• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – TA505 Active Again – IoCs
August 25, 2020
Rewterz Threat Alert – DeathStalker APT Targeting Legal and Financial Organizations
August 26, 2020

Rewterz Threat Alert – LinkedIn Phishing Campaign Spreads Agent Tesla

August 26, 2020

Severity

Medium

Analysis Summary

The popular professional networking and job search site, LinkedIn, is currently being used by some threat actors as the lure for a social engineering scheme designed to steal a user’s credentials and spread malicious binaries. The bad actors also used a legitimate site hosting company, called Yola, to host the malicious content in an attempt to further look legitimate. The .NET-based binaries hosted on this site are related to the Agent Tesla malware and another previously unseen in-the-wild malware family. Its major functionality is information stealing and exfiltrating data through SMTP. Agent Tesla has been a frequent occurrence in cyber attack campaigns throughout the second quarter of 2020, and is active again.

Impact

  • Credential theft
  • Information theft
  • Data exfiltration

Indicators of Compromise

Domain Name

  • jobsfinder3ee[.]online
  • mpivn[.]org

MD5

  • f89b4dff6e126e9a5f0a64d590f7b42e
  • 072462810ba6e5a7161b35b8535b55bd
  • 78d029254cb2350260967feb983d487f
  • 8cb05c44406adbe13690d816759658da
  • 73ee4b60893b0ccc20079882aae66e2f
  • f4755749ad038edc337c3b23c7b065f5

SHA-256

  • af167a7b57f801b1572494a2b44d8e5320da45093e4dc3bb6658437b9f809feb
  • be0990a7683a879d0ffe1aeb3901bf994c2080eb5ef9c5e55336bbe07f871888
  • d5bd4cf398105b08104ea77d804a4163c7f97416a5f23960c40cdc3d4b23d018
  • f87573a1d89beeff44902d83af24e8653630bddf37d9f8b40ec04d3ee04ac10b
  • e9b819af7e2808e18b14c7ea7d0a634ca4a16e26f244d54f40a1f341439e4f76
  • 5afe2c2b05c7d5ab5cb3542650738d31860466c650450a0266ce6f9f23195232

SHA1

  • 8507798b3102513c97e63a51615eb49565b2725f
  • ad7e6431be53378d5111c782d1c819acc823d01b
  • aa1b9665226299fa66ea9b6801f93a9270cacd65
  • cee5c6eeef1a1c1a423858612f543a345d22cab5
  • 9fe6854715764c713019c3e315c3db5e88f45aeb
  • 255588598aaa210f025f41d8b0afbf132c6537e9

URL

  • http[:]//mpivn[.]org/LinkedIn-jobs
  • https[:]//mpivn[.]org/LinkedIn-jobs/

Remediation

  • Block the threat indicators at their respective controls. 
  • Do not click on untrusted links that tempt you through job lures. 
  • Practice caution while trying to access the legitimate LinkedIn website. 
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.