Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 19, 2023Severity Medium Analysis Summary CVE-2022-42436 IBM MQ Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. Impact Indicators Of Compromise […]March 19, 2023Severity Medium Analysis Summary CVE-2023-0027 Rockwell Automation Modbus TCP AOI Server could allow a remote attacker to obtain sensitive information. By sending a malformed message, an […]March 17, 2023Severity High Analysis Summary CVE-2023-27984 CVSS:7.8 Schneider Electric IGSS could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 19, 2023Severity Medium Analysis Summary CVE-2022-42436 IBM MQ Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. Impact Indicators Of Compromise […]March 19, 2023Severity Medium Analysis Summary CVE-2023-0027 Rockwell Automation Modbus TCP AOI Server could allow a remote attacker to obtain sensitive information. By sending a malformed message, an […]March 17, 2023Severity High Analysis Summary CVE-2023-27984 CVSS:7.8 Schneider Electric IGSS could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – PatchWork APT Group Targeting Pakistan – Active IOCs
December 30, 2022Rewterz Threat Alert – Phobos Ransomware – Active IOCs
December 30, 2022
Severity
High
Analysis Summary
CrySIS, also known as Dharma, is a group of ransomware that has been developing starting around 2016. We have seen that this ransomware has become progressively dynamic of late, expanding by an edge of 148% from February until April 2019. The increase in discoveries might be because of CrySIS’ powerful utilization of different assault vectors. Italian Windows users are being targeted by a spam campaign that is spreading the Dharma ransomware as the end payload. Researchers indicate the spam emails attempt to disguise themselves as invoice emails. In reality, the spam is being used to infect users with the Ursnif keylogger or the Dharma ransomware. The emails claim that the included URL is a link to invoice documents that need the reader’s approval. The URL references a OneDrive page where a file named “New documento 2.zip” is automatically downloaded as soon as the page is displayed. The zip file contains a Visual Basic script and an image file. Should the user execute the Visual Basic script, infection begins.
Impact
- Data Encryption
Indicators of Compromise
MD5
- b2f083ee365141030c49ddffc325f6be
SHA-256
- 231bba5652f6fbdbab3016362fb7925fc4e4489fff5e6a4a98c37fba5bd0cfe9
SHA-1
- f1091be7e566d068403a87b0e7ed4b959c952c8e
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.