yoroi.company
Open in
urlscan Pro
2a06:98c1:3120::c
Public Scan
Submitted URL: https://t.co/3yyykFMc1R?amp=1
Effective URL: https://yoroi.company/warning/nuove-operazioni-di-attacco-gootkit/
Submission Tags: falconsandbox
Submission: On February 09 via api from US — Scanned from DE
Effective URL: https://yoroi.company/warning/nuove-operazioni-di-attacco-gootkit/
Submission Tags: falconsandbox
Submission: On February 09 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
POST /warning/nuove-operazioni-di-attacco-gootkit/#wpcf7-f223-o1
<form action="/warning/nuove-operazioni-di-attacco-gootkit/#wpcf7-f223-o1" method="post" class="wpcf7-form init" novalidate="novalidate" data-status="init">
<div style="display: none;">
<input type="hidden" name="_wpcf7" value="223">
<input type="hidden" name="_wpcf7_version" value="5.5.2">
<input type="hidden" name="_wpcf7_locale" value="en_US">
<input type="hidden" name="_wpcf7_unit_tag" value="wpcf7-f223-o1">
<input type="hidden" name="_wpcf7_container_post" value="0">
<input type="hidden" name="_wpcf7_posted_data_hash" value="">
<input type="hidden" name="_wpcf7_recaptcha_response"
value="03AFY_a8Vy_cp_BVauQ1h_gvw2LOtCWh0U4IuYmkYbNXscw1rQDw5zz-OTz_Nfu4yyvUo3U53hEGXEFpSz2OaXE-FUq_m0ULXiMrTOmdPnfSNH4SQO3f6ZkuaJP2VAaC76asDyPDOygxTyF5zgKqMr7LdocU1QxQGmy4ZSK3sefZ_Yn7LQM0gEgtO-JMCoqdKLDJKQqOaeGazhkXwGZnKxqHXdSSZbecxPbQLzYssO7J2TCGuqjN6coHnBS9IY1P7cFn7pmViGRw800frvXwggd-FOREsouTKRktCQ2fxmJuhcb6bpG5Y9DWGLIUBynNfWZOjFkmvB0IdYxa5lduQDi3FIWK-nC961FTp6cvHkDYGAPZCsHsFeCXl6_-THrGCFBrUmOBZohto9DZwJFXODAYLIgrxVZZ0Sb_ONJU7Fw35Bq-M3859DV0QF3uTstJcj5TqRuj3aBeAAo9EaK3SmOYbdH6oeXRf6dBWYa3BrDT0TjKjRMA7ZpXVNbWWjQbyLxNdM1pkUY0O_fufMkMu2QUdw74rZ1EbS8w">
</div>
<div class="form__field">
<label class="form__label">Name *</label><br>
<span class="wpcf7-form-control-wrap warning-name"><input type="text" name="warning-name" value="" size="40" class="wpcf7-form-control wpcf7-text wpcf7-validates-as-required form__input" aria-required="true" aria-invalid="false"></span>
</div>
<div class="form__field">
<label class="form__label">Last Name *</label><br>
<span class="wpcf7-form-control-wrap warning-lastname"><input type="text" name="warning-lastname" value="" size="40" class="wpcf7-form-control wpcf7-text wpcf7-validates-as-required form__input" aria-required="true" aria-invalid="false"></span>
</div>
<div class="form__field">
<label class="form__label">Company *</label><br>
<span class="wpcf7-form-control-wrap warning-company"><input type="text" name="warning-company" value="" size="40" class="wpcf7-form-control wpcf7-text wpcf7-validates-as-required form__input" aria-required="true" aria-invalid="false"></span>
</div>
<div class="form__field">
<label class="form__label">Email *</label><br>
<span class="wpcf7-form-control-wrap warning-email"><input type="email" name="warning-email" value="" size="40" class="wpcf7-form-control wpcf7-text wpcf7-email wpcf7-validates-as-required wpcf7-validates-as-email form__input"
aria-required="true" aria-invalid="false"></span>
</div>
<div class="form__field">
<label class="form__label">Details</label><br>
<span class="wpcf7-form-control-wrap warning-textarea"><textarea name="warning-textarea" cols="40" rows="10" class="wpcf7-form-control wpcf7-textarea form__input" aria-invalid="false"></textarea></span>
</div>
<div class="form__field">
<label class="form__terms"><br>
<span class="wpcf7-form-control-wrap warning-acceptance"><span class="wpcf7-form-control wpcf7-acceptance"><span class="wpcf7-list-item"><input type="checkbox" name="warning-acceptance" value="1" aria-invalid="false"
class="form__checkbok"></span></span></span><br>
<span>Dichiaro di aver letto e compreso l’<a href="https://yoroi.company/privacy-policy/" target="_blank">informativa privacy</a> resa ai sensi dell’art. 13 e autorizzo il Titolare del trattamento alla raccolta dei miei dati personali secondo
le modalità e per le finalità ivi descritte.<span><br>
</span></span></label>
</div>
<div class="form__field">
<label class="form__terms"><br>
