• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Lazarus Hackers Steal Data Using MATA Malware
July 23, 2020
Rewterz Threat Alert – Prometei Crypto-mining Botnet Exploits Windows SMB
July 23, 2020

Rewterz Threat Alert – Cybersecurity Vendors Impersonated in Malicious Activities

July 23, 2020

Severity

High

Analysis Summary

A new cyber attack campaign is observed impersonating cyber security vendors and pushing malicious documents portrayed as intelligence of cyber attacks. The campaign drops macros well detected on threat intelligence forums. The document prompts targets to enable content. Below is a preview of such a document that impersonates FireEye. 

Image

Impact

Malicious code execution

Indicators of Compromise

Domain Name

  • microsotflogin[.]com
  • faecbooklogin[.]com
  • facbeookloggin[.]com
  • facebokloggin[.]com
  • fireeyee[.]com
  • kasparksy[.]com

MD5

  • c09e58489e3bef464ee7d53c0d609f78
  • 6dcdc730eaaca5983a4d5b26bc247c12
  • 768ac4379ebd60fbc3207da789c40683
  • 3affe13cc587ef7623ddfc15fc26099d
  • 844b0e1a8d79c5c3ecbe970e890f6ea1

SHA-256

  • 25801b86c6d2f41ea26db2b6508568ac95e0c568cd7f54af74676181e2564a30
  • af443079e30d703a97ee1a8db695398b79a57cb5aa43f5fe4f6c0f95b165feca
  • e6e2e20237ae757730b10d6deddce3f3711d09f693fe78d6b25bb6e7626079ac
  • 7afe9cb3aebbc59fb0517ad7f34c5a5e9510c20e1c215e80d82c36c468ea1f0a
  • 2deb003f7297cb6b40320e38aae81f62e338512bdf0acb27fb3ccdf7386b16aa

SHA1

  • 41ede30973d6923c5bc786f1296d9b75fceb6f0c
  • 7f9d4122cc2d88f7817843060709a5b4d4c86a7b
  • 2583a7aa01fdfe427e19d8d5ed3afe2c59ba33fc
  • d8d4d2e2c5c79f6ccafb7b41804f6b6ebfe8139f
  • 097548237df53b18c40a00803435f0006b1a66f2

Source IP

  • 104[.]244[.]78[.]10
  • 46[.]165[.]230[.]12

URL

  • https[:]//fireeyee[.]com/reports/fireeye_singapore_apt[.]docm
  • hxxp[:]//kasparksy[.]com/reports/kaspersky_report_07_2020[.]docm

Remediation

  • Block the threat indicators at their respective controls.
  • Do not download attachments from untrusted emails. 
  • Do not download any cyber security reports from random sources. 
  • Always double-check for spelling mistakes in domain names before clicking on any links. 
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.