• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – A New Raspberry Robin Malware – Active IOCs
May 10, 2022
Rewterz Threat Advisory – CVE-2022-1652 – Linux Kernel Vulnerability
May 11, 2022

Rewterz Threat Alert – APT MustangPanda – Active IOCs

May 10, 2022

Severity

High

Analysis Summary

Researchers have identified recent Mustang Panda activity that involves the use of DLL side-loading to deliver PlugX. The initial infection vector is an executable downloaded from a remote URL. The executable is responsible for installing the malware by dropping the required files (a DLL loader, a legitimate binary, and the PlugX payload) onto the system. The legitimate binary is the Adobe CEF Helper and is vulnerable to DLL side-loading. When the installer runs the legitimate binary, the dropped DLL is loaded. This DLL is the loader for the final payload. First, it reads a hardcoded .dat file that contains the XOR key for decrypting the final payload, then it performs the decryption and loads the malware into memory. Once running in memory, the PlugX payload is able to decrypt its configuration data, which includes its installation location, the XOR key for C2 communication, and any C2 addresses and ports

Impact

  • Information Theft
  • Exposure of Sensitive Data

Indicators of Compromise

IP

  • 101[.]36[.]125[.]203
  • 103[.]159[.]132[.]70
  • 103[.]200[.]97[.]150
  • 103[.]75[.]190[.]50
  • 103[.]91[.]64[.]134
  • 107[.]178[.]71[.]211
  • 155[.]94[.]200[.]209
  • 185[.]239[.]226[.]17
  • 18[.]138[.]107[.]235
  • 45[.]248[.]87[.]162
  • 45[.]43[.]50[.]197
  • 5[.]206[.]224[.]167
  • 61[.]38[.]252[.]166
  • 92[.]118[.]188[.]78
  • 95[.]217[.]1[.]81

