Rewterz Threat Alert – XLS HTML Phishing Campaign – Active IOCs
August 16, 2021Rewterz Threat Alert –Phobos Ransomware – Active IOCs
August 16, 2021Rewterz Threat Alert – XLS HTML Phishing Campaign – Active IOCs
August 16, 2021Rewterz Threat Alert –Phobos Ransomware – Active IOCs
August 16, 2021Severity
High
Analysis Summary
ProtonVPN is the latest vendor in a list of cybersecurity software providers that have had their names abused by threat actors in order to spread malware.There is an ongoing campaign to trick customers to access a cloned site for ProtonVPN and download a fake installer instead of legitimate software.
Impact
- Credential Theft
- Data Encryption
- Unauthorized Access
Indicators of Compromise
IP
- 68[.]183[.]222[.]4
MD5
- b2cdc95b3cf3086d6ddb44661c3a82fe
- 73c28c781d7305acdff908fad795f7b8
SHA-256
- 45db8949527cc2cc123a09dc475099f5be409e95add854b0c9b166e1249b3371
- 58451e8b528cc0b052070d2b0837a3d9fb80892517ba94f5196b2d63e63f1d52
SHA-1
- f013f1029071dac5b250c15b5afec3346df84310
- f4e9bf4e8aa94b11d8d1a9c0e6455b2e2134c93c
URL
- http[:]//68[.]183[.]222[.]4
- http[:]//freeprotonvpn[.]com
Remediation
- Block all threat indicators at their respective controls
- Search for IOCs in your environment.