Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
May 30, 2023
Severity High Analysis Summary Recently, researchers discovered an advanced phishing method called “file archiver in the browser” that exploits .ZIP domains to deceive unsuspecting individuals. This […]May 28, 2023Severity High Analysis Summary An email protection and network security services provider has issued a warning regarding a zero-day vulnerability that has been exploited to compromise […]May 26, 2023Severity High Analysis Summary CVE-2023-32165 CVSS:9.8 D-Link D-View could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in TftpReceiveFileHandler […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
May 30, 2023Severity High Analysis Summary Recently, researchers discovered an advanced phishing method called “file archiver in the browser” that exploits .ZIP domains to deceive unsuspecting individuals. This […]May 28, 2023Severity High Analysis Summary An email protection and network security services provider has issued a warning regarding a zero-day vulnerability that has been exploited to compromise […]May 26, 2023Severity High Analysis Summary CVE-2023-32165 CVSS:9.8 D-Link D-View could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in TftpReceiveFileHandler […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – CVE-2017-5638 – Apache Struts Exploit Attempts
October 25, 2019Rewterz Threat Alert – Possible APT28 Targeted attacks against mining corporations in Kazakhstan
October 25, 2019
Severity
High
Analysis Summary
Citadel Banking Malware is found being distributed to target financial institutions. The malicious files is reportedly downloaded by the JSDownloader. Researchers have linked it to VMZeuS Webinject / MITM server targeting financial institutions. Indicators of compromise are given below.
Impact
- Theft of Banking Passwords
- Financial Loss
Indicators of Compromise
Domain Name
- godisonourside5[.]store
- baloobafoudanitojahdge[.]space
- molanounakomllbsedfrtee[.]xyz
MD5
1dabf26b659872c2932b635bc5bc954b
SH256
300586b88c4d6988a24cb0bc8b66c6952dc4c0c9c6a4c52cc3f569e54bd4cbc6
SHA1
7e6074fc61f67b8203266f72ba274b2102c92ef3
URL
- http[:]//molanounakomllbsedfrtee[.]xyz/1.exe
- http://baloobafoudanitojahdge.space/n/cp.php?m=login
Remediation
- Block the threat indicators at their respective controls.
- Do not download files attached in untrusted emails.
- Keep all systems and software up-to-date.