{"id":600,"date":"2022-03-25T08:32:17","date_gmt":"2022-03-25T08:32:17","guid":{"rendered":"https:\/\/fortgale.com\/threats\/?page_id=600"},"modified":"2024-01-03T08:59:41","modified_gmt":"2024-01-03T08:59:41","slug":"malware","status":"publish","type":"page","link":"https:\/\/fortgale.com\/threats\/malware\/","title":{"rendered":"Malware"},"content":{"rendered":"
\n \n
\n \n \n
\n \n
\n \n
\n \n
\n
\n \n \n
\n \n
\n \n
\n \n \n

Malware EMOTET<\/h3>\n <\/div>\n <\/div>\n
\n \n \n
\n

Alias: Geodo ; Heodo<\/span><\/p>\n <\/div>\n <\/div>\n

\n \n \n
\n

Emotet, active since 2014, is among the malware most used by criminals to compromise the workstations of Italian companies.<\/u><\/strong><\/p>\n

After installation on the victim system, it\n steals the passwords saved in the browsers<\/u> (banking logins, e-mail, company portals). It is often used as a “Trojan horse” for the installation of other types of Malware (Trickbot or IcedID).<\/p>\n <\/div>\n <\/div>\n

\n \n
\n \n \n
Sources:<\/h6>\n <\/div>\n <\/div>\n
\n \n
Fortgale Analysis<\/span><\/a>\n <\/span> Mitre<\/span><\/a>\n <\/span> Malpedia<\/span><\/a>\n <\/span>\n <\/div>\n <\/div>\n
\n \n <\/div>\n <\/div>\n <\/div>\n <\/div>\n
\n
\n \n \n
\n \n
\n \n
\n \n \n

Malware TRICKBOT<\/h3>\n <\/div>\n <\/div>\n
\n \n \n
\n

Alias: Trickster, TheTrick, TrickLoader<\/span><\/p>\n <\/div>\n <\/div>\n

\n \n \n
\n

Trickbot<\/strong>, active since 2016, is a modular banking Trojan developed by WIZARD SPIDER<\/strong> with the main purpose of stealing victims’ credentials<\/strong>. Over the years, businesses and individuals\n on a global scale have been affected.<\/p>\n

Following infection (usually via spearphishing) it allows the implementation of additional functionality, such as\n data collection, reconnaissance and lateral movement in the victim’s local network.<\/u>\n <\/p>\n

It is often used as initial access which can then be sold to other criminal groups.<\/p>\n <\/div>\n <\/div>\n

\n \n
\n \n \n
Sources:<\/h6>\n <\/div>\n <\/div>\n
\n \n
Fortgale Analysis<\/span><\/a>\n <\/span> Mitre<\/span><\/a>\n <\/span> Malpedia<\/span><\/a>\n <\/span>\n <\/div>\n <\/div>\n
\n \n <\/div>\n <\/div>\n <\/div>\n <\/div>\n
\n
\n \n \n
\n \n
\n \n
\n \n \n

Malware URSNIF<\/h3>\n <\/div>\n <\/div>\n
\n \n \n
\n

Alias: Gozi, CRM, Gozi CRM, Papras, Snifula<\/span><\/p>\n <\/div>\n <\/div>\n

\n \n \n
\n

Ursnif<\/strong> is one of the most widespread malware in Italy, every year there are several\n campaigns targeting Italian companies.<\/u>\n <\/p>\n

The first samples were detected in 2015 and in recent years its functionality has undergone variations, but the method of propagation and infection has remained the same. It usually exploits a malicious attachment within phishing emails\n to install itself on victims’ systems.<\/p>\n

Its main functions consist of stealing information relating to banks, wallets and cryptocurrencies; Furthermore, it can also perform further operations such as:\n obtaining other information relating to the user, creating screenshots and web injections.<\/u>\n <\/p>\n <\/div>\n <\/div>\n

