Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 15, 2023Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]March 15, 2023Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]March 15, 2023Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 15, 2023Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]March 15, 2023Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]March 15, 2023Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – Cisco IOS XE Software Web UI Command Injection Vulnerabilities
October 15, 2019Rewterz Threat Advisory – CVE-2019-8071 – Adobe Download Manager Privilege Escalation Vulnerability
October 16, 2019
Severity
Medium
Analysis Summary
Fallout Exploit Kit is usually used to deliver ransomware (GandCrab, Kraken, Maze, Minotaur, Matrix and Stop), Banker Trojans (DanaBot) and information stealers (RaccoonStealer, AZORult, Vidar), and others.
Currently, it’s being used to deliver the Raccoon stealer. Exploit kits are being deployed on vulnerable systems via malicious ads. Because of the complex redirection chain provided by ad services, malicious ads remain an extremely effective attack vector to deliver exploits and, finally, malware. The initial redirection to the Fallout EK is performed via malvertising, using a dedicated ad server that provides malicious redirects. From the malicious ad, the browser is redirected to the exploit kit’s landing page. The page loads more JavaScript, then VBScript and then Flash exploits are delivered to vulnerable browsers.
Finally, an encoded PowerShell script is downloaded and executed, which in turn downloads the malware payload and launches it. It’s a password and crypto stealer. Stolen data, along with machine and OS information is packed into a Log.zip file and exfiltrated.
Impact
- Credential theft
- Theft of auto-fill information and cookies
- Crypto-wallet credential theft
Indicators of Compromise
Domain Name
- yourfirmware[.]biz
- comicsansfont[.]com
- gonzalesnotdie[.]com
- gorgantuaisastar[.]com
Malware Hashes:
MD5
- 97d329f9a8ba40cc6b6dd1bb761cbe5c
- d490bd6184419561350d531c6c771a50
SH256
- 2db1b7d63e7dd9c7c5c949e9d80470419ef977849bf5419785729442e9ea7d44
- 1e33e3aa6404a00978e10ffe9879f68f09c38ddb44533905cc733a7703b771d6
Source IP
- 34[.]77[.]205[.]80
URL
- hxxp[:]//91[.]90[.]192[.]214/JwVDfphxxp[:]//172[.]105[.]36[.]165/kr/url[.]php
Affected Products
- Google Chrome
- Google Chrome Canary
- Vivaldi
- Xpom
- Comodo Dragon
- Amigo
- Orbitum
- Opera
- Bromium
- Nichrome
- Sputnik
- Kometa
- uCoz Uran
- RockMelt
- 7Star
- Epic Privacy Browser
- Elements Browser
- CocCoc
- TorBro
- Shuhba
- CentBrowser
- Torch
- Chedot
- Superbird
- Mozilla Firefox
- Waterfox
- SeaMonkey
- Pale Moon
Remediation
- Block threat indicators at their respective controls.
- Do not visit suspicious websites displayed in random ads found on legitimate websites.
- Keep the mentioned browsers patched and updated to the latest versions.
- Avoid executing any files that are downloaded upon redirection.