<span class="wpcf7-form-control-wrap warning-acceptance-commercial"><span class="wpcf7-form-control wpcf7-acceptance optional"><span class="wpcf7-list-item"><input type="checkbox" name="warning-acceptance-commercial" value="1"
aria-invalid="false" class="form__checkbok"></span></span></span><br>
<span>Autorizzo il Titolare del trattamento alla raccolta dei miei dati personali secondo le modalità descritte nell’<a href="https://yoroi.company/privacy-policy/" target="_blank">informativa privacy</a> per l’invio di comunicazioni
commerciali e/o promozionali anche tramite l’invio di newsletter<span><br>
</span></span></label>
</div>
<input type="hidden" name="list" value="6" class="wpcf7-form-control wpcf7-hidden">
<input type="hidden" name="apgroup" value="52" class="wpcf7-form-control wpcf7-hidden">
<input type="hidden" name="origin" value="early-warning" class="wpcf7-form-control wpcf7-hidden">
<div class="form__field">
<input type="submit" value="Send" class="wpcf7-form-control has-spinner wpcf7-submit form__submit button button--redshadow" disabled=""><span class="wpcf7-spinner"></span>
</div>
<div class="wpcf7-response-output" aria-hidden="true"></div>
</form>Text Content
menu-it
* Defence center
* Solutions
Back
Solutions
* Before Attack
Back
Before Attack
* Technologies
Back
Technologies
* Threat intelligence
* DNS Defence
* Kanwa
* Genku
* Digital Surveillance
* Services
Back
Services
* Infrastructure & Systems compliance
* Scam Protection
* SCADA Security
* Early Warning
* Wi-Fi Infrastructure Assessment
* Vulnerability Assessment
* Adversarial Simulation
* Threat Hunting
* SIEM management
* Security Infrastructure Assessment (SIA)
* Penetration Testing
* During Attack
Back
During Attack
* Technologies
Back
Technologies
* Threat intelligence
* Kanwa
* Yomi
* Email Protection
* Services
Back
Services
* IRT (Incident Response Team)
* Managed Advanced Threat Protection
* KickBack Attack
* After Attack
Back
After Attack
* Technologies
Back
Technologies
* Threat intelligence
* Kanwa
* Services
Back
Services
* Wi-Fi Infrastructure Assessment
* Threat Hunting
* Blogs
Back
Blogs
* Yoroi Blog
* Marco Ramilli Blog
* Home
* Downloads
* About us
mobile-menu-eng
* Home
* Defence center
* Threat intelligence
* Solutions
Solutions
* Before Attack
Before Attack
* Technologies
Technologies
* Threat intelligence
* DNS Defence
* Kanwa
* Genku
* Digital Surveillance
Back
* Services
Services
* Infrastructure & Systems compliance
* Scam Protection
* SCADA Security
* Early Warning
* Wi-Fi Infrastructure Assessment
* Vulnerability Assessment
* Adversarial Simulation
* Threat Hunting
* SIEM management
* Security Infrastructure Assessment (SIA)
* Penetration Testing
Back
Back
* During Attack
During Attack
* Technologies
Technologies
* Threat intelligence
* Kanwa
* Yomi
* Email Protection
Back
* Services
Services
* IRT (Incident Response Team)
* Managed Advanced Threat Protection
* KickBack Attack
Back
Back
* After Attack
After Attack
* Technologies
Technologies
* Threat intelligence
* Kanwa
Back
* Services
Services
* Wi-Fi Infrastructure Assessment
* Threat Hunting
Back
Back
Back
* Blogs
Blogs
* Yoroi Blog
* Marco Ramilli Blog
Back
* Downloads
* About us
* Contacts
* English
English
* Italiano
Back
© 2020 credits: SimpleNetworks
* Home
* Defence center
* Threat intelligence
* Solutions
* Before Attack
* Technologies
* Threat intelligence
* DNS Defence
* Kanwa
* Genku
* Digital Surveillance
* Services
* Infrastructure & Systems compliance
* Scam Protection
* SCADA Security
* Early Warning
* Wi-Fi Infrastructure Assessment
* Vulnerability Assessment
* Adversarial Simulation
* Threat Hunting
* SIEM management
* Security Infrastructure Assessment (SIA)
* Penetration Testing
* During Attack
* Technologies
* Threat intelligence
* Kanwa
* Yomi
* Email Protection
* Services
* IRT (Incident Response Team)
* Managed Advanced Threat Protection
* KickBack Attack
* After Attack
* Technologies
* Threat intelligence
* Kanwa
* Services
* Wi-Fi Infrastructure Assessment
* Threat Hunting
* Blogs
* Yoroi Blog
* Marco Ramilli Blog
* Downloads
* About us
* Contacts
* English
* Italiano
NUOVE OPERAZIONI DI ATTACCO GOOTKIT
09/17/2019
Proto: N050919.
