• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Linux Rekoobe Malware is Back
January 22, 2020
Rewterz Threat Advisory – CVE-2020-3143 – Cisco TelePresence Collaboration Endpoint
January 23, 2020

Rewterz Threat Alert – Increased Activity of Emotet

January 23, 2020

Severity

High

Analysis Summary

There has been a recent increase in Emotet spam activity, which Symantec researchers have analyzed. The spikes in activity were detected starting in September 2019 and continuing to rise through November 2019. Two types of distribution methods were found in use based on analysis of the spam emails. The first used a link within the body of the email that led to the download of a Word document. The other attached the malicious Word document directly to the email. Themes used in both cases were mostly related to invoices or finances. The researchers note that the documents discovered had been created only hours before being distributed in these campaigns. If the user enables macros within the Word documents, PowerShell is used to drop and execute the Emotet payload, which is embedded in the document’s streams. Emotet then performs its ultimate goal of installing additional malicious payloads.

Figure 2. Emotet spam with link to Office document
Figure 3. Emotet spam with Office document attached

Impact

Steal user information

Indicators of Compromise

MD5

55282b6387a0057e27502d613074c278

SHA-256

4e35e66d898a56184f42674c5bc41d4abe219beabeafb4cbdddf8ae974326839

SHA1

657eccf716280d463f52eb68466e4d355a34ed13

URL

  • http[:]//www[.]4celia[.]com/wp-admin/2z8/
  • http[:]//capsaciphone[.]com/wp-admin/q07360/
  • http[:]//travalogo[.]com/pseovck27kr/est21175/
  • http[:]//miracles-of-quran[.]com/css/ny77597/
  • http[:]//essay[.]essaytutors[.]net/cgi-bin/mqdm65698/

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.