MD5

  • 56f27cd9e8556e9c61fb60e6041e8c9d
  • b0a7b7a1cb4bf9a1de7f4b1af46ed956
  • f2ba9bdc31a95d249679f685dfd2a39f
  • 84545b406b428a0028c6cb25dd85bf2d
  • 7b2f41b57b9ab4151eb37ed69db9fdf8
  • 25a14e50486c738bc92da69c02063e23
  • 4b07e341a2bf00479dda19b18ca41362
  • 69ab42012ddce428c73940dcf343910e
  • ad3ddb4cbe7ece8cb723f63f3b855b85
  • ae358c1915e794671a1d710d9359146d
  • 6459baafa8ad9d4bd6b360d3a423f921
  • a84958c32cd9884a052be62bdbe929cf
  • fa063454e3bda1433bdd2725dfac4487
  • 2102d225508c1f8f488a3f1574a34759
  • c7c9fee23de57ff885932849a237e6d5
  • 530ed2cbfc57b9e6ae6c3fb3a1ecde9e
  • 8a7e2c7d4be6f17a851bc6b3d10d0d45
  • 66ee022fb975899281885d0e5af55fbe
  • fd7f4d575fd26bfd74c69ba1392368aa
  • 50c750ddd7f79627f27e48a7dbafeec2
  • 84d1d97d298fcbe237a6270b10e6984d
  • 01d8305b91524d83ccf2c26c1b3b7f1f
  • f31d40ea1e73c82fcbfee606fb52169e
  • d404e3cd5f1c6a50f10f56f5c5b9c1e3
  • 3c6173d8693510f6363b608c09feebb1
  • 385a4ca1da76ca4cbbbed6e0ef659f1a
  • 66ee022fb975899281885d0e5af55fbe
  • 257813d292c494797a957f0992ba1405
  • c5f4da8c703696e2fc034cbcc3da6336
  • 706e0f37a49e013b9fc73a5c05fc861a
  • c70d8dce46b4551133ecc58aed84bf0e
  • c43de22826a424b2d24cf1b4b694ce07
  • 43529e54971a2302ae736c40f39d65df
  • e21e8f398c6d61ae8335664b1ad0444f
  • 2d79767e4f6118afb9e86351be178b6d
  • fc9e85df9fcbaf261117e94d0132369e
  • 67e017eb7658e390534abc6f55e6af49
  • 3c99e3522923b6ec94093e04b7e13fa5
  • 50b3fb6a2cf209d4bcbea0546e82f58f
  • 3c7469e92990c6a879fad4e1e7fde5d2
  • 3b63e3ab2b668abb7eba8f84602df48a
  • 6cda632104ed1cfb1d03e2bbdb3e443c
  • 84aef9e9285aff8d1551b0ee6f317292
  • 34161eea2f66156969291d6ec53717c8
  • 27daaa3f672d6c584dab4bed2cfda8e4
  • 1072897b03d0566af54edb0f3826b834
  • 6be83a1652c6b3dfb8663aebec3515c7
  • 41aa7cdd6c9ed2ac0932d8084c89f28f
  • a5660a4a5314f45f67d36d04a37e3571
  • ac1c480ca73e1122893995fad3f7f469
  • e7904b4253f0b45fbe94a38b3946a621
  • 81bebcb517930bef9ea182431719c132
  • 6cda632104ed1cfb1d03e2bbdb3e443c
  • ba9565a7faad19b2f6e80a75877fe938
  • 91440c1865391355b56dd7cc3edf89e8
  • 89631ca603d9943c110fcf2c7fba0f6f
  • 44739c501fcd8b9c0eb5b7f74fff9a00
  • 35b69a125081c5efc6960af0f9b22948
  • 3f4e55daf8722d0656b3f7b9bdd4c22d
  • b2a22ff19524a849dec35dc75124be91
  • fec055d1adf03781e3e1427dccdb94b9
  • 80f4ee699f480a6a0c47866d79ea3f4a
  • 363f07437cfa756ba2bcaa59e9da9416
  • bb1506cc3c26b3ee120fc7fd388a8a58
  • b502b41727f1e54b8475f9947777dbe7
  • d3ee0db7e36a88b4b446a5baae8eddf9
  • a5e391d64d5771c1150bbafaa4fba173
  • cc197ffd0972660b71d0f1ca86532119
  • e87769ace15726fdd508c56f7cb04fcd
  • 4d8dcb1f33180c55e42d0d682a6596b3
  • c70d8dce46b4551133ecc58aed84bf0e
  • 8568bae4c4bbd7f969ba3f1514a26c82
  • e123c2f0822ec9e459f3ba16793c14a7
  • 697d783f4dfb937c82250fac4efed274
  • 6ca3439153577503fd71f7039a0045ab
  • b8a78e4e76673b68e94f5312d7e3900d
  • 37f19e06e38b2a8ad9d65a6575ad3413
  • befa31048a67e9bf37afa92c97f6fbe3
  • 8b941c0b80312c1c630b9c0062d86e30
  • e9101cee85038bb0f306ef83bc36523c
  • 4efd3d2f09f17dae19f1d5b967ec9949
  • 332a4f864b1f7b1e166edb5d9b47e119
  • 7f0079d2ef1fca0b4bf0789aad3d2b04
  • 8b68dc5dbb99af7de3312771e828b6c8
  • 37d1df5648c2e499b23b4228743f0318
  • 34085fa3adebf09faac315540db16cb4
  • 4a9b98832ba5c2b74f80dadd16b8a079
  • be8927e1d6ce992982976cc5f3dcbb92
  • 13e51c336fe50f8cbc80a7fe06a3e788
  • 5959d00e2d7b57e1e5885750c0900946
  • 1d281c5353d1b12afb9c4a4ae61e5675
  • 377956881a132dbb70c6f0dcf07b7d47
  • 866ad225f9c997a68aa916ae9c8290f3
  • 1d281c5353d1b12afb9c4a4ae61e5675
  • 0ed497a020ba9ca230e378f339b82f07
  • 030265a85b5c84a2263e9aae8562b86a
  • eeb2121925451ecb3eb5d79f18ca17cb
  • e0977e26e7b850e20fd94fefc79af65f
  • 10d0b2b4fd787d43ae20244788d38e8c
  • d9172a525c8f4a7932559c2ea13ac002
  • fcd6691fc59610a50740a170a8a5a76f
  • e7d91f187ff9037d52458e2085929409
  • 793d0e610ecac2da4a8b07ff2ff306ac
  • 72dd4b3337e0c9a70cf772e2b21f87b9
  • 6f580dc7648e7f9c025317f5ad096f3f

