Rewterz Threat Alert – AgentTesla Delivered via a Malicious PowerPoint Add-In
June 1, 2020Rewterz Threat Alert – Qakbot Spreads through VBS Files
June 2, 2020Rewterz Threat Alert – AgentTesla Delivered via a Malicious PowerPoint Add-In
June 1, 2020Rewterz Threat Alert – Qakbot Spreads through VBS Files
June 2, 2020Severity
Medium
Analysis Summary
The rise in registering malicious Covid-19 domains continues as threat actors are continuously cashing in on the situation of the global pandemic of CoronaVirus. Thousands of malicious URLs are being registered everyday in lieu to rob the users of their sensitive data and information. It has been seen that the threat actors have continued to carry on their malicious activities in this global crisis. While some of the threat actors are using donation scams to help other people fighting the situation using as close to the real name of the charities while others are trying to lure users with the lookalike URLs of Microsoft, Google, Facebook and other social media and search engines domains.
Impact
- Credential theft
- Information theft
- Exposure of sensitive data
Indicators of Compromise
URL
- http[:]//covid19remediationservices[.]com
- http[:]//riddoffcovid19[.]xyz
- http[:]//covid19abatementservices[.]com
- http[:]//googlecoronaviras[.]com
- http[:]//googlecoronavieus[.]com
- http[:]//googlecoronavirys[.]com
- http[:]//googlecoronaviru[.]com
- http[:]//coronasmask[.]space
- http[:]//www[.]covidvirus[.]guru
- http[:]//covidvirus[.]guru
- http[:]//covid-19microsoft[.]com
- http[:]//ggooglecovid19[.]com
- http[:]//googlecorona[.]com
- http[:]//googlecovid[.]com
- http[:]//xmysecure2-facebookcovid19petition[.]ga
- http[:]//googleccovid19[.]com
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.