Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 19, 2023Severity Medium Analysis Summary CVE-2022-42436 IBM MQ Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. Impact Indicators Of Compromise […]March 19, 2023Severity Medium Analysis Summary CVE-2023-0027 Rockwell Automation Modbus TCP AOI Server could allow a remote attacker to obtain sensitive information. By sending a malformed message, an […]March 17, 2023Severity High Analysis Summary CVE-2023-27984 CVSS:7.8 Schneider Electric IGSS could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 19, 2023Severity Medium Analysis Summary CVE-2022-42436 IBM MQ Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. Impact Indicators Of Compromise […]March 19, 2023Severity Medium Analysis Summary CVE-2023-0027 Rockwell Automation Modbus TCP AOI Server could allow a remote attacker to obtain sensitive information. By sending a malformed message, an […]March 17, 2023Severity High Analysis Summary CVE-2023-27984 CVSS:7.8 Schneider Electric IGSS could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – CVE-2019-0040 – Juniper Junos OS rpcbind Denial of Service Vulnerability
April 12, 2019Rewterz Threat Advisory – CVE-2019-0043 – Juniper Junos OS SNMP Packet Handling Denial of Service Vulnerability
April 12, 2019
Severity
Medium
Analysis Summary
Rat malware is actively being spread through phishing campaign and is being sent to different users. Threat indicators are provided.
Indicators of Compromise
IP(s) / Hostname(s)
- 154.0.26[.]27
- l264.l264849.96[.]lt
URLs
hxxps://drive.google[.]com/uc?export=download&id=1kaflsznpssrxg_5xs6jlmtyzaz41p1y5
www.diverbooster[.]com
hxxp://www.diverbooster[.]com/transfert/putty.exe
winsec.ddns[.]net
winsec.gotdns[.]ch
hxxps://we[.]tl/t-mizglhghtn
hxxps://wetransfer[.]com/downloads/e5c234ac484973041af77a211ebe2afe20190408032
603/1e5aa2
hxxp://l264.l264849.96[.]lt/adbsro37qtl3cbw9vo0lk2bx8vv7jmx2mlesim9ddw11fem3sjp3iju
oufk/adb1.php?feedback=
hxxp://l264.l264849.96[.]lt/adbsro37qtl3cbw9vo0lk2bx8vv7jmx2mlesim9ddw11fem3sjp3iju
oufk/adoo.php
hxxp://l264.l264849.96[.]lt/adbsro37qtl3cbw9vo0lk2bx8vv7jmx2mlesim9ddw11fem3sjp3iju
oufk/dsp.php
Email Address
- adodo.kokou[@]gim-uemoa[.]org
- elisabet[@]capeunionmart.co[.]za
Malware Hash (MD5/SHA1/SH256)
- 4248ffd7101b479329ed96ebfc381798
- ffd340524000ad59b239595a1b46a420b7483048
- 592cf5d578dd6d377760500c5953677da5850d1a033538d5734b55209117ef58
- 50b86696af7110b504293e0ff3de2df1
- 978293fc8ba5ad99a0644ff4d5396f3bca5f80aa
- 10d36b54486d045b310379517cc521930dcb3d6bc80081ed06e6880d6c972298
- f94ddd13bb6f98a9e51f0140daa8c2a88e70cbfb
- abb79990c4971bedc5f8cf77f028d22eb97ff40d193638a0bb256c0a706e935c
- ef676b5e1bc08a45610697fc84d895dc
Remediation
- Block threat indicators at your respective controls
- Never click on links/ attachments sent by unknown senders
- Always be suspicious about the emails sent by unknown senders