Rewterz Threat Advisory – CVE-2020-26422 – Wireshark denial of service
December 22, 2020Rewterz Threat Advisory – CVE-2020-5808 – Tenable Tenable.sc information disclosure
December 23, 2020Rewterz Threat Advisory – CVE-2020-26422 – Wireshark denial of service
December 22, 2020Rewterz Threat Advisory – CVE-2020-5808 – Tenable Tenable.sc information disclosure
December 23, 2020Severity
High
Analysis Summary
Emotet Malware is constantly being detected in the wild, targeting organizations from multiple sectors and countries. Emotetis a Trojan that is primarily spread through spam emails (malspam). The infection may arrive either via malicious script, macro-enabled document files, or malicious link. Emotet emails may contain familiar branding designed to look like a legitimate email. Emotet may try to persuade users to click the malicious files by using tempting language about “YourInvoice,” “Payment Details,” or possibly an upcoming shipment from well-known parcel companies. Emotet has gone through a few iterations. Early versions arrived as a malicious JavaScript file. Later versions evolved to use macro-enabled documents to retrieve the virus payload from command and control (C&C) servers run by the attackers. Lately, Emotet infections have been used to distribute other malware like Qakbot. So these can be multi-stage attacks that bundle other malware with emotet. Emotet has also been found stealing email attachments to attack contacts of compromised victims.
Fresher IoCs are retrieved almost every week.
Impact
- Financial loss
- Exposure of sensitive data
Indicators of Compromise
MD5
- 440d59c4b0c5b895fbdf0f51eb4331c9
- 9c35a1e522b8d9d48313ab8f8117b4c9
- 8ac33329a0c0bb720796874ab42121e7
- eea9730c8b427009251cf310bd8c99ef
- 2609135b06c30cf497bf3220df302616
- a5f973505a28aeedb5439640bb4cbe69
- 2d98edc676e04e12a849ca903143ccdd
- 3f2701c3e98289d3a8e130a805d60901
- c5b878437a358ad0ccfa2b2ad41c12b7
- 9ec91db1243cf707f6d4d83841d851dd
- 466985f20b50a18a2e808d2b98c24331
- 87bc7f98760a5a72c2fd5511497e746d
- c2783eaaa3ae107ceb4c2e8c65684ddb
- 36e7f2ae31e2b5e623529122a18ba76c
- e7a5d832a01eb6ff32429c24c4cfd19d
- e5d47be2d6835ffbf9273183a165d4d4
- 17b5b7460675ed260d3cf6842e402024
- bce42e917ba1e7bcac4bef98d32c114a
SHA-256
- e9b5c069a0bb351288d1b3bd1d9894cc07e4287c139474e753b42441b486f6f3
- d52ef6e08cb90154fa0195d24be9e05559846bc1451e29494dd76db3231fee8a
- d07c1c5fd6d07a34fc89c87e410cc14d53971671d76106599e56822fe826cebe
- bff93708db43d3d6449a7c41c9f193fd28333d1f06d7caa3f7af0442a6b531c6
- b01dfb00fd48daf8ef000afe014c4a46e824565f6b0b2f8b22347f7d69693fb1
- ace5ddc10143a31cc2df2146715a6f06aabce2bc62283d744129cad0df6caf24
- 86ea1c96f66e3590e2945dc29582652a320f73579a67d87d35d05729e21d3078
- 7b5a1638e8de53886681a7b38e2ff6c736820efc872dc2022311b186fa50a28a
- 72c6870e4a0bf0f72461e933fefeea9ee46cd202142ad7ca6394b59431150e8d
- 6a89a182a06e603883dbfaeddfc0d63906412d87d83b565117d9d5f8d2c8e80d
- 5eadfa4dd6b036fb7cc42f1c023fde4579c2d2ab49e4c84b93f6e207272b07b3
- 5d1c5406a90ca4ba7c5078c9f70aa0b3529b881307a5c7dcdd36c5078fdac5a7
- 55575706fa5962eb566bd22d46e44c4512ae7f68dc97732a8bf5f220524e215f
- 47b014bad2d24296b2d07b3f69a9ce0b7249d11097fc09044a34755ae7be7810
- 40262cc016ac77ac410894f3dfd8a1c4a3fcbb3725a583d6defd2ea4d556df5a
- 3bf02147cc6adcb05dfbfa2b38035a502d63ccd755fc75d3b84e906faaa6d8e0
- 2fe68792156de00f51f5ba6eb2654c68939c82bade8d874bf40ef874995aaf30
- 12b570ed04bcef22ec41a8b940c3578aad3997f5f0dd91ce114a3a110b867fe8
SHA1
- 374e6f97a7e07844dbdbca0c4eef9a6669633637
- 61bc7f076227298c2d103bab377c2eb7da9f1611
- b44397171d089cd72271aade9641d4e84e8d6932
- b4c0fbeb2dafa99d68d08bab07fbe992654d85e1
- 0afb7a94f87826d60c4343e45311ba66dd5a87f3
- cb0b0411f9c201377fcc3569dba02ebd43da9222
- e5723e4f8dc982e873e1b325f7e3209298860742
- 777d9654ff9312d713b657f2e7fc528409b090f9
- cf8c190de3aa10fb6b09de62b6ba7038f7a39bda
- 87ea48f4d66630fa838815e04756f26a1a8ce725
- 52ac3c024b0c6ab9cfed38c426d2c4c1d9876aba
- ac19d67f5193fa5d80a130bf21ee5c7eac04e3db
- 9115ac040561a6dde9367856fd94cef4e8760e34
- a162721627d23fe6870f25675961322491944f6c
- fafdbaf599191bf46e35281a9dfd334ca45eaf90
- b173d0c34b45eec70d5e91191e8ce02f042df4e3
- ca001e4f669b48f91879165fe1fcc0751dba8672
- 17c0fd5c68bfeae1924eefaac710191067241b69
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.