SHA-256

  • bee9c438aced1fb1ca7402ef8665ebe42cab6f5167204933eaa07b11d44641bb
  • dbdbc7ede98fa17c36ea8f0516cc50b138fbe63af659feb69990cc88bf7df0ad
  • 18230e0cd6083387d74a01bfc9d17ee23c6b6ea925954b3d3c448c0abfc86bd2
  • 668cc21387e01b87c438e778b3a08c964869ce2c7f22c59bcde6604112d77b2e
  • 8a7fbafe9f3395272548e5aadeb1af07baeb65d7859e7a1560f580455d7b1fac
  • effd63168fc7957baf609f7492cd82579459963f80fc6fc4d261fbc68877f5a1
  • 6019e6ee3dee2ec798667ccb34a2ab8d70bf5960d35f55157a9cb535b00b243f
  • 436d5bf9eba974a6e97f6f5159456c642e53213d7e4f8c75db5275b66fedd886
  • ca622bdc2b66f0825890d36ec09e6a64e631638fd1792d792cfa02048c27c69f
  • 492fd69150d0cb6765e5201c144e26783b785242f4cf807d3425f8b8df060062
  • 2fc14451ef0ff0919995d46fedc7b7c7f9a9adbf9c40f6b36b480e637d581e6b
  • 1aafbe976c3559b61531910c75f9bb90176641f565f9810a18dcde9564241164
  • 7ded20b7d2c0428641a6ac272c15b444b37bf833bbbea09dc931d649e6dc5277
  • e1dbe58393268d7ddabd4bed0cdedf0fbba85d4c3ef1300580ed4c74e147aa61
  • 16dd94c228b5e2050d01edfe4849ca1388e9b3f811d39380f6ada3e75c69b353
  • 6fd9d745faa77a58ac84a5a1ef360c7fc1e23b32d49ca9c3554a1edc4d761885
  • 706e53480da95b17d0f9f0f5dc37a50c7abc3f954ce15b4733fd964b03910627
  • 537ac2f79db06191222ba7ae7b7843f063600f87971b8dffc4a31459d6a144b1
  • 3aa80dd8ffbc7b364234cdf0849b10bcead52004fc803a74afb1bd504d024305
  • aa8fb15d63bd22b2ff15a9f1b4f4422b3c6af026915168c81d7bb38c9be2ab78
  • 567fb0e6e6667ce1674cbdfd0ab26a8a3f68979256ef6680facf1d2d50a25dba
  • 1b520e4dea36830a94a0c4ff92568ff8a9f2fbe70a7cedc79e01cea5ba0145b0
  • 4c727e21312355cd9a9f0e1e0bb8fc3379f487968a832d00ffde9d5a04b8da9d
  • 017ef960616182daa1ffabc5d5470340cc45bbd5ab3455d74987a3ae478fa118
  • 5851043b2c040fb3dce45c23fb9f3e8aefff48e0438dec7141999062d46c592d
  • e2aff9d2f5e75bdc09712722d919f2261f638b0b4da878e405b86b927dcaf1e3
  • 537ac2f79db06191222ba7ae7b7843f063600f87971b8dffc4a31459d6a144b1
  • ec32ff0c049bd8812a35aeaaaae1f66eaf0ce8aefce535d142862ae89435c2e2
  • 930b7a798e3279b7460e30ce2f3a2deccbc252f3ca213cb022f5b7e6a25a0867
  • 6a5b0cfdaf402e94f892f66a0f53e347d427be4105ab22c1a9f259238c272b60
  • 0459e62c5444896d5be404c559c834ba455fa5cae1689c70fc8c61bc15468681
  • e3e3c28f7a96906e6c30f56e8e6b013e42b5113967d6fb054c32885501dfd1b7
  • 235752f22f1a21e18e0833fc26e1cdb4834a56ee53ec7acb8a402129329c0cdd
  • afa06df5a2c33dc0bdf80bbe09dade421b3e8b5990a56246e0d7053d5668d917
  • fc8b2392b92860c7ca669d5274b65498ebd9c3992149cf6727d935c9d0fb48bb
