• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2021-42717 – F5 NGINX ModSecurity WAF
December 7, 2021
Rewterz Threat Alert – RedLine Stealer – Active IOCs
December 7, 2021

Rewterz Threat Advisory – TA505 Targeting Financial Sector

December 7, 2021

Severity

High

Analysis Summary

Threat actor TA505 has been seen targeting financial sectors with the help of the backdoor MirrorBlast. The malware is delivered via phishing email which contains a malicious link and a weaponized excel document. The malware seem to have very low detection due to its lightweight macro embedded in its Excel files which makes it even harder to detect the malware. The current campaign has made early inroads from September and started to push their targets from South American region to different continents. Recent activity suggests that the campaign has shifted their targets to North America and have been targeting financial sector in that region.

Impact

  • Information theft
  • Exposure of sensitive data
  • Financial loss

Indicators of Compromise

IP

  • 45[.]142[.]213[.]139
  • 195[.]123[.]246[.]14
  • 45[.]129[.]137[.]237
  • 78[.]128[.]112[.]139
  • 145[.]239[.]85[.]6

MD5

  • 8e5876fb74f584c2abeff76e3fae9a60
  • 551be7024b92c5df38fb118aa9cceba3
  • b802a50513e73b47fe1831724a783413

SHA-256

  • e58b80e4738dc03f5aa82d3a40a6d2ace0d7c7cfd651f1dd10df76d43d8c0eb3
  • d98bdf3508763fe0df177ef696f5bf8de7ff7c7dc68bb04a14a95ec28528c3f9
  • 5a65bee42bd45b04f64ea02bcf30d266a500de7c8ad4851221a0a24a2de88e11

SHA-1

  • b4a9abcaaadd80f0584c79939e79f07cbdd49657
  • 00b5ebe5e747a842dec9b3f14f4751452628f1fe
  • 22f8704b74ce493c01e61ef31a9e177185852437

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on links/attachments sent by unknown senders.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.