• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Medusa Locker Ransomware
June 5, 2020
Rewterz Threat Advisory – Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities
June 5, 2020

Rewterz Threat Alert – COVID-19 Phishings Distribute GuLoader Targeting Greek Banks

June 5, 2020

Severity

Medium

Analysis Summary

In the latest observed samples of phishing attempts the Corona Virus pandemic is again used to attract the attention of the victim. The trustworthy company name Alpha Bank, the second largest bank in Greece, together with a bank-transaction theme is a very good combination, that a victim will at least read the email and maybe opens the attachment.

The attachment contains a variant of GuLoader, which is considered as one of the most advanced downloaders and known as a popular RAT distribution program.

Impact

  • Credential theft
  • Exposure of sensitive data

Indicators of Compromise

Filename

  • Payment Advice[.]ace
  • Swift Copy[.]ace

MD5

  • 6d8f6bd07bc06bd2bdfed480b06a20ec
  • 442457e2b497bd721bf7d484a50cce86
  • fe400f3fe49e362ae52103f9db4f9b03

SHA-256

  • 8b91664ce266b3f29b75db596569af62359e77deb2d7a9beb88dd92c84cb7cab
  • 746aa0624ebdf5ef5d341694688cdad63f0950c31c612a37e92745f7c699a688
  • 6c57609bd1a564ee9e0d10438b4a6dddde014c7caba0a35cc6317aab71ea5b9e

SHA1

  • d429d7f3e97869190b0c7b8e2b0c4ab0f6d3a3bd
  • 1481c301d1afd3ad7b40fdecf0168d16c084676b
  • 0bca11588abe36799b4f1f0fc086354984bf28d5

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.