Bl4ng3l
@Bl4ng3l
ID:1067500302578999297
27-11-2018 19:28:00
519 Tweets
604 Followers
522 Following
🌊very big waves of😈 #QakBot #Qbot #Malware target (also) #Italy 🇮🇹
➡️urlhaus.abuse.ch/browse/tag/Qak…
🔥c2: pastebin.com/Q8wMY549
James Quinn Gianni Amato James Joe Roosen merlos @Dr_N0b0dyh Bl4ng3l TG Soft Tommy M (TheAnalyst)
#infosec #CyberSecurity #DFIR
![#Malware #Gozi targeting #italy 🇮🇹 using old template pwd protected! doc:app.any.run/tasks/c5acd0ee… dll:app.any.run/tasks/36a2830f… 🔥c2: ystatistics.]com @AgidCert @guelfoweb @merlos1977 @Bl4ng3l @VirITeXplorer @Dr_N0b0dyh @FBussoletti @sugimu_sec @sS55752750 #infosec #CyberSecurity](https://pbs.twimg.com/media/EoTCetoWEAA32Gk.jpg "reecDeep (@reecdeep) on Twitter photo 2020-12-03 07:52:54 #Malware #Gozi targeting #italy 🇮🇹 using old template pwd protected! doc:app.any.run/tasks/c5acd0ee… dll:app.any.run/tasks/36a2830f… 🔥c2: ystatistics.]com @AgidCert @guelfoweb @merlos1977 @Bl4ng3l @VirITeXplorer @Dr_N0b0dyh @FBussoletti @sugimu_sec @sS55752750 #infosec #CyberSecurity")
😈 #Malware #Gozi #Ursnif targets #Italy 🇮🇹 as fake Enel Group invoice
Sollecito di pagamento
⚙️app.any.run/tasks/16198cd4…
dropUrL: hxxps://willeam.org
c2:🔥
santaliny.]org
Cert AgID Gianni Amato merlos lc4m Bl4ng3l TG Soft Francesco Bussoletti
#infosec #CyberSecurity
![😈#Malware #Gozi #Ursnif targets #Italy 🇮🇹 as fake @EnelGroupIT invoice Sollecito di pagamento ⚙️app.any.run/tasks/16198cd4… dropUrL: hxxps://willeam.org c2:🔥 santaliny.]org @AgidCert @guelfoweb @merlos1977 @luc4m @Bl4ng3l @VirITeXplorer @FBussoletti #infosec #CyberSecurity](https://pbs.twimg.com/media/EmdBzuBXcAA9g82.jpg "reecDeep (@reecdeep) on Twitter photo 2020-11-10 09:58:33 😈#Malware #Gozi #Ursnif targets #Italy 🇮🇹 as fake @EnelGroupIT invoice Sollecito di pagamento ⚙️app.any.run/tasks/16198cd4… dropUrL: hxxps://willeam.org c2:🔥 santaliny.]org @AgidCert @guelfoweb @merlos1977 @luc4m @Bl4ng3l @VirITeXplorer @FBussoletti #infosec #CyberSecurity")
#Malware #Gozi #Ursnif back again targeting #Italy 🇮🇹
h/t moto_sato
⚙️app.any.run/tasks/66bb7564…
🔥
hxxp://agentsystems.cyou/opzionalla.dll
statwindows.]com
Cert AgID Gianni Amato merlos Matteo Lodi lc4m Bl4ng3l TG Soft Francesco Bussoletti
#infosec #CyberSecurity
![#Malware #Gozi #Ursnif back again targeting #Italy 🇮🇹 h/t @58_158_177_102 ⚙️app.any.run/tasks/66bb7564… 🔥 hxxp://agentsystems.cyou/opzionalla.dll statwindows.]com @AgidCert @guelfoweb @merlos1977 @matte_lodi @luc4m @Bl4ng3l @VirITeXplorer @FBussoletti #infosec #CyberSecurity](https://pbs.twimg.com/media/EmXcf2AXMAEhDPa.png "reecDeep (@reecdeep) on Twitter photo 2020-11-09 08:02:46 #Malware #Gozi #Ursnif back again targeting #Italy 🇮🇹 h/t @58_158_177_102 ⚙️app.any.run/tasks/66bb7564… 🔥 hxxp://agentsystems.cyou/opzionalla.dll statwindows.]com @AgidCert @guelfoweb @merlos1977 @matte_lodi @luc4m @Bl4ng3l @VirITeXplorer @FBussoletti #infosec #CyberSecurity")
