Rewterz Threat Alert – Medusa Locker Ransomware
June 5, 2020Rewterz Threat Advisory – Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities
June 5, 2020Rewterz Threat Alert – Medusa Locker Ransomware
June 5, 2020Rewterz Threat Advisory – Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities
June 5, 2020Severity
Medium
Analysis Summary
In the latest observed samples of phishing attempts the Corona Virus pandemic is again used to attract the attention of the victim. The trustworthy company name Alpha Bank, the second largest bank in Greece, together with a bank-transaction theme is a very good combination, that a victim will at least read the email and maybe opens the attachment.
The attachment contains a variant of GuLoader, which is considered as one of the most advanced downloaders and known as a popular RAT distribution program.
Impact
- Credential theft
- Exposure of sensitive data
Indicators of Compromise
Filename
- Payment Advice[.]ace
- Swift Copy[.]ace
MD5
- 6d8f6bd07bc06bd2bdfed480b06a20ec
- 442457e2b497bd721bf7d484a50cce86
- fe400f3fe49e362ae52103f9db4f9b03
SHA-256
- 8b91664ce266b3f29b75db596569af62359e77deb2d7a9beb88dd92c84cb7cab
- 746aa0624ebdf5ef5d341694688cdad63f0950c31c612a37e92745f7c699a688
- 6c57609bd1a564ee9e0d10438b4a6dddde014c7caba0a35cc6317aab71ea5b9e
SHA1
- d429d7f3e97869190b0c7b8e2b0c4ab0f6d3a3bd
- 1481c301d1afd3ad7b40fdecf0168d16c084676b
- 0bca11588abe36799b4f1f0fc086354984bf28d5
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.