Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 22, 2023
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]September 22, 2023Severity Medium Analysis Summary First discovered in 2016, Revenge RAT is a remote access trojan (RAT) designed to give an attacker complete control over an infected […]September 22, 2023Severity High Analysis Summary The Konni APT (Advanced Persistent Threat) group is a cyber espionage group that has been active since at least 2014. It is […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 22, 2023Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]September 22, 2023Severity Medium Analysis Summary First discovered in 2016, Revenge RAT is a remote access trojan (RAT) designed to give an attacker complete control over an infected […]September 22, 2023Severity High Analysis Summary The Konni APT (Advanced Persistent Threat) group is a cyber espionage group that has been active since at least 2014. It is […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – Latest Ursnif Campaign Targeting Organizations
April 21, 2020Rewterz Threat Alert – Starbleed Attacks on Data Centers, IoT Devices, Industrial Equipment using FPGA Chips
April 21, 2020
Severity
Medium
Analysis Summary
Two campaigns spotted leverage COVID-19 related lures to target employees. The first email spotted claims that an Excel attachment contains guidelines for preventing a Coronavirus outbreak. It leverages TTPs similar to an ongoing malspam campaign that uses these Excel documents to infect systems with Zloader. Zloader then downloads the Zeus banking Trojan onto the victim system as the final payload. The second email analyzed in the blog post uses a shipping-theme, claiming shipment delays because of Coronavirus. A link is provided to see more details; however, visiting this link leads to the download of an IMG file. This IMG file, in turn, infects the victim host with the Nanocore RAT, providing remote access to the attacker.
Impact
- Credential theft
- Exposure of sensitive data
- Financial loss
Indicators of Compromise
MD5
579090062d15633c58d1e9a37444ee8f
SHA-256
7b2adf1c8ff725d7dd61b0fdc3ef9e6e3a8bd1b744fd209290a1bf65f9b9acb4
SHA1
27af4e30ca4fd382ae20214c8d777d89b82cb356
URL
http[:]//gbud[.]webd[.]pl/images/COVID-19-04-01-2020[.]IMG
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.