#Malware #AgentTesla targets #Italy 🇮🇹
💉RegAsm
⚙️app.any.run/tasks/0e01d981…
🔥
mail.ebop.]website
Cert AgID Gianni Amato merlos Matteo Lodi lc4m Bl4ng3l TG Soft Francesco Bussoletti
#infosec #CyberSecurity
![#Malware #AgentTesla targets #Italy 🇮🇹 💉RegAsm ⚙️app.any.run/tasks/0e01d981… 🔥 mail.ebop.]website @AgidCert @guelfoweb @merlos1977 @matte_lodi @luc4m @Bl4ng3l @VirITeXplorer @FBussoletti #infosec #CyberSecurity](https://pbs.twimg.com/media/EmXgjXUXUAEjLTB.jpg "reecDeep (@reecdeep) on Twitter photo 2020-11-09 08:29:41 #Malware #AgentTesla targets #Italy 🇮🇹 💉RegAsm ⚙️app.any.run/tasks/0e01d981… 🔥 mail.ebop.]website @AgidCert @guelfoweb @merlos1977 @matte_lodi @luc4m @Bl4ng3l @VirITeXplorer @FBussoletti #infosec #CyberSecurity")
😈 #Remcos #Malware #Keylogger targeting #Italy 🇮🇹
'Ciao buon giorno'
app.any.run/tasks/9de16759…
c2🔥 uzbektourism8739.ddns.[net
Cert AgID Gianni Amato hiddenaccount merlos CSIRT Italia Bl4ng3l TG Soft Francesco Bussoletti moto_sato sugimu
#infosec #CyberSecurity
😈 #Malware #MassLogger targets #Italy 🇮🇹
'MOU Conditions'
R19 > CHM > PS > RegAsm
🔥
hxxp://optovision.gr/4B.jpg
med-star.]gr
⚙️app.any.run/tasks/61a8f81c…
Gianni Amato Cert AgID merlos Matteo Lodi lc4m @Dr_N0b0dyh Bl4ng3l TG Soft CSIRT Italia
Francesco Bussoletti
#infosec
😈 #Malware #QRAT targeting #Italy 🇮🇹
'In allegato una ricevuta della transazione'
JAR > JS
🔥francis77.hopto[.org
⚙️app.any.run/tasks/4eb04a88…
Gianni Amato Cert AgID merlos Matteo Lodi lc4m @Dr_N0b0dyh Bl4ng3l TG Soft CSIRT Italia Francesco Bussoletti
#infosec #CyberSecurity
#Phobos ransomware targeting #Italy
2EFF58738B5A7717A3FCDF7A4171C6FA18492BC200EDDC26BF608FA35D28466E
technopc[at]protonmail[.com
technopc[at]tuta[.io
Sample: app.any.run/tasks/a3652d12…
h/t Ludovico Loreti
cc lc4m CSIRT Italia reecDeep Bl4ng3l Pierluigi Paganini - Security Affairs Francesco Bussoletti
![#Phobos ransomware targeting #Italy 2EFF58738B5A7717A3FCDF7A4171C6FA18492BC200EDDC26BF608FA35D28466E technopc[at]protonmail[.com technopc[at]tuta[.io Sample: app.any.run/tasks/a3652d12… h/t @LudovicoLoreti cc @luc4m @csirt_it @reecdeep @Bl4ng3l @securityaffairs @FBussoletti](https://pbs.twimg.com/media/EjHQKvIXcAUzMSH.png "Luigi Martire (@luigi_martire94) on Twitter photo 2020-09-29 21:42:08 #Phobos ransomware targeting #Italy 2EFF58738B5A7717A3FCDF7A4171C6FA18492BC200EDDC26BF608FA35D28466E technopc[at]protonmail[.com technopc[at]tuta[.io Sample: app.any.run/tasks/a3652d12… h/t @LudovicoLoreti cc @luc4m @csirt_it @reecdeep @Bl4ng3l @securityaffairs @FBussoletti")
