Rewterz Threat Advisory – PHP-Fusion SQL Injection Vulnerability
June 17, 2020Rewterz Threat Advisory – CVE-2020-13238 – ICS: Mitsubishi Electric MELSEC iQ-R series
June 17, 2020Rewterz Threat Advisory – PHP-Fusion SQL Injection Vulnerability
June 17, 2020Rewterz Threat Advisory – CVE-2020-13238 – ICS: Mitsubishi Electric MELSEC iQ-R series
June 17, 2020Severity
Medium
Analysis Summary
A global malicious spam campaign that is targeting users who may be sympathetic to the Black Lives Matter movement that began in the United States and is emerging slowly globally. The ongoing COVID-19 pandemic and the numerous protests in the United States and elsewhere, attackers are leveraging the global news cycle to lure unsuspecting victims to download and open malicious attachments. The campaign uses a variety of subject lines for emails with an attached malicious Microsoft Word document to compel the user into opening the attachment.
It is believed that the primary target of the campaign was USA but now it has started to shift it’s tile towards other countries as well since the Black lives matter campaign has impacted globally and people are protesting for it different countries. This campaign has been seen active in Canada, Cyprus, Thailand etc.
Impact
- Exposure of sensitive data
- Information theft
Indicators of Compromise
MD5
- 87fcb42e736e76fd147bf282f2fc621b
SHA-256
- af1fd845b7488ce9582409fd9a7a8a8e9fca0c4d366966cd3b8dfdffada99f98
- 50b3d47d816b27f2e57c6bfc9cec866e0a1dfa64226679b3d434443016d1de0a
- c9d7bdceddc35b22087fbe25b31226941a85d45ff942cc057de4077131ba2fad
- 153179d234d351c03908fdf7a8d5ae208d7f3cd033931c633f2f376b1c6c1cbb
- c269cbffec913fe22458ebaf05a0b70fdd339f39123c9809c4997bb40107a73f
- 17fff7062c525cc1f0293fc9693982d793f44e483bab57fd2330ca5769cf4bf1
- 35e1f022861474407246f0c66218a83019381e8745e4c6b294cf150f401c16dc
- 84e3cfce2b0f54c908eb2e7e0b2732c86d9cddc4a2b1bc59d13d8ffd51f54a53
- 3c1639044254cf6359062245277f56404d344a21be60f61d0ebd94476140f45f
- bc0eef72d7b1bf11866e36a9782c353af9fa554278b8a356a7aac825ae752d5d
- e449fc1ef3c8aa7bb6c3b6c323a9e465f26c05381912f128fde901234c8e5596
- 024a8f2a3970df1c34f96770122707a6a60c489318355878517c5a0baafc2453
- 7295626ebb7105fae83c12c0fac28df28f86b534e91f6fb37ea27e75becc8868
- 67588ae687109031d7d6b428aaa14708110dab5c9f117e3d30d5b0d234cf5dae
SHA1
- 378be007538fad9640d1724bbce13ccac49d17f
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.