Rewterz Threat Advisory – CVE-2019-0232 – Apache Tomcat CGI Servlet Arbitrary Code Execution Vulnerability
April 16, 2019Rewterz Threat Alert – Malspam Campaign Distributing the NanoCore RAT Malware
April 16, 2019Rewterz Threat Advisory – CVE-2019-0232 – Apache Tomcat CGI Servlet Arbitrary Code Execution Vulnerability
April 16, 2019Rewterz Threat Alert – Malspam Campaign Distributing the NanoCore RAT Malware
April 16, 2019Severity
Medium
Analysis Summary
A new malspam is seen dropping a ransomware called GandCrab and is currently delivering malicious URL’s to different users. Threat indicators are provided.
Indicators of Compromise
URLs
- hxxp://gandcrabmfe6mnef[.]onion
- gandcrabmfe6mnef[.]onion
- static.vnpt[.]vn
- host-197.47.127.218.tedata[.]net
Malware Hash (MD5/SHA1/SH256)
67a47e0a6ed5bfa599bcfea2887be482d83e463d
1f8493ab101a1fc31592d7ff7fe983bdeb0005e8
Remediation
- Block threat indicators at your respective controls
- Never click on links/ attachments sent by unknown senders
- Always be suspicious about the emails sent by unknown senders