• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2020-26422 – Wireshark denial of service
December 22, 2020
Rewterz Threat Advisory – CVE-2020-5808 – Tenable Tenable.sc information disclosure
December 23, 2020

Rewterz Threat Alert – Emotet is Back

December 22, 2020

Severity

High

Analysis Summary

Emotet Malware is constantly being detected in the wild, targeting organizations from multiple sectors and countries. Emotetis a Trojan that is primarily spread through spam emails (malspam). The infection may arrive either via malicious script, macro-enabled document files, or malicious link. Emotet emails may contain familiar branding designed to look like a legitimate email. Emotet may try to persuade users to click the malicious files by using tempting language about “YourInvoice,” “Payment Details,” or possibly an upcoming shipment from well-known parcel companies. Emotet has gone through a few iterations. Early versions arrived as a malicious JavaScript file. Later versions evolved to use macro-enabled documents to retrieve the virus payload from command and control (C&C) servers run by the attackers. Lately, Emotet infections have been used to distribute other malware like Qakbot. So these can be multi-stage attacks that bundle other malware with emotet. Emotet has also been found stealing email attachments to attack contacts of compromised victims.
Fresher IoCs are retrieved almost every week.

Impact

  • Financial loss 
  • Exposure of sensitive data

Indicators of Compromise

MD5

  • 440d59c4b0c5b895fbdf0f51eb4331c9
  • 9c35a1e522b8d9d48313ab8f8117b4c9
  • 8ac33329a0c0bb720796874ab42121e7
  • eea9730c8b427009251cf310bd8c99ef
  • 2609135b06c30cf497bf3220df302616
  • a5f973505a28aeedb5439640bb4cbe69
  • 2d98edc676e04e12a849ca903143ccdd
  • 3f2701c3e98289d3a8e130a805d60901
  • c5b878437a358ad0ccfa2b2ad41c12b7
  • 9ec91db1243cf707f6d4d83841d851dd
  • 466985f20b50a18a2e808d2b98c24331
  • 87bc7f98760a5a72c2fd5511497e746d
  • c2783eaaa3ae107ceb4c2e8c65684ddb
  • 36e7f2ae31e2b5e623529122a18ba76c
  • e7a5d832a01eb6ff32429c24c4cfd19d
  • e5d47be2d6835ffbf9273183a165d4d4
  • 17b5b7460675ed260d3cf6842e402024
  • bce42e917ba1e7bcac4bef98d32c114a

SHA-256

  • e9b5c069a0bb351288d1b3bd1d9894cc07e4287c139474e753b42441b486f6f3
  • d52ef6e08cb90154fa0195d24be9e05559846bc1451e29494dd76db3231fee8a
  • d07c1c5fd6d07a34fc89c87e410cc14d53971671d76106599e56822fe826cebe
  • bff93708db43d3d6449a7c41c9f193fd28333d1f06d7caa3f7af0442a6b531c6
  • b01dfb00fd48daf8ef000afe014c4a46e824565f6b0b2f8b22347f7d69693fb1
  • ace5ddc10143a31cc2df2146715a6f06aabce2bc62283d744129cad0df6caf24
  • 86ea1c96f66e3590e2945dc29582652a320f73579a67d87d35d05729e21d3078
  • 7b5a1638e8de53886681a7b38e2ff6c736820efc872dc2022311b186fa50a28a
  • 72c6870e4a0bf0f72461e933fefeea9ee46cd202142ad7ca6394b59431150e8d
  • 6a89a182a06e603883dbfaeddfc0d63906412d87d83b565117d9d5f8d2c8e80d
  • 5eadfa4dd6b036fb7cc42f1c023fde4579c2d2ab49e4c84b93f6e207272b07b3
  • 5d1c5406a90ca4ba7c5078c9f70aa0b3529b881307a5c7dcdd36c5078fdac5a7
  • 55575706fa5962eb566bd22d46e44c4512ae7f68dc97732a8bf5f220524e215f
  • 47b014bad2d24296b2d07b3f69a9ce0b7249d11097fc09044a34755ae7be7810
  • 40262cc016ac77ac410894f3dfd8a1c4a3fcbb3725a583d6defd2ea4d556df5a
  • 3bf02147cc6adcb05dfbfa2b38035a502d63ccd755fc75d3b84e906faaa6d8e0
  • 2fe68792156de00f51f5ba6eb2654c68939c82bade8d874bf40ef874995aaf30
  • 12b570ed04bcef22ec41a8b940c3578aad3997f5f0dd91ce114a3a110b867fe8

SHA1

  • 374e6f97a7e07844dbdbca0c4eef9a6669633637
  • 61bc7f076227298c2d103bab377c2eb7da9f1611
  • b44397171d089cd72271aade9641d4e84e8d6932
  • b4c0fbeb2dafa99d68d08bab07fbe992654d85e1
  • 0afb7a94f87826d60c4343e45311ba66dd5a87f3
  • cb0b0411f9c201377fcc3569dba02ebd43da9222
  • e5723e4f8dc982e873e1b325f7e3209298860742
  • 777d9654ff9312d713b657f2e7fc528409b090f9
  • cf8c190de3aa10fb6b09de62b6ba7038f7a39bda
  • 87ea48f4d66630fa838815e04756f26a1a8ce725
  • 52ac3c024b0c6ab9cfed38c426d2c4c1d9876aba
  • ac19d67f5193fa5d80a130bf21ee5c7eac04e3db
  • 9115ac040561a6dde9367856fd94cef4e8760e34
  • a162721627d23fe6870f25675961322491944f6c
  • fafdbaf599191bf46e35281a9dfd334ca45eaf90
  • b173d0c34b45eec70d5e91191e8ce02f042df4e3
  • ca001e4f669b48f91879165fe1fcc0751dba8672
  • 17c0fd5c68bfeae1924eefaac710191067241b69

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment. 
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.