Rewterz Threat Alert – Amex Cardholders Targeted via Phishing Scheme
July 22, 2019Rewterz Threat Advisory – CVE-2019-1579 – Palo Alto PAN-OS code execution vulnerability
July 23, 2019Rewterz Threat Alert – Amex Cardholders Targeted via Phishing Scheme
July 22, 2019Rewterz Threat Advisory – CVE-2019-1579 – Palo Alto PAN-OS code execution vulnerability
July 23, 2019Severity
High
Analysis Summary
BrushaLoader is one of a growing group of downloaders frequently employed by threat actors to profile infected PCs and then load more robust payloads on devices of interest. Malware like BrushaLoader contributes to the ongoing trend of “quality over quantity” infections and enables threat actors to better stay under the radar than they can with highly disruptive infections like ransomware or when distributing massive malicious spam campaigns with high-profile malware as their primary payload. At the same time, these loaders can also deliver those same disruptive infections if threat actors choose to load ransomware as secondary payloads.
Impact
File encryption
Indicators of Compromise
URLs
- fees[.]tetofevent[.]online
- http://analiticap[.]info/
- https://drive[.]google[.]com:443/uc?id=14ok5q46YDL8wL1HLmQyuWi0n-xRgtHxq&export=download
- analiticap[.]info
Malware Hash (MD5/SHA1/SH256)
- 04869bef3007a33e8bf9b14bd650e2b872daa6d2bb2b5ea35d4cb271f35d49e2
- a1a6886f86ac1080d2fc3d645a8a1223209bfb1e91918d90a99b06d559ccb010
- a3f00f3b77faed13f24c8d572fe59ac38a2467449a60a1b9dc1c64baeb145b0a
- bf70c2a22bfb0cc952b29689394e623b632f1c3371f2a6864fd26514639393aa
- d994f65735bb53dda95f7ab097e59bbd2043f8091d246bc4e21ba55ba6bda764
- eb12ece1bb8ebaf888282db3c6c852f3e21397d60b45a694c424690b2d6fe838
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the link/ attachment sent by unknown senders.