Con la presente Yoroi desidera informarLa riguardo al rilevamento di una nuova
campagna di attacco diretta ad Aziende ed Utenti italiani. Gli attacchi mirano a
compromettere gli utenti bersaglio con impianti malware della famiglia Gootkit
(TH-106). La minaccia è in grado di dare accesso remoto agli attaccanti,
intercettare ed alterare il traffico di navigazione utente verso alcuni dei
principali portali di bancari italiani e francesi. Sono infatti stati trovati
riferimenti a gruppi quali Unicredit, In-Bank, Cedacri, Intesa Sanpaolo, Groupe
Banque Populaire, Poste Italiane, Crédit Agricole, CariParma, Crédit Coopératif,
BNP Paribas, Caisse D'Epargne, Banco BPM e Raiffeisen all’interno delle
configurazioni del malware.
Di seguito si riportano gli indicatori di compromissione collezionati durante le
analisi:
* Dropurl:
* hxxps:// itp.surfpapara[.com/b807112.bin
* itp.surfpapara[.com
* C2 (gootkit):
* hxxps:// web.mavensd[.org/200
* web.mavensd[.org
* cdn.areascans[.com
* WebInject:
* 185.141.27[.101
* Hash:
* 67a96b2a5657bf39971c50e1b0e7f08f742b62bb1dffe45398298806d2e9fdba vbs
* c18c2e2636ebf84eec95f59b16c3091d02d57ac9f1b9d79fb61e160fb1a32a73 exe
Yoroi consiglia infine di mantenere alto il livello di consapevolezza degli
utenti, avvisandoli periodicamente delle minacce in corso e di utilizzare un
team di esperti per salvaguardare la sicurezza del perimetro "cyber". Per avere
un indice di minaccia in tempo reale si consiglia di visitare il seguente link:
Yoroi Cyber Security Index
SEAT
Yoroi S.r.l.
Piazza Sallustio, 9
00187 Roma (RM)
CONTACT
info@yoroi.company+39 051 0301005
LEGAL
Terms & ConditionsMOG D.Lgs 231/01Privacy PolicyCookie Policy
WARNING SYSTEM
Subscribe to our early warning systemDownloadsNews
SOCIAL
P.IVA. 03407741200 - R.E.A. RM 1559639 - Codice Fiscale 03407741200 - Capitale
Sociale: Euro 100.000 IV
Yoroi S.r.l. società soggetta ad attività di direzione e coordinamento
esercitata dalla Tinexta S.p.A.
credits: SimpleNetworks
×
SUBSCRIBE TO OUR EARLY WARNING SYSTEM
Name *
Last Name *
Company *
Email *
Details
Dichiaro di aver letto e compreso l’informativa privacy resa ai sensi dell’art.
13 e autorizzo il Titolare del trattamento alla raccolta dei miei dati personali
secondo le modalità e per le finalità ivi descritte.
Autorizzo il Titolare del trattamento alla raccolta dei miei dati personali
secondo le modalità descritte nell’informativa privacy per l’invio di
comunicazioni commerciali e/o promozionali anche tramite l’invio di newsletter
Questo sito, come la maggior parte dei siti web, utilizza cookie, anche di terze
parti, per migliorare la tua esperienza di navigazione e raccogliere
informazioni sull'utilizzo del sito stesso. Cliccando su "Accetta tutti" ti
dichiari d'accordo all'utilizzo di cookie analitici (che ci aiutano a capire in
che modo gli utenti usano il sito e come migliorarlo, insieme ai nostri servizi)
e di tracciamento (inclusi quelli di nostri partner di fiducia) che ci aiutano a
decidere quali prodotti mostrarti, a misurare il volume di visite sul nostro
sito e a darti la possibilità di mettere "mi piace" e di condividere contenuti
direttamente sui social media. Clicca qui per vedere a cosa hai dato il tuo
consenso e trovare più informazioni sui cookie che utilizziamo.
