Rewterz Threat Alert – Phishing Campaign Using Zoom Invites
June 15, 2020Rewterz Threat Alert – Anubis and Spynote Malware Distributed via Fake Covid-19 Applications
June 15, 2020Rewterz Threat Alert – Phishing Campaign Using Zoom Invites
June 15, 2020Rewterz Threat Alert – Anubis and Spynote Malware Distributed via Fake Covid-19 Applications
June 15, 2020Severity
Medium
Analysis Summary
LODEINFO malware aimed to target Japanese users is still active and can shift it’s focus to other countries as well. It is distributed via spear phishing emails by using file names related to the new coronavirus.The source of all known attacks is targeted attack emails with attachments. A Word document or an Excel document is used as the attachment file. By opening the attachment file and enabling the macro, the included LODEINFO is created and executed on the host. It can be a subject regarding coronavirus updates or pretending to be a resume or application to a company. Malware LODEINFO is being developed frequently, and attacks have been confirmed as well. It is possible that attacks using this malware will continue in the future.
Impact
Exposure of sensitive data
Indicators of Compromise
MD5
- 327d8070a583bdecc349275b1f018dce
- e7c9d5568ed5c646c410e3928ab9a093
- d384e0566e16a45389030606155607c0
SHA-256
- 65433fd59c87acb8d55ea4f90a47e07fea86222795d015fe03fba18717700849
- 8c062fef5a04f34f4553b5db57cd1a56df8a667260d6ff741f67583aed0d4701
- 1cc809788663e6491fce42c758ca3e52e35177b83c6f3d1b3ab0d319a350d77d
SHA1
- df51b04b69db55597878c781397fa25cbb69b9a9
- a3558caf41bac1b3c4ad2cc80945501a3ab99859
- 35ee986fd35ccd72507328b93e31e9580fd2512c
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your existing environment.