Rewterz Threat Advisory – CVE-2020-13238 – ICS: Mitsubishi Electric MELSEC iQ-R series
June 17, 2020Rewterz Threat Alert – Phishing Campaign Targeting Pakistan Government Organizations
June 17, 2020Rewterz Threat Advisory – CVE-2020-13238 – ICS: Mitsubishi Electric MELSEC iQ-R series
June 17, 2020Rewterz Threat Alert – Phishing Campaign Targeting Pakistan Government Organizations
June 17, 2020Severity
Medium
Analysis Summary
The rise in registering malicious Covid-19 domains continues as threat actors are continuously cashing in on the situation of the global pandemic of CoronaVirus. Thousands of malicious URLs are being registered everyday in lieu to rob the users of their sensitive data and information. It has been seen that the threat actors have continued to carry on their malicious activities in this global crisis. While some of the threat actors are using donation scams to help other people fighting the situation using as close to the real name of the charities while others are trying to lure users with the lookalike URLs of Microsoft, Google, Facebook and other social media and search engines domains.
Impact
- Information theft
- Exposure of sensitive data
Indicators of Compromise
URL
- http[:]//covid19remediationservices[.]com
- http[:]//riddoffcovid19[.]xyz
- http[:]//covid19abatementservices[.]com
- http[:]//googlecoronaviras[.]com
- http[:]//googlecoronaviras[.]com
- http[:]//googlecoronavieus[.]com
- http[:]//googlecoronavirys[.]com
- http[:]//covidapple[.]com
- http[:]//covidmicrosoft[.]com
- http[:]//covidfacebook[.]com
- http[:]//covid19pfizer[.]com
- http[:]//covid19-googleplaystore[.]com
- https[:]//kit[.]stop-covid19[.]shop
- https[:]//www[.]stop-covid19[.]shop
- https[:]//covid19[.]ims[.]com
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Always go to legitimate websites and always check the URLs.