Rewterz Threat Alert – Kwampirs Remote Access Trojan – IoCs
March 31, 2020Rewterz Threat Advisory – ICS: Hirschmann Automation and Control HiOS and HiSecOS Products
April 1, 2020Rewterz Threat Alert – Kwampirs Remote Access Trojan – IoCs
March 31, 2020Rewterz Threat Advisory – ICS: Hirschmann Automation and Control HiOS and HiSecOS Products
April 1, 2020Severity
Medium
Analysis Summary
As COVID-19 continues to spread, we are seeing an increase in threat actors impersonating public health organizations and luring victims in with fake links to government agencies. The four examples below impersonate the Center for Disease Control and Prevention (CDC) and the World Health Organization (WHO) .
In this global pandemic, threat actors are seizing every opportunity to rob people of their credentials and information in any possible manner. It is advised to keep to be wary of emails purportedly from public or government officials that claim to track or provide information on the virus.
Impact
- Credential Theft
- Exposure of sensitive data
Indicators of Compromise
Domain Name
cdchealth[.]org
Email
nationalhealthcenter@gravitt[.]net
mich[.]collins@hotmail[.]com
Hostname
url4510[.]cdchealth[.]org
URL
http[:]//url4510[.]cdchealth[.]org/
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.