• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – A Second Sample of the Shamoon V3 Wiper
December 19, 2018
Rewterz Threat Advisory – CVE-2018-8653 – Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
December 20, 2018

Rewterz Threat Advisory – Malware Controlled Through Command-containing memes on Twitter

December 19, 2018

SEVERITY: Medium

 

CATEGORY: Informative Updates

 

ANALYSIS SUMMARY

 

A set of commands have been retrieved from memes posted on a hacker-controlled Twitter account, containing malware controlled by hackers. The new threat is detected as (TROJAN.MSIL.BERBOMTHUM.AA), a malicious Trojan received via legitimate service of Twitter. The BERBOMTHUM malware checks the Twitter account used by the attackers, downloads and scans meme files, and extracts the commands they include.

 

 

 

Attackers hid the “/print” command in the memes, which allows them to take screenshots of the infected machine and send them back to a C&C server whose address is obtained through a hard-coded URL on pastebin.com. Following commands were retrieved from the memes.

 

Commands

/print (Screen capture)

/processos (Retrieve list of running processes)

/clip (Capture clipboard content)

/username (Retrieve username from infected machine)

/docs (Retrieve filenames from a predefined path such as (desktop, %AppData% etc.))

The malware can only be disabled by deletion of the malicious Twitter account.

 

 

IMPACT

 

Command execution on target device.

 

 

AFFECTED PRODUCTS

 

Twitter

 

REMEDIATION 

 

Do not download or click on attachments or links that are unexpected and do not seem to be coming from legitimate and verified sources.

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.