  • c73c644aa671d76918b56f2ce0124a09156a521e293091b68e2763d2ed386e8f
  • 98f139983882e443116863f795c1df50dae5ceb971075914dfee264dc1502a09
  • 39f9157e24fa47c400d4047c1f6d9b4dbfd067288cfe5f5c0cc2e8449548a6e8
  • e4766d7e0c13f42cf1ce56efa07cee57889526f398efaae948ce487410d105f6
  • cab5fa13c8239e97c15b04b27f9b70fb8b561d31935af7b0680bb80aec12c813
  • aec41c4f461cd08efe1390c8de513e54f766a5903c3c1f67ac4a9c93a3213c6b
  • 71d09abda31f0d7c7161cf6f371305023594bb3ef146aa9fbeab1f717885dd58
  • 8a6da7e23267cadb1b8ec3996d662cbc71342f308ca6b65f545ce78612dfc9a7
  • 86678ad613b4d05a8ad3013323875daa91c69b64411603187dd2bcc595d97a8e
  • 033786a482641aa901a28a3e3c314dbe86723906cea15147629167d8364907f7
  • 0492124645a667b1ca39002aff4b696871f12f7f21ab0a75816aaeb53ed2f78b
  • ce86d647df2da33c5992c790ddc0d302b56af8a0d7b1433639c235ff03bf09ad
  • cf7803d1546aab172d17345212cc4de9c2d98a9817c8f9c3770e64744e15e261
  • 1d3e2eeaec0707e531593aa9aadaee0ee7757b67de43eae924fad122e86f60a0
  • aa9a8f143cf61118c96a3bf226c77a05072ccbef15e990c65e0a118eccbb47e6
  • 1e629fe7c8911a9adbde2e35af4f6f9e60ee538638c82edbcbd7cce5ad2ff4ab
  • 36afa5b3133667f2577687b3e83d7f6c009dd65864c20a408d860b3c6678df2a
  • 71d09abda31f0d7c7161cf6f371305023594bb3ef146aa9fbeab1f717885dd58
  • 3407c5d054491ecf28ea10ec24e30e75915ba6fd3b2656955e94a89b67e0567e
  • 67d6267e0ee81e00f97b25a892d10bd9eeb68179eb7e1b9236fcb01ec3f50beb
  • e92e49b7af397f6f41a225b8778c6812f78c87f4388f527e6efda0dbe2b49251
  • 2fd6e2ae0e4d78eef9d36376ac39768ec14e3bf8fe39c3ef6a347511b2cd55b1
  • a1a61052eac5fbe98f28ed6b3ed38a66d333aed3f14326bcd42d0fddcc18c519
  • a3e5473eb60e8dba6b97e626288b6742e141fa8a393ec7efeb7993449f84b14f
  • ec60594018da8717fa6b8d93fb919f08e7a8b07401fbce1abe7982c959f78424
  • b9adc1433ef7c6fee4d36f73b79744ad611d51a8e039d4c384dd453e33452d0f
  • 9b7615b4c2c6ebdd283afb1dae4d951b7ef928939b98ffbe7dea49cc5c5eee02
  • 951b09c559fdc1c447f3dc63870b5244c2b715d728e1318a62db64bc17dcb85d
  • 4743ccff0b5dbc34027165e177143018b9ee9e3232496ca5d4fa5cd56b5646f6
  • 302ae30d464d6958510dcc463e3c3d8339e38bf6ff84de6cd84866303d34c8a5
  • 4d01691573542e1676fc09102ac3120d0eec37b6791f32ec103eb0d0ee2581c1
  • f863dab6504fa3c4c9f7534d264d13db95ea96679689cb7e5d0460eed8f59a37
  • 61a194cd413614e5ac91d648a87ff6b7e78d2130f54eff8a05c4c9608a7ac3aa
  • 2bce6eb2839569ba077e24468259aa2678677275c632a0d276dcb14566cc6fcf
  • 150525f4490f43877f1281aaaccc9bce78452d556326105fb77db6156095c883
