logo_SVG-01
✕
  • Platform
    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    • Managed Security Services
    • Managed Penetration Testing
  • Services
    • Assess
      • Compromise Assessment
      • Advanced Persistent Threats Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      • SOC Maturity Assessment
      • SOC Model Evaluation
      • SOC Gap Analysis
      • SIEM Gap Analysis
      • SIEM Optimization
      • SOC Content Pack
    • Train
      • Simulated Cyber Attack Exercise
      • Tabletop Exercise
      • Security Awareness and Training
    • Respond
      • Incident Analysis
      • Incident Response
  • Solutions
  • Resources
    • Blogs
    • Press Releases
    • Threat Insights
      • Threat Intelligence Reports
      • Threat Advisories
      • Monthly Threat Insights
  • Why Rewterz?
    • About Us
    • Careers
    • Contact
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Rewterz Threat Alert – Bandook Malware Targets Multiple Sectors

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    March 22, 2023
    March 22, 2023
    Rewterz Threat Alert – Mekotio Banking Trojan aka Melcoz – Active IOCs
    Severity Medium Analysis Summary Mekotio is a banking trojan that targets users in Latin America and Europe. It is primarily distributed via phishing emails and infected […]
    March 22, 2023
    March 22, 2023
    Rewterz Threat Update – Cyber Threat Intelligence Advisory – 23rd March Pakistan Day
    Analysis Summary Overview – 23rd Mar – A Big Day –  As we approach the 23rd of March, Pakistan Day, organizations and individuals should be aware […]
    March 22, 2023
    March 22, 2023
    Rewterz Threat Advisory -Multiple Jenkins Products Vulnerabilities
    Severity High Analysis Summary CVE-2023-28684 CVSS:7.1 Jenkins remote-jobs-view-plugin Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by improper handling of XML external […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Rewterz Threat Alert – Bandook Malware Targets Multiple Sectors

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    March 22, 2023
    March 22, 2023
    Rewterz Threat Alert – Mekotio Banking Trojan aka Melcoz – Active IOCs
    Severity Medium Analysis Summary Mekotio is a banking trojan that targets users in Latin America and Europe. It is primarily distributed via phishing emails and infected […]
    March 22, 2023
    March 22, 2023
    Rewterz Threat Update – Cyber Threat Intelligence Advisory – 23rd March Pakistan Day
    Analysis Summary Overview – 23rd Mar – A Big Day –  As we approach the 23rd of March, Pakistan Day, organizations and individuals should be aware […]
    March 22, 2023
    March 22, 2023
    Rewterz Threat Advisory -Multiple Jenkins Products Vulnerabilities
    Severity High Analysis Summary CVE-2023-28684 CVSS:7.1 Jenkins remote-jobs-view-plugin Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by improper handling of XML external […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
Rewterz
Rewterz Threat Alert – Weaponized Legitimate Open-Source Software
November 27, 2020
Rewterz
Rewterz Threat Alert – Nanocore – IoCs
November 27, 2020

Rewterz Threat Alert – Bandook Malware Targets Multiple Sectors

November 27, 2020

Severity

High

Analysis Summary

A new digitally-signed Bandook malware sample is spotted in the wild, aiming at high-value targets across multiple sectors, including government, financial, energy, food industry, healthcare, education, IT, and legal institutions. Victims have been spotted covering a diverse and large geographical area. reportedly, a cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled version of a 13-year-old backdoor Trojan. The infection chain is a three-stage process that begins with a lure Microsoft Word document (e.g. “Certified documents.docx”) delivered inside a ZIP file that, when opened, downloads malicious macros, which subsequently proceeds to drop and execute a second-stage PowerShell script encrypted inside the original Word document.

malware-attack-flow.jpg

Impact

  • Unauthorized Remote Access
  • Code Execution
  • Information Theft

Indicators of Compromise

Domain Name

  • pronews[.]icu
  • ntsclouds[.]com
  • vsimperial[.]com
  • mxtms[.]com
  • nopejohn[.]com
  • horizongb[.]com
  • olex[.]live
  • styleco[.]me
  • raysdoor[.]com
  • mainsrv[.]top
  • idcmht[.]com
  • vdscloud[.]net
  • ewsdocs[.]com
  • jtoolbox[.]org
  • htname[.]info
  • ercuc[.]com
  • p2020[.]xyz
  • tancredis[.]com
  • 2ndprog[.]monster
  • branchesv[.]com

Filename

  • Malaysia Shipment[.]docx
  • Jakarta Shipment[.]docx
  • malta containers[.]docx
  • Certified documents[.]docx
  • Notarized Documents[.]docx
  • bank statement[.]docx
  • passport and documents[.]docx
  • Case Draft[.]docx
  • documents scan[.]docx