\n \n
\n \n \n
Sources:<\/h6>\n <\/div>\n <\/div>\n
\n \n
Fortgale Analys<\/span><\/a>\n <\/span> Mitre<\/span><\/a>\n <\/span> Malpedia<\/span><\/a>\n <\/span>\n <\/div>\n <\/div>\n
\n \n <\/div>\n <\/div>\n <\/div>\n <\/div>\n <\/div>\n <\/div>\n <\/div>\n <\/div>\n
\n \n \n
\n \n
\n \n
\n \n
\n
\n \n \n
\n \n
\n \n
\n \n \n

Malware AGENT TESLA<\/h3>\n <\/div>\n <\/div>\n
\n \n \n
\n

Alias: AgenTesla, AgentTesla, Negasteal<\/span><\/p>\n <\/div>\n <\/div>\n

\n \n \n
\n

Agent Tesla<\/strong> is spyware capable of stealing information relating to browser credentials, FTP services, Windows, emails and VPNs.<\/p>\n

Over time, other features have also been developed such as:\n collection of information regarding the hardware of the victim’s systems, creation of screenshots, download and execution of additional executables, log of pressed keys and clipboard.<\/u>\n <\/p>\n <\/div>\n <\/div>\n

\n \n
\n \n \n
Sources:<\/h6>\n <\/div>\n <\/div>\n
\n \n
Fortgale Analysis<\/span><\/a>\n <\/span> Mitre<\/span><\/a>\n <\/span> Malpedia<\/span><\/a>\n <\/span>\n <\/div>\n <\/div>\n
\n \n <\/div>\n <\/div>\n <\/div>\n <\/div>\n
\n
\n \n \n
\n \n
\n \n
\n \n \n

Malware FORMBOOK<\/h3>\n <\/div>\n <\/div>\n
\n \n \n
\n

Alias: <\/strong>win.xloader<\/span><\/p>\n <\/div>\n <\/div>\n

\n \n \n
\n

Formbook<\/strong> is a Data Stealer distributed as Maas<\/strong> (\n Malware as a Services<\/u>) active since 2016, which aims to exfiltrate victims’ credentials and personal information. It provides less experienced attackers with the possibility of carrying out attack campaigns in just a few clicks\n by renting it at relatively low prices (a few hundred euros).<\/p>\n

Over time, the malware has undergone numerous\n updates<\/u> and is often distributed via\n malspam<\/u> campaigns and malicious attachments.<\/p>\n <\/div>\n <\/div>\n

\n \n
\n \n \n
Sources:<\/h6>\n <\/div>\n <\/div>\n
\n \n
Fortgale Analysis<\/span><\/a>\n <\/span> Malpedia<\/span><\/a>\n <\/span>\n <\/div>\n <\/div>\n
\n \n <\/div>\n <\/div>\n <\/div>\n <\/div>\n
\n
\n \n \n
\n \n
\n \n
\n \n \n

Malware QAKBOT<\/h3>\n <\/div>\n <\/div>\n
\n \n \n
\n

Alias: Pinkslipbot, Qbot, Quakbot<\/span><\/p>\n <\/div>\n <\/div>\n

\n \n \n
\n

QakBot<\/strong> is a modular banking Trojan <\/strong>that has been active since 2007.<\/p>\n

Over time it has undergone several changes, going from being a “simple” info stealer to becoming a dropper for some ransomware such as ProLock and Egregor.<\/p>\n

However, the infection system has remained almost unchanged, exploiting malspam campaigns with malicious attachments or links.<\/p>\n <\/div>\n <\/div>\n