  • 0459e62c5444896d5be404c559c834ba455fa5cae1689c70fc8c61bc15468681
  • 24437d65bee4874fba99a2d57bf050ba719a69518160cebafbd8f7441368093a
  • d1f848a8477f171430b339acc4d0113660907705d85fa8ea4fbd9bf4ae20a116
  • acfd58369c0a7dbc866ad4ca9cb0fe69d017587af88297f1eaf62a9a8b1b74b4
  • 5928048ed1d76df1ae4f3ede0e3da0b0006734f712a78036e6f4b6a78c05f0c6
  • a81719f585a9f40e4304c6ceb2292826676c2d3f7342e88b21f41139743436aa
  • 02ec5c7a7ab17540164b4b499fa095e80113123b3ccba6dda59b5f7021b93e6b
  • c3d113bfc14a7148419d506e9bd8d44d897f3c71f8d81a63e3b2f4d843ad1c4c
  • 1d72fdb8257a6ec78367f2512ceb18be480860320986845943776959cb4d3dd0
  • 8f07bd408838182a0328ea44156ad47dd5b6ccdcfbd53209717d555ed69adedc
  • 03c5f4cd4a0889f436cd1ac2634b2c76732ce7f280e294ab3a19e8c1e957f101
  • f76f1657205d7042fccfc811077bbada92c0fef735f158da35e7825da1cc6bec
  • 92f1e5424d53e3f4516d4c831afe3d64e88ed265ec143fb32717f2323836d61b
  • 0b949d6e2078771ed65ce1b81ae9b5619d24317846a4e67bb9494975049bf728
  • 377d65bdbf2b323ef9b497b1d3e2f93521a9ce57d4f2d6c296b048ee1390173e
  • 962bf22710ff07977e3ddad66117094a2cf1c0aefca3d7ed4ba947c62ee36491
  • bb2990a1bbc417cfec40d5f1a6a8b22cac0ef21aed869dd8503e28573cf84401
  • c26719156e644cee5e95133d31b30b80147494313e665d4243954435511f5c11
  • a6057292247d928e6adcda5a48983d8702372ce195fc50ea4496f67c6ca57e26
  • ce59d8cf4b6eca3420438e05b059d6f61cc484e6fb00b1b2a7033bf36446e683
  • 508d6dd6c45027e3cda3d93364980f32ffc34c684a424c769954d741cf0d40d0
  • e0fc2cf31a0fd7f4bfa1ba453fd8f272784330de2ecba80104455252a931789b
  • 2aeef18abf22b233de5515a95cdca5aa3cbc6c21e8d2f83a68214e7272f9d947
  • 508d6dd6c45027e3cda3d93364980f32ffc34c684a424c769954d741cf0d40d0
  • f80d84a3f951a1b62d92a5a2799b149ed0aaca292364f101c1273f135c811565
  • 887345540f1bf31c40755edcda2e3dd9fe640122fc9020f3873c895daa2378bf
  • 4f29180005f3c2e776d1854722270287111ec073ab80dfc1b4dc1bc0d9337ddf
  • eef56bfc68959c6eaa66ab6abcaaf8fb54aa5b5a7da0866d97a1effeae0952b8
  • a265e0db5fe311dac60171e27011087bd64b467eb442986f343fe07410e8bf46
  • d7590ee95a46bc1ca7973a8f09efe23a5b00e54d6e65b95cb16acd17a0f127e8
  • ef3966d15af3665ee5126df394cefdf6f78fce77db7a70d5f35c19c234715035
  • ef54e266f8fc9eb97d71c76f2a53b65bef83fe5fc270fbfe83463f83678ff44c
  • df84d6c284dd39c2bfed6f8eb26149a4154396c27de50595ed5d80b428930dcd
  • ff1dcab09f24a4c314af3ee829f80127e5b54f5be2a13e812617f77d0deeef57
  • 5009f65e7a8d84a9955d5adbdb86107b15304b1061bdaba5dd2ac2293dd8e6cb

