Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Severity: Medium
Analysis Summary
A recent campaign has been observed distributing Ursnif banking Trojan and the GandCrab ransomware through fileless infection means. The main infection vector of both campaigns are malicious macro embedded Word documents sent to potential victims via phishing emails. Ursnif, also known as Gozi, has been leveraged by threat actors in the financial sector since 2007 to steal credentials and other sensitive information. Whereas GandCrab is one of the more recently discovered ransomware that has been used to steal millions of dollars.
Impact
Indicators of Compromise
URLs
levocumbut[.]com
rapworeepa[.]com
wegatamata[.]com
roevinguef[.]com
pivactubmi[.]com
biesbetiop[.]com
navectrece[.]com
yancommato[.]com
dewirasute[.]com
ptyptossen[.]com
mochigokat[.]com
tubpariang[.]com
zardinglog[.]com
abregeousn[.]com
aplatmesse[.]com
abeelepach[.]com
teomengura[.]com
allooalel[.]club
nublatoste[.]com
ledibermen[.]com
lootototic[.]com
acnessempo[.]com
usteouraph[.]com
izzlebutas[.]com
sfernacrif[.]com
isatawatag[.]com
duenexacch[.]com
kyllborena[.]com
bawknogeni[.]com
kicensinfa[.]com
uvuladitur[.]com
hxxps://zosmogroel[.]com/images/bqOIi0Qqmbsku/iC2ceSPq/qditqiLXeKOtyo58Iga/KtJBIuhqsLzYH1Zz7LP/Oma_2BqMvNi 39Jf/cBCvfx.bmp
hxxp://176.32.33[.]145/rez-senqo/o402ek2m.php
hxxp://bevendbrec[.]com/rez-senqo/o402ek2m.php?l=sixino4.dds
Hash (MD5/SHA1/SH256)
Remediation