November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – CVE-2019-13525 – ICS: Honeywell IP-AK2
October 25, 2019Rewterz Threat Advisory – CVE-2017-5638 – Apache Struts Exploit Attempts
October 25, 2019Rewterz Threat Advisory – CVE-2019-13525 – ICS: Honeywell IP-AK2
October 25, 2019Rewterz Threat Advisory – CVE-2017-5638 – Apache Struts Exploit Attempts
October 25, 2019
Severity
Medium
Analysis Summary
An analysis of domain registration details used by Magecart Group 5 shows ties to domains used by the Carbanak group (aka Anunak and Carbon Spider) according to a report published by Malwarebytes Labs’ researchers. The investigation began by focusing on a group of domains known to be used by Magecart Group 5 that yielded a domain for which the registrant details were not obscured by privacy protection services. The registration details in turn led to domains used in a phishing campaign that distributed a Dridex loader, which in turn delivered either the Dridex or Carbanak malware, depending on the target. The phone number in the domain registration details was also linked to Carbanak group by other research.
Impact
Credential theft
Indicators of Compromise
URL
- corporatefaxsolutions[.]com
- onenewpost[.]com
- xeronet[.]org
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.