SHA-1

  • 04356f101a5f53f0eff7b1a6b24d1463074f142a
  • 937975e3ea50c15476aef050295f4031f5fda2a4
  • c71300967110b899eabf81fe96bf5fd927a10564
  • 4dcb1eb86caaf9fe5bbd8f729679435f1f14adc6
  • 2f46a7ed5d7a303c0f25d5e4a18bcbf01ce9af26
  • 22d80be7d7916763648a98a0afdb7c0c7e42b3d9
  • 70f066c77a080d0003fb3047a9e3731828d3b164
  • 698d1ade6defa07fb4e4c12a19ca309957fb9c40
  • 6856bb506a0858cc5597666d966b5b7499e38542
  • cacc3eb2f415852f57579a69662744f75438e891
  • db999a5ecf4e1c87fae10983f6d23b26069cbba1
  • 7b90dcdf6ea88b1efa1cee36a0b1ab71e34c8d1d
  • e4805324ebfb97f3004847de306bf4fd567ed2a3
  • 68af654d9c6bf1d671531d81f0f78a6a75960040
  • c0bf51550f050e099328b3e228adf16483e30e53
  • 6f20d6d12e793d69126359352ce34c09d4692f85
  • 7fb634831f57c518707b697720f759ce9ae5c7a3
  • 54fc5d132a50dc86fda117fee90b088c6dd9d361
  • acfd2f5c8efea720cbc40c9da215a733f777037f
  • 52ddd7483eeb8b096457178a7f9f2136af33e604
  • f586995978e3250d9fa7fd05c89732bfde1a383f
  • c13d0d669365dfaff9c472e615a611e058ebf596
  • 630a2cd81e605cf418811a8fe12c4bc9ce377656
  • 62bc9524f2c773c0dd486f48f584b309e04f16e0
  • 477a1ce31353e8c26a8f4e02c1d378295b302c9e
  • f37c1a1d11fd5a90dc3a30edd752eb67f9917f01
  • 54fc5d132a50dc86fda117fee90b088c6dd9d361
  • eb376b77cb6e2a6d89e3cc7368867c12bcc3317a
  • 13ea93c06e3cb65ab7c5603de713d862a4956404
  • 74d918acc5838177614cf63f2e327bd2d8fa0cc5
  • 00626346632fdfb2a1d5831793e92a3601ec4d9f
  • 6d8e50c567f80372a6f82f1ae2fc2c1177c56d45
  • b8c40fcec38711a1c0cd663b87c175f7509201ff
  • 94988d605982dc2f10e422505eed6e38fb7093f4
  • 74b269cdf488b09d06ac6b6e8c9c8e75254d642e
  • 35092d156e12d4c500ee999d913c1380a41b3908
  • 92b74d3eeffaad370c9c6f36501fb6cd140c3b12
  • 2cf4bafe062d38faf4772a7d1067b80339c2ce82
  • 50e141b03bcd5b1f6d5d1d3956c42e188782c8dc
  • 9d2dc6be9d580f4acb61d3d28239b601ca332a89
  • 39f65f635a8572e8a4061a5df72c5425da517dfd
  • c046fba176f44d91c43a920ed35ac96470ecb67d
  • e23284f42db9d6e4cc259b359612b22e8e3cad87
  • 7276989a740ea1d82bb94fb6d4d3ed921fa1177a
  • f757e49d4126098b554af41630cf8932b57ecd1b
  • 04063c50d1400f2bd62833d33c3f567c3b796660
  • b72bedc3183fcb8dcdbfceb93065e253e5921a63
  • b66f0f8f41722945814fae50ca17a7a19e227626
  • f66dbfdb6d38a819443bb924a793544698fd8b03
  • c63b333fa20eedce6d5757d58f54ff1ca1cc80d9
  • d27f2f75d222c6a85c8a88d76bd9a25aea076b82
  • d484b8311307a75eaf413e9b3911b0aacef6d27c
