Rewterz Threat Advisory – CVE-2019-0040 – Juniper Junos OS rpcbind Denial of Service Vulnerability
April 12, 2019Rewterz Threat Advisory – CVE-2019-0043 – Juniper Junos OS SNMP Packet Handling Denial of Service Vulnerability
April 12, 2019Rewterz Threat Advisory – CVE-2019-0040 – Juniper Junos OS rpcbind Denial of Service Vulnerability
April 12, 2019Rewterz Threat Advisory – CVE-2019-0043 – Juniper Junos OS SNMP Packet Handling Denial of Service Vulnerability
April 12, 2019Severity
Medium
Analysis Summary
Rat malware is actively being spread through phishing campaign and is being sent to different users. Threat indicators are provided.
Indicators of Compromise
IP(s) / Hostname(s)
- 154.0.26[.]27
- l264.l264849.96[.]lt
URLs
hxxps://drive.google[.]com/uc?export=download&id=1kaflsznpssrxg_5xs6jlmtyzaz41p1y5
www.diverbooster[.]com
hxxp://www.diverbooster[.]com/transfert/putty.exe
winsec.ddns[.]net
winsec.gotdns[.]ch
hxxps://we[.]tl/t-mizglhghtn
hxxps://wetransfer[.]com/downloads/e5c234ac484973041af77a211ebe2afe20190408032
603/1e5aa2
hxxp://l264.l264849.96[.]lt/adbsro37qtl3cbw9vo0lk2bx8vv7jmx2mlesim9ddw11fem3sjp3iju
oufk/adb1.php?feedback=
hxxp://l264.l264849.96[.]lt/adbsro37qtl3cbw9vo0lk2bx8vv7jmx2mlesim9ddw11fem3sjp3iju
oufk/adoo.php
hxxp://l264.l264849.96[.]lt/adbsro37qtl3cbw9vo0lk2bx8vv7jmx2mlesim9ddw11fem3sjp3iju
oufk/dsp.php
Email Address
- adodo.kokou[@]gim-uemoa[.]org
- elisabet[@]capeunionmart.co[.]za
Malware Hash (MD5/SHA1/SH256)
- 4248ffd7101b479329ed96ebfc381798
- ffd340524000ad59b239595a1b46a420b7483048
- 592cf5d578dd6d377760500c5953677da5850d1a033538d5734b55209117ef58
- 50b86696af7110b504293e0ff3de2df1
- 978293fc8ba5ad99a0644ff4d5396f3bca5f80aa
- 10d36b54486d045b310379517cc521930dcb3d6bc80081ed06e6880d6c972298
- f94ddd13bb6f98a9e51f0140daa8c2a88e70cbfb
- abb79990c4971bedc5f8cf77f028d22eb97ff40d193638a0bb256c0a706e935c
- ef676b5e1bc08a45610697fc84d895dc
Remediation
- Block threat indicators at your respective controls
- Never click on links/ attachments sent by unknown senders
- Always be suspicious about the emails sent by unknown senders