Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Medium
A new email campaign is being used to distribute the NanoCore RAT via a uniquely-formatted ZIP archive attachment. The courier-themed email claims to be from an Export Operation Specialist of USCO Logistics and requests that the user open a ZIP attachment attempting to masquerade as a PDF. However, unlike typical ZIP archives, this attachment has two End of Central Directory (EOCD) records, indicating a second ZIP structure contained within the same archive. Based on analysis, it was determined that the first structure extracts to a benign PNG image, while the second extracts to an executable. The executable is the NanoCore RAT version 1.2.2.0, which was released just a few months ago. The researchers ran tests in order to determine how different archiving tools would handle this oddly-formatted ZIP archive. Five different common archiving tools were tested and the version of the tool also impacted the results. Two of the tested tools were unable to recognize the file as a valid archive. Of the remaining tools, most extracted the executable while one extracted the benign PNG. This technique of using two ZIP structures with a benign file as the first structure may be successful in bypassing email gateways depending on how the gateways analyze ZIP archives. However, even if they bypass security mechanisms, the success of the delivery also depends on the archiving tool and version used by the recipient.
Complete control of the compromised machine.
IP
194[.]5[.]98[.]85
SHA1