  • c046fba176f44d91c43a920ed35ac96470ecb67d
  • caf631b79f2078f73ee494adecf33d0df7ba9dad
  • 94f3cfffb2697397b9032f449a8db61747083d11
  • c413fb3d6d69a5f4405c8c97e1af1955716e9623
  • 21fdb5107d0a38bd4cb8fb7714a2cad913bac7e1
  • 56e43c278aa0398e8933a91f41849fbf97453e5b
  • caff9e675dbf337badfdbd543d97c68cbf959610
  • b7f53ea5784e1e699d22b353d5ebb72c5f757e17
  • 077ed17c4757d08db2921b9ba030d2636ca5f130
  • d22427829001ad66105a3fda8f97cb200f169896
  • d4ec2dd90e1f2415f3dfe62d0a6627602c6ffee8
  • 74e6171938b75dfd268e2c25ab51850d7d34f7b0
  • 73d730a37699fac734e7a6da508283212ec10016
  • 8c0addc6b1761586b4d8830beb550c7aeb5e186b
  • 62063e502a6a96994e46408bb6a04e5b86c18055
  • 412411c2ab000f61dfcbdc2cf8d2a00c0e631c0c
  • 7e1fc00aece9b3d3df4fd44a6fec5fb77058abed
  • 6af2ade9c744b4689e411536df07040f7f2722ba
  • 00626346632fdfb2a1d5831793e92a3601ec4d9f
  • c53aa6676f2a4e4f0c372b902dad5aa27c4ef859
  • ee57cab4bc7065dc8257be0f28c6ed465d5ce3b6
  • 3c78af6efbe0f15b4ff55077152ba5e3675a4ff0
  • 55e57c6bc9f9db1556b6527f60d86edb603c2325
  • c2533664ffcd4e25ed68a303fcaa3f25b39be848
  • f4e1de4575a687932029ee4875b59a8a83385a27
  • 8bc1aeda5d3d3b8e88920fee1f99360da1df038d
  • bcc654fecbb77f643c3616b679075c08bbc6f780
  • 4a6edb973747bce4512f635a076cb47b1b934a83
  • b8cd43f605eab84838ed36943752c4ffc167f647
  • fa9ede75fc19abe4b4fc46d37e234926af8744b6
  • 78bb2c6b9a2ca3d79bfd4f313759385705b00922
  • cf452a470bf3b6654d46e098d13538fe3c547224
  • 3526c49ca637ca2130699590e7bfd22b98c08673
  • d10f139d4a0e4591968bd8518dd152debaf15638
  • 610f6ca6aa436fd0329d22a639ee2b4ad4ebe484
  • 8a680e220a007d875e82a25c6aead202935415de
  • 5e294219b54bec8933c1d765ed5884b7b174ca35
  • 3f69df382de737a7dee988f98ea35d0b44dc48eb
  • cd7f8684f6bfabbf733b724e00f5c8782613663c
  • 0b83391363bc2c6fb261781423a9a611a5af0764
  • 95c32bf141584db152fb7fc178a0877f70a838a6
  • cd7f8684f6bfabbf733b724e00f5c8782613663c
  • b91ae855e9db2b1129eb3a0380fe86a49e04320c
  • 41a28ee8546ffbe33f92b9589c05d09da10318b5
  • 682488c3fad02a93c2d0614f2b33eebe34c632b4
  • 4a3749c33d235715a84ec4964e1d69d758645a82
  • e92b86b55fbb1e3533e640c6dfa958603c68d14d
  • c9f926a2eb5a0ba36d82556ccf820b6838b3108c
  • 396c9bf470fed61ed771561346b60678a6958fce
  • 6020bde7924e6e7933b2b4fc573e6e8f529ebc55
  • dc479c9002ba733165171f2179d7beadbc64b305
  • 13dd0945827cb1f5f8b929633f911eaa563577d3
  • a81f8f77d9a2681f1ad2290eb9ae85dd971af0be