\n \n
\n \n \n
Sources:<\/h6>\n <\/div>\n <\/div>\n
\n \n
Fortgale Analysis<\/span><\/a>\n <\/span> Mitre<\/span><\/a>\n <\/span> Malpedia<\/span><\/a>\n <\/span>\n <\/div>\n <\/div>\n
\n \n <\/div>\n <\/div>\n <\/div>\n <\/div>\n <\/div>\n <\/div>\n <\/div>\n <\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Malware EMOTET Alias: Geodo ; Heodo Emotet, active since 2014, is among the malware most used by criminals to compromise the workstations of Italian companies. After installation on the victim system, it steals the passwords saved in the browsers (banking logins, e-mail, company portals). It is often used as a “Trojan horse” for the installation […]<\/p>\n","protected":false},"author":1,"featured_media":625,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"page-templates\/full-width-page.php","meta":{"footnotes":""},"class_list":["post-600","page","type-page","status-publish","has-post-thumbnail","hentry"],"yoast_head":"\nFortgale and Cyber Threats - Malware<\/title>\n<meta name=\"description\" content=\"Informazioni tecniche relative a Malware, Ransomware, strumenti offensivi e tecniche di compromissione.\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Fortgale and Cyber Threats - Malware\" \/>\n<meta property=\"og:description\" content=\"Informazioni tecniche relative a Malware, Ransomware, strumenti offensivi e tecniche di compromissione.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/fortgale.com\/threats\/malware\/\" \/>\n<meta property=\"og:site_name\" content=\"Fortgale and Cyber Threats\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-03T08:59:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/fortgale.com\/threats\/wp-content\/uploads\/sites\/3\/2021\/10\/EMOTET.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/fortgale.com\\\/threats\\\/malware\\\/\",\"url\":\"https:\\\/\\\/fortgale.com\\\/threats\\\/malware\\\/\",\"name\":\"Fortgale and Cyber Threats - Malware\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/fortgale.com\\\/threats\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/fortgale.com\\\/threats\\\/malware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/fortgale.com\\\/threats\\\/malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/fortgale.com\\\/threats\\\/wp-content\\\/uploads\\\/sites\\\/3\\\/2021\\\/10\\\/EMOTET.png\",\"datePublished\":\"2022-03-25T08:32:17+00:00\",\"dateModified\":\"2024-01-03T08:59:41+00:00\",\"description\":\"Informazioni tecniche relative a Malware, Ransomware, strumenti offensivi e tecniche di compromissione.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/fortgale.com\\\/threats\\\/malware\\\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/fortgale.com\\\/threats\\\/malware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/fortgale.com\\\/threats\\\/malware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/fortgale.com\\\/threats\\\/wp-content\\\/uploads\\\/sites\\\/3\\\/2021\\\/10\\\/EMOTET.png\",\"contentUrl\":\"https:\\\/\\\/fortgale.com\\\/threats\\\/wp-content\\\/uploads\\\/sites\\\/3\\\/2021\\\/10\\\/EMOTET.png\",\"width\":1920,\"height\":1080},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/fortgale.com\\\/threats\\\/malware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/fortgale.com\\\/threats\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/fortgale.com\\\/threats\\\/#website\",\"url\":\"https:\\\/\\\/fortgale.com\\\/threats\\\/\",\"name\":\"Fortgale and Cyber Threats\",\"description\":\"Fortgale Threats, ATT&CK, Malware...\",\"publisher\":{\"@id\":\"https:\\\/\\\/fortgale.com\\\/threats\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/fortgale.com\\\/threats\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/fortgale.com\\\/threats\\\/#organization\",\"name\":\"Fortgale\",\"url\":\"https:\\\/\\\/fortgale.com\\\/threats\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/fortgale.com\\\/threats\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/fortgale.com\\\/threats\\\/wp-content\\\/uploads\\\/sites\\\/3\\\/2022\\\/04\\\/logo_blu.png\",\"contentUrl\":\"https:\\\/\\\/fortgale.com\\\/threats\\\/wp-content\\\/uploads\\\/sites\\\/3\\\/2022\\\/04\\\/logo_blu.png\",\"width\":558,\"height\":125,\"caption\":\"Fortgale\"},\"image\":{\"@id\":\"https:\\\/\\\/fortgale.com\\\/threats\\\/#\\\/schema\\\/logo\\\/image\\\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Fortgale