Rewterz Threat Alert – WastedLocker Ransomware
July 27, 2020Rewterz Threat Alert – Emotet IOCs
July 27, 2020Rewterz Threat Alert – WastedLocker Ransomware
July 27, 2020Rewterz Threat Alert – Emotet IOCs
July 27, 2020Severity
Medium
Analysis Summary
Threat actors are actively making phishing sites to rob users off from their important data and steal personal and financial information for their gain. This has been an ongoing process by the threat actors to gather personal information using deceptive e-mails and websites. Attackers are targeting victims with malicious sites that masquerade well known platforms like paypal, amazon, apple etc..Successful phishing attack could lead to credentials theft, account compromise and financial loss.
Impact
- Credentials theft
- Account compromise
- Financial loss
- Exposure of sensitive data
Indicators of Compromise
URL
- http[:]//freepaypallogin53[.]biz/
- http[:]//facebookes[.]xyz/
- http[:]//hmrc[.]secure-rebate[.]uk/
- http[:]//myapple[.]cfbx[.]jp/
- http[:]//paypal-com-securityserviceaccount[.]yakinsemuaberubah[.]com/
- http[:]//update-payment-revesion-paypal[.]giize[.]com/
- http[:]//allow-secureforamazon-feedback[.]asyantigetshop[.]com/
- http[:]//paypal-limited-user-service[.]giize[.]com/
- http[:]//app2-redirect-amazon-login[.]duckdns[.]org/
- http[:]//appletaxisgatwick[.]co[.]uk/
- http[:]//billing-update[.]kozow[.]com/
- http[:]//billing[.]3dsecure[.]uk/
- http[:]//paypal[.]3dsecure[.]uk/
- http[:]//paypal1active[.]myftp[.]org/
- http[:]//facebook[.]com[.]cdn-c[.]xyz/
- http[:]//mghw-amazonservis9k[.]servebeer[.]com/
- http[:]//service-tempcovid-amazon[.]giize[.]com/
- http[:]//paypal-verification[.]applmanager[.]com/
- http[:]//secure-billing[.]giize[.]com/
- http[:]//primeamazonid[.]giize[.]com/
- http[:]//appleid[.]apple[.]com-verifyacayf8432hrufjnnaiklj[.]memekajgbgsd05[.]com/
- http[:]//cvkw-amazonservis9k[.]servebeer[.]com/
- http[:]//secure[.]paypal[.]com-login-overview[.]elayti[.]com/
- http[:]//secure[.]paypal[.]login-overview[.]dashboard[.]elayti[.]com/
- http[:]//fitwitter[.]com/
- http[:]//secure-paypalaccountverification[.]com/
- http[:]//web-loginsecureamazonserviceacc[.]ooguy[.]com/
- http[:]//eebillingupdates[.]com/
- http[:]//page[.]cgi[.]verification[.]amazon[.]billing-problem[.]info/
- http[:]//littleamazon[.]lukewendt[.]a2hosted[.]com/
- http[:]//paypalmanagementsecurity[.]com/
- http[:]//apple[.]com-ios[.]icu/
- http[:]//webmail-manageserviceaccount-amazonservice[.]giize[.]com/
- http[:]//steamcs-store[.]info/
- http[:]//page[.]cgi[.]verification[.]amazon[.]billing-problem[.]co/
- http[:]//m[.]facebook[.]loginsecureaccount[.]ro/
- http[:]//instagramfromsupport[.]tk/
- http[:]//prch-amazon[.]terms[.]login-auth[.]htsa8237[.]gbrvr[.]com/
- http[:]//webmail-customerserviceaccount-amazonsupport[.]giize[.]com/
- http[:]//apple[.]security[.]account[.]securezappappslogin[.]com/
- http[:]//appleid[.]apple[.]security[.]account[.]securezappappslogin[.]com/
- http[:]//supporthelpinstagram[.]ml/
- http[:]//facebookupdate[.]driverhunter[.]com/
- http[:]//signin[.]amazon[.]supportverificationcenter[.]pdanvd[.]com/
- http[:]//page[.]verification[.]amazon[.]account-update[.]center/
- http[:]//amazon[.]com-systemretry[.]com[.]lockedaccount[.]repair[.]tlsestado[.]xyz/
- http[:]//amazonkpbosb[.]top/
- http[:]//secure[.]pay[.]appleld[.]com[.]apvsregiaodoslagos[.]com/
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about links/attachments sent by unknown senders.
- Never click on links/attachments sent by unknown senders.