Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 15, 2023Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]March 15, 2023Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]March 15, 2023Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 15, 2023Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]March 15, 2023Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]March 15, 2023Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – Active Exploitation of 4 Zero-Days in Microsoft Exchange Servers – Additional IoCs
March 8, 2021Rewterz Threat Advisory – CVE-2021-27365 – Linux Kernel information disclosure
March 9, 2021
Severity
Medium
Analysis Summary
Two newly discovered forms of ransomware – AlumniLocker and Humble – have been detected. These ransomware have very different traits and both attempt to extort a bitcoin ransom in different ways. The ransomware is delivered to victims via a malicious PDF attachment claiming to be an invoice that is distributed in phishing emails. The PDF contains a link that will extract a ZIP archive that runs a PowerShell script to drop the payload and execute the ransomware.
Like an increasing number of ransomware campaigns, the attackers behind AlumniLocker threaten to publish data stolen from the network of their victim if they’re not paid within 48 hours – although given the ransom demand is so large, victims may decide it’s too much to pay. Humble is unusual for ransomware in that it is compiled with an executable wrapper (Bat2Exe) in batch file. What’s also strange is that it uses Discord – a voice, text and video communications service popular among gamers – to send reports back to its author.
Impact
- Data Exfiltration
- Information Disclosure
- Financial Loss
- Confidentiality Breach
Indicators of Compromise
Domain Name
- femto[.]pw
- boot[.]win32[.]killmbr[.]ad
- root[.]win32[.]killmbr[.]ad
- www[.]minpic[.]de
MD5
- c6fde70f07d7879e028290e0d726fd35
- 45af7c4ed9f584df589f34738f74f145
- 1f02cb745dc400e8f29589b5a50e91a8
- a4ab820409b4a2dc28f7c8d431a1f902
- 015bb16ddcbf8a6326ec859020466c05
- 8e5a7171f1be0254dad65bfd78646f34
- eb154d544f8cb7aeac7700100bfe7c1a
SHA-256
- 10c252d04e0eb8a91688919a57f27193f0567cf45c8cafdd27577314bf7db704
- 57fafcf93acfc6c45a05ef60207226e21e83f538f2e6ea8077f67c907cdce729
- 5f42b161717463991122f88dd7dba95a26bdd3d8c9ed21c316ba7a51e7270f66
- 6be8927f5d508259c8100d363b42215d7c90845b1c6716a71414a6abbd0df230
- c1eb88cc7f7b43de1ef71fae416c729483d71fa930314c36dfb03b01b8455d31
- dd10602b2500fac1f816c54d698c55ebe6a9e208b909bdafc074ccdb2d82a725
- dd61a8b804059891d5f25b39c1dcd5e880088e217ba30aa80ba2c9dbd35d060d
- e97c6e05b1a3d287151638ffe86229597b188f9aa6d34db255f08dbc11dbfbd8
SHA1
- 3d0e9b1ccce6ecc7d946cbbb237b89c10dadf225
- 46f65a6742bccca94098c09f27cc983d12c62c26
- 2e8d8629352682d37479c6d0e87b9f8ec1a0819f
- f040239f22c2d4bfa97d53eb4a73e98d0105eb6c
- f0ff1059e64175c8bf3f557cf1b0f49ed105d7d4
- 7a207db4d2a447a3c547fda5f34d3f6efda5dcf9
- 5bc2d79943de6b47768db926704e21e88cb95aa2
URL
- https[:]//femto[.]pw/7unw
- https[:]//femto[.]pw/cyp5
- https[:]//www[.]minpic[.]de/k/bgk5/fsqz7
- https[:]//www[.]minpic[.]de/k/bgk6/17lim/
Remediation
- Block the threat indicators at their respective controls.
- Do not download files attached in untrusted emails.
- Do not open files unintentionally downloaded from untrusted sources.