Read MoreGestisci ImpostazioniRifiuta TuttiAccetta tutti
Manage consent
Close
PRIVACY OVERVIEW
Questo sito, come la maggior parte dei siti web, utilizza cookie, anche di terze
parti, per migliorare la tua esperienza di navigazione e raccogliere
informazioni sull'utilizzo del sito stesso.
Necessary
Necessary
Always Enabled
I cookie funzionali contribuiscono al buon funzionamento del nostro sito e ti
permettono di creare un account, accedere e gestire le tue prenotazioni. Questi
cookie ricordano la lingua e la valuta che hai selezionato, le tue ricerche
passate e altre preferenze. Si tratta di cookie tecnici che devono essere
attivati per poter utilizzare il nostro sito e i nostri servizi.
CookieDurationDescription_GRECAPTCHA5 months 27 daysThis cookie is set by the
Google recaptcha service to identify bots to protect the website against
malicious spam attacks.cookielawinfo-checkbox-advertisement1 yearSet by the GDPR
Cookie Consent plugin, this cookie is used to record the user consent for the
cookies in the "Advertisement" category .cookielawinfo-checkbox-analytics11
monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to
store the user consent for the cookies in the category
"Analytics".cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR
cookie consent to record the user consent for the cookies in the category
"Functional".cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR
Cookie Consent plugin. The cookies is used to store the user consent for the
cookies in the category "Necessary".cookielawinfo-checkbox-others11 monthsThis
cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the
user consent for the cookies in the category
"Other.cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR
Cookie Consent plugin. The cookie is used to store the user consent for the
cookies in the category "Performance".pll_language1 yearThe pll _language cookie
is used by Polylang to remember the language selected by the user when returning
to the website, and also to get the language information when not available in
another way.viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie
Consent plugin and is used to store whether or not user has consented to the use
of cookies. It does not store any personal data.
Performance
Performance
Performance cookies are used to understand and analyze the key performance
indexes of the website which helps in delivering a better user experience for
the visitors.
Analytics
Analytics
I cookie analitici ci aiutano a capire in che modo i clienti come te utilizzano
questo sito. In questo modo possiamo migliorare il sito, le app e le
comunicazioni e assicurarci di offrire sempre contenuti interessanti e
rilevanti.
CookieDurationDescription_ga2 yearsThe _ga cookie, installed by Google
Analytics, calculates visitor, session and campaign data and also keeps track of
site usage for the site's analytics report. The cookie stores information
anonymously and assigns a randomly generated number to recognize unique
visitors._gat_gtag_UA_209986505_11 minuteSet by Google to distinguish
users._gid1 dayInstalled by Google Analytics, _gid cookie stores information on
how visitors use a website, while also creating an analytics report of the
website's performance. Some of the data that are collected include the number of
visitors, their source, and the pages they visit anonymously.CONSENT2
yearsYouTube sets this cookie via embedded youtube-videos and registers
anonymous statistical data.
Marketing
Marketing
Questo sito e i nostri partner di fiducia usano cookie di terze parti per
mostrare messaggi pubblicitari personalizzati su questo sito e su altri siti in
base alla tua cronologia di navigazione. Questi cookie vengono usati per
integrare i social media sul nostro sito, in modo che tu possa mettere "mi
piace" sulle nostre pagine o sui nostri prodotti e condividerli sui social.
CookieDurationDescriptionVISITOR_INFO1_LIVE5 months 27 daysA cookie set by
YouTube to measure bandwidth that determines whether the user gets the new or
old player interface.YSCsessionYSC cookie is set by Youtube and is used to track
the views of embedded videos on Youtube
pages.yt-remote-connected-devicesneverYouTube sets this cookie to store the
video preferences of the user using embedded YouTube
video.yt-remote-device-idneverYouTube sets this cookie to store the video
preferences of the user using embedded YouTube
video.yt.innertube::nextIdneverThis cookie, set by YouTube, registers a unique
ID to store data on what videos from YouTube the user has
seen.yt.innertube::requestsneverThis cookie, set by YouTube, registers a unique
ID to store data on what videos from YouTube the user has seen.
Others
Others
Other uncategorized cookies are those that are being analyzed and have not been
classified into a category as yet.
SAVE & ACCEPT
Powered by
linkedin facebook pinterest youtube rss twitter instagram facebook-blank
rss-blank linkedin-blank pinterest youtube twitter instagram