Rewterz Threat Advisory – Multiple Advantech Zero-days
February 3, 2022Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
February 3, 2022Rewterz Threat Advisory – Multiple Advantech Zero-days
February 3, 2022Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
February 3, 2022Severity
High
Analysis Summary
The newly discovered malware is targeting Asian CSPs (Cloud Service Providers). It employees Anti-hardening and Anti-forensics techniques. CoinStomp consists of multiple shell scripts that are attempting to exploit cloud instances hosted by these Asian CSPs. The malware gets its name from its Timestomping (manipulation of timestamps) and cryptojacking motives.
Impact
- Credential Theft
- Data Theft
- Keystroke Logging
Indicators of Compromise
IP
- 205[.]185[.]113[.]151
MD5
- 8d3731e26954665b44f7d353bc2812ce
- e4c9095d31fbb44bf753ab750bc32e48
- 5a7b98dee287d03406077c61e3402727
- 3817f76742700ea3bbb54fb840f94322
SHA-256
- 2a6f6324d026baeec3894877c44d4c74a231d9104c908e4162ff1cc3cf6fe14e
- cb9f0dca725fa0eae8a39c7d07e62441d6ae50b776df8a9ab1cb7f86a22c75ca
- c1a3f32689461fb9570d4e212bba18391f6bb413bc77cb16def92d0226320e7d
- dbe44ec7e9d6600cc0daf4e8aac1835348d6d4929c732bb7e30c32b3563362e6
SHA-1
- e9cce0d8476c634f92d0d33e227ed2a5fb44306c
- d7e0a8cdaa28d8fac6570e548c3d52fb1e41347b
- 4f729b4415c34c2d4db17b3a91d0e6bf07a43325
- bd8e79f378cc32c6654fb9159771761326205361
Remediation
- Block the threat indicators at their respective controls.
- Search for IOCs in your environment.