Rewterz Threat Alert – Egregor Ransomware – IoCs
October 23, 2020Rewterz Threat Alert – Russian State-Sponsored Advanced Persistent Threat Actors
October 23, 2020Rewterz Threat Alert – Egregor Ransomware – IoCs
October 23, 2020Rewterz Threat Alert – Russian State-Sponsored Advanced Persistent Threat Actors
October 23, 2020Severity
Medium
Analysis Summary
A new squatting campaign is detected in which threat actors target victims using Microsoft squatting domains, in order to compromise their login credentials. The campaign has a global scope assumingly luring users into giving away their login credentials, and mostly targeting users from the Media industry.
Impact
Credential Theft
Indicators of Compromise
Domain Name
- auth-secureoffice365[.]com
- auth-secure-office365[.]com
- auth-0ffice365[.]com
Remediation
- Block the threat indicators at their respective controls.
- Double check a domain name before entering credentials on any site.
- Enable multifactor authentication.