Rewterz Threat Alert – Indicators of Compomise for Trickbot Qakbot Emotet

Tuesday, March 5, 2019

Severity: Medium

Analysis Summary

Following are the threat indicators that are being sent to users through different phishing campaigns and dropping malicious url’s.

Impact

  • Trickbot
  • Qakbot
  • Emotet

Indicators of Compromise

URLs

  • piano[.]donjuanbands[.]com
  • coo11felicitaa[.]com
  • desaercsed[.]fun
  • ssenis[.]fun
  • prorogues[.]pw
  • decretery[.]host
  • ygrenevresed[.]fun
  • store[.]ku4sd[.]com
  • microsofi[.]org
  • mci[.]a7c7ac3[.]info
  • config[.]mars[.]baofeng[.]net
  • gl[.]immereeako[.]info
  • mmgstjenifer[.]company
  • soft[.]doyo[.]cn
  • stronour[.]host

Email Subject

WE DISC0NNECT Y0U

Notice concerning your Account

Remediation

  • Block threat indicators at your respective controls.
  • Always be suspicious of the emails sent by the users that are not known.
  • Never click on the links/attachments sent by the users that are unknown.

Data Sheets

Corporate Brochure


Our Story


Services


Solutions


Managed Security


Upcoming Rewterz Trainings/Events

Rewterz News

  • 2, May 2019 Rewterz Threat Advisory – CVE-2019-2725 – WebLogic Server Vulnerability
  • 11, April 2019 Rewterz threat Advisory – Microsoft Internet Explorer Multiple Vulnerabilities
  • 11, April 2019 Rewterz Threat Advisory – Microsoft SharePoint Multiple Products Multiple Script Insertion Vulnerabilities
  • 11, April 2019 Rewterz Threat Advisory – Microsoft Exchange Server OWA Multiple Spoofing Vulnerabilities

Copyright © Rewterz. All rights reserved.