Rewterz Threat Advisory – Oracle Solaris Multiple Third Party Components Multiple Vulnerabilities
April 17, 2019Rewterz Threat Advisory – CVE-2018-15756 – Oracle Retail Invoice Matching Denial of Service Vulnerability
April 17, 2019Rewterz Threat Advisory – Oracle Solaris Multiple Third Party Components Multiple Vulnerabilities
April 17, 2019Rewterz Threat Advisory – CVE-2018-15756 – Oracle Retail Invoice Matching Denial of Service Vulnerability
April 17, 2019Severity
Medium
Analysis Summary
Additional IOCs are provided for a new malspam themed ransonware GandCrab which is active again and currently delivering malicious url’s to different users.
Indicators of Compromise
URLs
- hxxp://gandcrabmfe6mnef[.]onion
- hxxp://www.kakaocorp[.]link/includes/images/dekahehees.jpg
- hxxp://www.kakaocorp[.]link/news/pictures/soru.png
- hxxp://www.now[.]cn/whois/info.net
- manuscementferpo[.]space
- gandcrabmfe6mnef[.]onion
- www.kakaocorp[.]link
- 107-173-49-208-host.colocrossing[.]com
- fliptray[.]biz
- kakaocorp[.]link
- watchsale[.]biz
- www.now[.]cn
- www.todaynic[.]com
- todaynic[.]com
- todyanic[.]com
Malware Hash (MD5/SHA1/SH256)
- 3cd900bd09cda8181b16242fabacd81e9aa84f2b
- c2094fd33fa7bda0c5d6d3d7539e7d640f71216e
- 2c5209a8bc0edca7503fae7e0d6249ef9e878cd7
Remediation
- Block threat indicators at your respective controls
- Never click on links/ attachments sent by unknown senders
- Always be suspicious about the emails sent by unknown senders