Rewterz Threat Advisory – Oracle PeopleSoft Enterprise Learning Management Multiple Vulnerabilities

April 18, 2019

Rewterz Threat Advisory – IBM Security QRadar SIEM Multiple Vulnerabilities

April 19, 2019

Rewterz Threat Alert – Gustuff Banking Botnet Targeting Financial Institutions

April 18, 2019

Severity

Medium

Analysis Summary

A banking botnet was rcently observed targeting Australian financial institutions. The researchers believe that this Android-based campaign is related to the recent “ChristinaMorrow” spam campaign. The infection vector is via SMS text, targeting between four and five potential victims at a time. If a victim clicks the URL contained in the text message, it will attempt to resolve to a command and control server and try to install the malware on the victim’s device. The malware being utilized includes the following functionalities: the ability to steal a victim’s credentials, contacts, phone numbers/names, files, and photos from an infected device. Gathering of such information suggests that more complex social engineering attacks are to follow.

Impact

Credential Theft
Information Disclosure

Indicators of Compromise

IP(s) / Hostname(s)

78[.]46[.]201[.]36
88[.]99[.]170[.]84
88[.]99[.]227[.]26
94[.]130[.]106[.]117
88[.]99[.]174[.]200
88[.]99[.]189[.]31

URLs

homevideo2-12l[.]ml
facebook-photos-au[.]su
videohosting1-5j[.]gq
http[:]//88[.]99[.]227[.]26/html2/2018/GrafKey/new-inj-135-3-dark[.]html
http[:]//88[.]99[.]227[.]26/html2/arc92/au483x[.]zip
http[:]//94[.]130[.]106[.]117[:]8080/api/v1/report/records[.]php
http[:]//88[.]99[.]227[.]26/html2/new-inj-135-3-white[.]html
http[:]//facebook-photos-au[.]su/ChristinaMorrow
http[:]//homevideo2-12l[.]ml/mms3/download_3[.]php

Malware Hash (MD5/SHA1/SH256)

369fcf48c1eb982088c22f86672add10cae967af82613bee6fb8a3669603dc48
b2d4fcf03c7a8bf135fbd3073bea450e2e6661ad8ef2ab2058a3c04f81fc3f3e
8f5d5d8419a4832d175a6028c9e7d445f1e99fdc12170db257df79831c69ae4e
a5ebcdaf5fd10ec9de85d62e48cc97a4e08c699a7ebdeab0351b86ab1370557d
84578b9b2c3cc1c7bbfcf4038a6c76ae91dfc82eef5e4c6815627eaf6b4ae6f6
89eecd91dff4bf42bebbf3aa85aa512ddf661d3e9de4c91196c98f4fc325a018
9edee3f3d539e3ade61ac2956a6900d93ba3b535b6a76b3a9ee81e2251e25c61
0e48e5dbc3a60910c1460b382d28e087a580f38f57d3f82d4564309346069bd1
c113cdd2a5e164dcba157fc4e6026495a1cfbcb0b1a8bf3e38e7eddbb316e01f
1819d2546d9c9580193827c0d2f5aad7e7f2856f7d5e6d40fd739b6cecdb1e9e
b213c1de737b72f8dd7185186a246277951b651c64812692da0b9fdf1be5bf15
453e7827e943cdda9121948f3f4a68d6289d09777538f92389ca56f6e6de03f0
88034e0eddfdb6297670d28ed810aef87679e9492e9b3e782cc14d9d1a55db84
e08f08f4fa75609731c6dd597dc55c8f95dbdd5725a6a90a9f80134832a07f2e
01c5b637f283697350ca361f241416303ab6123da4c6726a6555ac36cb654b5c
1fb06666befd581019af509951320c7e8535e5b38ad058069f4979e9a21c7e1c
6bdfb79f813448b7f1b4f4dbe6a45d1938f3039c93ecf80318cedd1090f7e341
0246dd4acd9f64ff1508131c57a7b29e995e102c74477d5624e1271700ecb0e2

Remediation

Block all threat indicators at their respective controls.
Search for existing signs of the indicated IOCs in your environment.
Ensure anti-virus software and associated files are up to date.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Update – Southeast Asian Banking Apps Targeted By New FjordPhantom Android Malware

Rewterz Threat Alert – A New Gh0st RAT Malware Variant Targets South Korea and Uzbekistan – Active IOCs

Rewterz Threat Advisory – Multiple GitLab Community and Enterprise Edition Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us