38.70.253.151:2222<\/td><\/tr><tr><td><\/td><td>http:\/\/41.143.155.155:443<\/td><\/tr><tr><td><\/td><td>http:\/\/124.41.193.158:443<\/td><\/tr><tr><td><\/td><td>http:\/\/45.76.167.39:443<\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>In questi giorni, come gi\u00e0 sottolineato in precedenza (approfondimenti) \u00e8 evidente un aumento generale delle attivit\u00e0 di compromissione. I gruppi criminali utilizzano i malware per diversi scopi, fra questi l&#8217;esecuzione di attacchi Ransomware, l&#8217;esfiltrazione di informazioni sensibili, la cattura di credenziali. Il malware Qakbot viene spesso utilizzato per questo genere ti attivit\u00e0, malware noto ormai [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":4405,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[954],"tags":[1515,1517,1519],"class_list":["post-4386","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized-it","tag-malspam-it","tag-qakbot-it","tag-qbot-it"],"_links":{"self":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/4386","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/comments?post=4386"}],"version-history":[{"count":24,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/4386\/revisions"}],"predecessor-version":[{"id":5204,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/4386\/revisions\/5204"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media\/4405"}],"wp:attachment":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media?parent=4386"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/categories?post=4386"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/tags?post=4386"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}