Hostname

  • ec2[.]mbcde[.]net
  • s2[.]fikofiko[.]top
  • s1[.]megawoc[.]com
  • d2[.]p2020[.]club
  • d1[.]p2020[.]club
  • s2[.]megawoc[.]com
  • s3[.]megawoc[.]com
  • s1[.]fikofiko[.]top
  • s3[.]fikofiko[.]top

MD5

  • 70ff19341dee7973ea6dd8e15c6ba86f
  • 27f8d8bbbeeda5fc439ee18d9d4da343
  • f037f3961f7d9fe1eb7afa889b556cb1
  • d22b31848b6f17efc87d538dede2f2a7
  • b9b8d6f46ff3a9058ffe4b304604b4e7
  • 96f09c5c56f59c733d1a9b01fea0cfb4
  • 17fe9611ea566887b3ef42284f96de03
  • 83311c960609418d5f0a5160324ceb1d
  • 44584c8d010242fddb44afe5ce860872
  • d1600f45005aa8b8fcbb446f34f7b9f5
  • 4d7e67ed02713c789336f8804231b1ca
  • 4e9e12c98cfbc5f3aa3c1345bd063fa0
  • 045ce6679ed4086e2ded58470e24c15a
  • 7c15ee5b9a12dacaace8fb62271f12f1
  • 3f310215a70d748f9335c767e61a2ab4
  • 7ef261c151519e66ec369c63e4b1aed4
  • 0475771b8bc3efc28b1834f3add608f3
  • b5138c77983dba10c4976c411161bbf9
  • 9bcf889b14968c61df95961a161719ba
  • 07111aff7afc052a81f267ea2e83dcef
  • 07776b2dd00bcd0be1c7713c37d41120
  • 53b7bdd75776f342bf5f5395d4c46520
  • eb402e8dd2cae58476acc8e697ee7171
  • a6501c62b3a6ffa8d028a88138fe509f
  • 1a3889ded73044f8ba0a00c2f089a3bd
  • bca04d74261fedfbd191ffd5e7cf6214
  • d6e524514e0d112015c841b62377d648
  • cfea49c577ef865de659d5b8025db3f9
  • 28ad9ace11919b57bf540e2b9debf8dd
  • 6effed1b1bb5e9ed6aafacb075c1d4e2
  • 5a3f7c46748791494e29383d1f58a908
  • 573c7dbf4d3aed421bff58df770610fe
  • 54ad403349831b175a98a429f818f02a

SHA-256

  • 9a0ee2430f7c77942d544dad6787ca8a94470f6555f1cb08baa9d099c92f8447
  • 74feaf3aa116a88ef3b10453e77feadefbe4e53dd7a71dd3b8309cc9d76cdec9
  • 6af6fe3eafd4cf2c82738d45a6a95577d970f3fbbe094afd24d1d4a0bb5ad1b4
  • aa868d007c4dfd825104faafb3798b9ab745b29794a57365bef41ec3f6019eea
  • 9a19522b23acfc6705e4fac65640527a8adbbc9719dab436f28101b6cbc140c6
  • 408c11caf548048732ac21e88a54e80d47a05b9619c1c16b65fa850e0172f428
  • 766917fe9b543bf218bd824d55967d63f94b28456f1d4919bc990d8262dc608d
  • 5900abb869c61928f0ef931d6f9d8b62183b2bab9a69b0ef886551005d6c9622
  • a9a8b0aa5f137e7353db62dc1609da3c709ca30287a5605c73aafaf4968d1e8d
  • 3fda0a5da313886b0339eee65c69c779ed620b303ba079ee0864ca4a1496b0b4
  • 9de287f9af63f02c51c69d9c8480fee2bd4d4bd3c818f2ba81324b1f8ce495c0
  • 1ad83e9d06428dd87203ab8fcc6142014a9c05f3eb9afd61347834f39082d72a
  • 27c6341554a04bdc792ffbc5cda26511cbcfcc66334fb6ebbc24a14969b4e498
  • 8cb1f713761a6b31c9c25dd2c7ae11e575a634c9f052cfd598ada35a61783230
  • 1b0d2d096c5f7fff02a5a4ce623b71b862f63e306a0760722f710c425b4e16ec
  • add9f9dca97c3b6d52efe7d48ecd3d349a70411eaa3d4aeff6e6215b77f42b90
  • 2ee74ae5b202c8aab288ca167c630e9ee3569240958e984474b960cd560bbe95
  • 6287fc617ff6881169990e6b877c16d8ca3c199f7e453241a0b18a7907c67ab0
  • 306238a63896fa8b79b4c9a6d25fd906bb9e4919bc698608ab970677d15b0694
  • ea4792353e0f97968e7c69ffba81c144f22f54382af4e61a1347edd0ae15830f
  • 072c103759968253b7b25837b43eec546c625ae9c04edd52321d848cf6078b87
  • 034d8ec8d510033c387bb87cac35d240b7b8daa3b5167732118c755c5e6c1d48
  • aed7ab5d0de01c3724c917c034e26a5e9eed3f7fbf4082b024576a41725d66cf
  • d217288a046e2739159d0081608a44c2e79d41de12c57ebe88a8591693fa15d5
  • d4cf5c5c60e972cc19782d1f37ec9d47dd1e81cdf481b64dab62f96bac846bb4
  • 97ea91fb673f4994da491433751c4fca011993ba10191f09c70ca6c8d2b4f944
  • ba153e449ee926c019b548997c32d0579b9c6f350b1590a025d5d9a216ddbffd
  • ce8ad96819c814dd1735e621639a8845ae7132375879cc5b5d5f6877cb909a68
  • 40cc5933e608f7a2a5c13af1066257c9e41528bb85e434e2bc3d1f4802dec24d
  • 0750c7cdc538d79d9ffed0d37f5d9a083902b49ec02d75ee88028db9f3668b59
  • 41ccf6de0d51bd29d35be12ae24f04b2f88ec2b202b239424f90c666d25473e8
  • 66c86f29afb1152aad8e426ebb6569ad03ce7b69ea3c8a5cc40011c2a3ab973b
  • 06ed3daccfbb30c68a33583a761fc20cc3e21adb8dd64a42d922e6da2a01c0dd