#OSTAP #ITA 🇮🇹 2020-09-28
Campagna: 'Fattura n. '
DOC: 45DFEB37B180D81BA5FBB5518DD94727
JSE: 9E4A5826A1A1CF37B3027322A8E74486
C2: https://188.116.36.]143
moto_sato CSIRT Italia Cert AgID Gianni Amato Frost Bl4ng3l Andrea De Pasquale
![#OSTAP #ITA 🇮🇹 2020-09-28 Campagna: 'Fattura n. ' DOC: 45DFEB37B180D81BA5FBB5518DD94727 JSE: 9E4A5826A1A1CF37B3027322A8E74486 C2: https://188.116.36.]143 @58_158_177_102 @csirt_it @AgidCert @guelfoweb @fr0s7_ @Bl4ng3l @a_de_pasquale](https://pbs.twimg.com/media/EjA1z_uWoAIZUiA.jpg "TG Soft (@VirITeXplorer) on Twitter photo 2020-09-28 15:47:03 #OSTAP #ITA 🇮🇹 2020-09-28 Campagna: 'Fattura n. ' DOC: 45DFEB37B180D81BA5FBB5518DD94727 JSE: 9E4A5826A1A1CF37B3027322A8E74486 C2: https://188.116.36.]143 @58_158_177_102 @csirt_it @AgidCert @guelfoweb @fr0s7_ @Bl4ng3l @a_de_pasquale")
#Malware #Masslogger targeting #Italy 🇮🇹 from JS script
'doc20200916XXXXXX.R04'
where X={0,9}
app.any.run/tasks/84635b86…
1⃣ hxxp://gsbc.gr/F12.jpg
🔥nankasa[.com[.ar
CSIRT Italia Gianni Amato TG Soft merlos Matteo Lodi lc4m Bl4ng3l Francesco Bussoletti
#infosec #CyberSecurity
⚠️malicious #VBS targets #Italy 🇮🇹
#SLoad #Malware
'Allegato_doc_XXXXXXXXXXX.7z'
s://sapphireloading.com/sal/XXXXXXXXXXX/it.css
c2🔥
uykjhfgn.]eu ,cvbyti.]eu
CSIRT Italia Gianni Amato TG Soft Matteo Lodi D3Lab Antelox Francesco Bussoletti merlos
#infosec #CyberSecurity
![⚠️malicious #VBS targets #Italy 🇮🇹 #SLoad #Malware 'Allegato_doc_XXXXXXXXXXX.7z' s://sapphireloading.com/sal/XXXXXXXXXXX/it.css c2🔥 uykjhfgn.]eu ,cvbyti.]eu @csirt_it @guelfoweb @VirITeXplorer @matte_lodi @D3LabIT @Antelox @FBussoletti @merlos1977 #infosec #CyberSecurity](https://pbs.twimg.com/media/Eh22PNwWoAEBwFy.png "reecDeep (@reecdeep) on Twitter photo 2020-09-14 06:55:53 ⚠️malicious #VBS targets #Italy 🇮🇹 #SLoad #Malware 'Allegato_doc_XXXXXXXXXXX.7z' s://sapphireloading.com/sal/XXXXXXXXXXX/it.css c2🔥 uykjhfgn.]eu ,cvbyti.]eu @csirt_it @guelfoweb @VirITeXplorer @matte_lodi @D3LabIT @Antelox @FBussoletti @merlos1977 #infosec #CyberSecurity")
New #malspam #sexstortion campaign 🇮🇹. Crooks try to blackmail Italian victims to pay 1000$ ..
reecDeep illegalFawn
James
abuse.ch Paul Melson Antelox Artilllerie ☣ James Quinn ⛧ɉªɳ ҎʘΰⱠᶊᶓא⛧🇺🇦 marc ochsenmeier
🐁 #Netwire #Malware RAT from #malspam
15 mins run: app.any.run/tasks/b2a10fd5…
🔥c2: owo.myftp.[biz:3990 (161.129[.65.142)
Brad James ExecuteMalware Malware Patrol Suspicious Link Frost Herbie Zimmerman Racco42 Bl4ng3l
#infosec #CyberSecurity