November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – Emotet – IOCs
November 9, 2020Rewterz Threat Advisory – CVE-2020-4759 – Multiple IBM Security Vulnerabilities
November 10, 2020Rewterz Threat Alert – Emotet – IOCs
November 9, 2020Rewterz Threat Advisory – CVE-2020-4759 – Multiple IBM Security Vulnerabilities
November 10, 2020
Severity
Medium
Analysis Summary
Researchers have recently discovered a novel way some threat actors are tricking these scanning engines, and this bot avoidance mechanism in particular has been deployed on multiple Office 365 credential phishing websites. Image recognition software is improving and becoming more accurate, this new technique aims to deceive scanning engines by inverting the colors of the image, causing the image hash to differ from the original. This technique can hinder the software’s ability to flag this image altogether.
However, a victim visiting the website would likely recognize that the inverted picture is illegitimate and exit the website. As a result, the threat actor has stored the inverted image and, within the index.php code, has used a CSS method to revert the color of the image to its original state.
Impact
- Credential theft
- Exposure of sensitive data
Indicators of Compromise
MD5
- 6c1b3b26914248fce7bf933de10050dd
- 62ddd263c8a6a4c9074e205b91182d04
SHA-256
- d9288957bd276f9144e1fe321e598b8bab81af20fd36db702d716664a6f7c65d
- 7c10fa25b9ebad3a8d71a19bb2a7a0664df3415a2bfae566aa91beb11ae07b89
- a59ea699d353d00ff2999111f9fa11fb73a47eda7800642609ca230560ea3703
SHA1
- 7f81e7b6b10bd995f687aeb10f1735a7a2376307
- 1b56d11b012dd79dd99212ebb54adcfb60920a9d
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.