and Cyber Threats - Malware","description":"Informazioni tecniche relative a Malware, Ransomware, strumenti offensivi e tecniche di compromissione.","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"it_IT","og_type":"article","og_title":"Fortgale and Cyber Threats - Malware","og_description":"Informazioni tecniche relative a Malware, Ransomware, strumenti offensivi e tecniche di compromissione.","og_url":"https:\/\/fortgale.com\/threats\/malware\/","og_site_name":"Fortgale and Cyber Threats","article_modified_time":"2024-01-03T08:59:41+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/fortgale.com\/threats\/wp-content\/uploads\/sites\/3\/2021\/10\/EMOTET.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Tempo di lettura stimato":"5 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/fortgale.com\/threats\/malware\/","url":"https:\/\/fortgale.com\/threats\/malware\/","name":"Fortgale and Cyber Threats - Malware","isPartOf":{"@id":"https:\/\/fortgale.com\/threats\/#website"},"primaryImageOfPage":{"@id":"https:\/\/fortgale.com\/threats\/malware\/#primaryimage"},"image":{"@id":"https:\/\/fortgale.com\/threats\/malware\/#primaryimage"},"thumbnailUrl":"https:\/\/fortgale.com\/threats\/wp-content\/uploads\/sites\/3\/2021\/10\/EMOTET.png","datePublished":"2022-03-25T08:32:17+00:00","dateModified":"2024-01-03T08:59:41+00:00","description":"Informazioni tecniche relative a Malware, Ransomware, strumenti offensivi e tecniche di compromissione.","breadcrumb":{"@id":"https:\/\/fortgale.com\/threats\/malware\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/fortgale.com\/threats\/malware\/"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/fortgale.com\/threats\/malware\/#primaryimage","url":"https:\/\/fortgale.com\/threats\/wp-content\/uploads\/sites\/3\/2021\/10\/EMOTET.png","contentUrl":"https:\/\/fortgale.com\/threats\/wp-content\/uploads\/sites\/3\/2021\/10\/EMOTET.png","width":1920,"height":1080},{"@type":"BreadcrumbList","@id":"https:\/\/fortgale.com\/threats\/malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/fortgale.com\/threats\/"},{"@type":"ListItem","position":2,"name":"Malware"}]},{"@type":"WebSite","@id":"https:\/\/fortgale.com\/threats\/#website","url":"https:\/\/fortgale.com\/threats\/","name":"Fortgale and Cyber Threats","description":"Fortgale Threats, ATT&CK, Malware...","publisher":{"@id":"https:\/\/fortgale.com\/threats\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/fortgale.com\/threats\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Organization","@id":"https:\/\/fortgale.com\/threats\/#organization","name":"Fortgale","url":"https:\/\/fortgale.com\/threats\/","logo":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/fortgale.com\/threats\/#\/schema\/logo\/image\/","url":"https:\/\/fortgale.com\/threats\/wp-content\/uploads\/sites\/3\/2022\/04\/logo_blu.png","contentUrl":"https:\/\/fortgale.com\/threats\/wp-content\/uploads\/sites\/3\/2022\/04\/logo_blu.png","width":558,"height":125,"caption":"Fortgale"},"image":{"@id":"https:\/\/fortgale.com\/threats\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/fortgale.com\/threats\/wp-json\/wp\/v2\/pages\/600","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fortgale.com\/threats\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/fortgale.com\/threats\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/fortgale.com\/threats\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fortgale.com\/threats\/wp-json\/wp\/v2\/comments?post=600"}],"version-history":[{"count":20,"href":"https:\/\/fortgale.com\/threats\/wp-json\/wp\/v2\/pages\/600\/revisions"}],"predecessor-version":[{"id":3259,"href":"https:\/\/fortgale.com\/threats\/wp-json\/wp\/v2\/pages\/600\/revisions\/3259"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fortgale.com\/threats\/wp-json\/wp\/v2\/media\/625"}],"wp:attachment":[{"href":"https:\/\/fortgale.com\/threats\/wp-json\/wp\/v2\/media?parent=600"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}