Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
May 28, 2021Rewterz Threat Intel – Active IOCs – Continuous Exploitation of Fortinet FortiOS Vulnerabilities
May 28, 2021Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
May 28, 2021Rewterz Threat Intel – Active IOCs – Continuous Exploitation of Fortinet FortiOS Vulnerabilities
May 28, 2021Severity
Medium
Analysis Summary
The beginning of the pandemic brought with itself chaos, panic, and fear, but also brought plentiful opportunities for cybercriminals to take advantage of this mania for financial gain. Phishing attacks became the leading cyber-threat since the beginning of 2020 and COVID-19 has become the most exploitable resource for these threat actors.
COVID-19 themed topics include personal protection equipment (PPE), COVID testing, government stimulus programs, prevention via vaccines, vaccine distribution, and treatment using pharmaceutical drugs. Attack schemes also include phishing for employees’ credentials in drug companies and pharmaceutical research and production companies.
As vaccines roll out, phishing attacks will also increase in frequency and the phishing theme would be to exploit the vaccine distribution.
Impact
- Successful phishing attacks lead to information disclosure. This may directly impact businesses and individuals because data leakages affect both the reputation of the company and the safety of the individual.
- Threat actors may take advantage of the data breach or malware infestation for financial and ideological gain.
Indicators of Compromise
Source IP
- 3[.]235[.]73[.]92
- 211[.]115[.]73[.]187
- 23[.]95[.]102[.]209
- 185[.]253[.]212[.]22
URL
- http[:]//zoominceinvite[.]s3[.]amazonaws[.]com/invitezoom08[.]html
- https[:]//us02web[.]zoom[.]us/
- https[:]//zoommeetinactivation[.]web[.]app/
- http[:]//hellos[.]tcp4[.]me/Standard-Bank-Online-Relief-Funds-UCount-onlinebanking[.]standardbank[.]co[.]za-directhttps[:]//covid-19-benefit[.]cabanova[.]com/
- https[:]//mobile[.]twitter[.]com/
- http[:]//jyhhospitaljp[.]com/
- http[:]//zoom-free1[.]com/
- http[:]//incoming[.]zoomcallrequest[.]org/
- http[:]//abccoronavirus[.]online/
- http[:]//maskacoronavirus[.]online/
- http[:]//covid19-veklury[.]top/
Remediation
- Ensuring that the latest patches are installed and anti-virus software configured accurately.
- Creating whitelists.
- Exercise healthy internet habits. For instance, practice caution while opening attachments and links.
- Double-checking the security certificates, URLs, and signatures of each website before inputting your sensitive information.