

Rewterz Threat Advisory – CVE-2017-5638 – Apache Struts Exploit Attempts
October 25, 2019
Rewterz Threat Alert – Possible APT28 Targeted attacks against mining corporations in Kazakhstan
October 25, 2019
Rewterz Threat Advisory – CVE-2017-5638 – Apache Struts Exploit Attempts
October 25, 2019
Rewterz Threat Alert – Possible APT28 Targeted attacks against mining corporations in Kazakhstan
October 25, 2019Severity
High
Analysis Summary
Citadel Banking Malware is found being distributed to target financial institutions. The malicious files is reportedly downloaded by the JSDownloader. Researchers have linked it to VMZeuS Webinject / MITM server targeting financial institutions. Indicators of compromise are given below.
Impact
- Theft of Banking Passwords
- Financial Loss
Indicators of Compromise
Domain Name
- godisonourside5[.]store
- baloobafoudanitojahdge[.]space
- molanounakomllbsedfrtee[.]xyz
MD5
1dabf26b659872c2932b635bc5bc954b
SH256
300586b88c4d6988a24cb0bc8b66c6952dc4c0c9c6a4c52cc3f569e54bd4cbc6
SHA1
7e6074fc61f67b8203266f72ba274b2102c92ef3
URL
- http[:]//molanounakomllbsedfrtee[.]xyz/1.exe
- http://baloobafoudanitojahdge.space/n/cp.php?m=login
Remediation
- Block the threat indicators at their respective controls.
- Do not download files attached in untrusted emails.
- Keep all systems and software up-to-date.