SHA1

  • 816b2442c17585396b73b54fbc87be624d55276c
  • d6b69cb3689341997d93b03fbd4499fe60f29b35
  • 7e9fcbd7f31c3a4ddb3221351e8d04ecdce69474
  • a8f2b1f1a1200d25d751b5559a31c034781ea33e
  • 47b8d74725f353dad8177c478ffa77d424e9a34e
  • a31296f1eed15262f070abb3e89acf1a3917746a
  • 57c9411b444ce4fddf6ddf210dd7dfd008c156ac
  • 8790c9c1ffdf7ce7d7c1a0825a73ef75958fd9c5
  • 99e724a6941c65eed20ac13c4940e325fd323082
  • 788489ecd0e43f74c7d8df841bee8367cba2164d
  • b1604a158cdd24182d8d4198fb17f4d348b92601
  • 118633bbe46520c65529c0cd1d6eb52f810f6327
  • c4d7332f09c7e917d5dd56930854e735cfce45fa
  • 49a8149054440e33a6228b42f731e2f8035049e5
  • 03508cbeec86346d6658da8c9d34638c57dad920
  • aad7ec556d8d6e4333552d23588734d339373ab8
  • 1e45d9c3ff9bb7e2ed236384694237dcd956de2b
  • 9d0deca8dbdf25bdb9208772f861c28aa5a4e95f
  • 9b47ab36a00d83c119620318e4924ce50cec2512
  • cf96410d1cde40aaebfe32f26354282a7773abaf
  • 9e33cbc25a8ad9987f88d5e1d181098142579f54
  • e98700d562edb0ed29e429d0263ec448daf8a5f2
  • 500813f95615b25f622e82e6c79431d7f4928bc4
  • 424e3570f36fdb541e9b49f9d6824949ccf96ea6
  • 7f534338d1399221bb2134d917a1e3eef8b309e5
  • e78721fd283b0093fb0556167e1b38b81ed0c7bb
  • 8971b585f8bf7d9f086d97d2d640ed4ce7f6b178
  • 154c16ecfa56b71ce7b6f3fca4be4e0820e34665
  • 55d1a679ae7e812d5c91ef78bec4095a2048427c
  • 8c4d5618c3ab2d2411ede54f443560891a78986b
  • b0d64b13407da0c6db1aced2d9e110802c05a6d3
  • 9087c24b181d58bb57d02a1ce19f8d17d63476b4
  • f6b1b3fc532b516366de6b3452b5c23441386e17

Remediation

  • Block the threat indicators at respective controls.
  • Do not download files attached in untrusted emails sent by unknown senders.

Platform

  • Rewterz XDR
  • Rewterz Defense
  • Rewterz Threat Intelligence

Managed Security Services

  • Managed Security Monitoring
  • Remote SOC
  • Onsite SOC
  • Hybrid SOC

Assess

  • Compromise Assessment
  • APT Assessment
  • Penetration Testing
  • Architecture Design & Review
  • Red Team Assessment
  • Purple Team Assessment
  • Social Engineering
  • Source Code Review

Transform

  • SOC Consultancy
  • SOC Maturity Assessment
  • SOC Model Evaluation
  • SOC Gap Analysis
  • SIEM Gap Analysis
  • SIEM Optimization
  • SOC Content Pack

Train

  • Simulated Cyber Attack Exercise
  • Tabletop Exercise
  • Security Awareness and Training

Respond

  • Incident Analysis
  • Incident Response

Threat Insights

  • Threat Advisories
  • Monthly Threat Insights
  • Threat Intelligence Reports

Resources

  • Blog
  • Press Releases

Connect With Us

  • Contact
  • Careers
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.
Get a Demo