Rewterz Threat Alert – PowDesk Malware – IoCs

Tuesday, January 14, 2020

Severity

High

Analysis Summary

PowDesk is a simple, PowerShell-based malware targeting hosts that run LANDesk Management Agent. This malware shares similarities with APT34 (known as OilRig and HelixKitten) group’s previously reported malware named QUADAGENT. however PowDesk itself appears to be completely new. This malware is compatible with both 32-bit and 64-bit systems and exfiltrates the infected computer’s name through a PHP page stored at the C&C server. After analyzing the malware’s behavior.

Impact

Exposure of sensitive information

Indicators of Compromise

SHA-256

  • 8406ca490c60ec41569b35f31f1860ff4663bba44d1daac64760ecdfe694203d

URL

  • http://lcepos.com/php/reclaimlandesk.php

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.

Data Sheets

Corporate Brochure


Our Story


Services


Solutions


Managed Security


Upcoming Rewterz Trainings/Events

Rewterz News

  • 17, February 2020 Rewterz Threat Alert – Satan ransomware rebrands as 5ss5c ransomware
  • 20, January 2020 Rewterz Threat Alert – Iranian APT Group “MuddyWater” Resurfaces
  • 20, January 2020 Rewterz Threat Alert – STOP (djvu) Ransomware Actively Spread
  • 20, January 2020 Rewterz Threat Advisory – Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Copyright © Rewterz. All rights reserved.