URL

  • http[:]//103[.]107[.]104[.]19/2022/eu[.]docx
  • http[:]//103[.]107[.]104[.]19/DocConvDll[.]dll
  • http[:]//103[.]107[.]104[.]19/FontEDL[.]exe
  • http[:]//103[.]107[.]104[.]19/FontLog[.]dat
  • http[:]//103[.]85[.]24[.]158/eeas[.]dat
  • http[:]//107[.]178[.]71[.]211/eu/DocConvDll[.]dll
  • http[:]//107[.]178[.]71[.]211/eu/FontEDL[.]exe
  • http[:]//107[.]178[.]71[.]211/eu/FontLog[.]dat
  • http[:]//107[.]178[.]71[.]211/eu/Report[.]pdf
  • http[:]//155[.]94[.]200[.]206/images/branding/newtap[.]css
  • http[:]//155[.]94[.]200[.]206/resources/Invitation[.]jpg
  • http[:]//155[.]94[.]200[.]209/assets/mail/fonts/v1/fonts/last[.]jpg
  • http[:]//155[.]94[.]200[.]211/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/server[.]gif
  • http[:]//155[.]94[.]200[.]211/news/live/world-europe-60830013
  • http[:]//45[.]154[.]14[.]235/2022/COVID-19%20travel%20restrictions%20EU%20reviews%20list%20of%20third%20coun
  • tries[.]doc
  • http[:]//45[.]154[.]14[.]235/2022/PotPlayer[.]dll
  • http[:]//45[.]154[.]14[.]235/2022/PotPlayer[.]exe
  • http[:]//45[.]154[.]14[.]235/2022/PotPlayerDB[.]dat
  • http[:]//45[.]154[.]14[.]235/2023/PotPlayer[.]dll
  • http[:]//45[.]154[.]14[.]235/2023/PotPlayer[.]dll
  • http[:]//45[.]154[.]14[.]235/2023/PotPlayer[.]exe
  • http[:]//45[.]154[.]14[.]235/2023/PotPlayerDB[.]dat
  • http[:]//45[.]154[.]14[.]235/mfa/Council%20conclusions%20on%20the%20European%20security%20situation[.]pdf
  • http[:]//45[.]154[.]14[.]235/PotPlayer[.]dll
  • http[:]//45[.]154[.]14[.]235/PotPlayer[.]exe
  • http[:]//45[.]154[.]14[.]235/PotPlayerDB[.]dat
  • http[:]//45[.]154[.]14[.]235/State_aid__Commission_approves_2022-2027_regional_aid_map_for_Greece[.]pdf
  • http[:]//95[.]217[.]1[.]81/maps/overlayBFPR
  • http[:]//95[.]217[.]1[.]81/maps/overlaybfpr?q=san%20diego%20ca%20zoo
  • http[:]//upespr[.]com/PotPlayer[.]exe
  • http[:]//upespr[.]com/PotPlayerDB[.]dat
  • http[:]//upespr[.]com/State_aid__Commission_approves_2022-2027_regional_aid_map_for_Greece[.]pdf
  • http[:]//www[.]zyber-i[.]com/europa/2022[.]zip
  • https[:]//45[.]154[.]14[.]235/2023/EU
  • https[:]//45[.]154[.]14[.]235/2023/PotPlayer[.]dll
  • https[:]//45[.]154[.]14[.]235/2023/PotPlayer[.]exe
  • https[:]//45[.]154[.]14[.]235/2023/PotPlayerDB[.]dat
  • https[:]//drive[.]google[.]com/uc?id=1BG0F1NdkPZOY6w2Y0YEs6nMGYLvSJiQo&export=download
  • https[:]//drive[.]google[.]com/uc?id=1ITPqIFuWOQZ08RmMUDMmzWpg69_EbLTO
  • https[:]//president-office[.]gov[.]mm/sites/default/files/font/All-in-One_Pyidaungsu_Font[.]zip
  • https[:]//www[.]president-office[.]gov[.]mm/sites/default/files/font/All-in-One_Pyidaungsu_Font[.]zip

Remediation

  • Always be suspicious about emails sent by unknown senders.
  • Never click on links/attachments sent by unknown senders.
  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.