Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 25, 2023Severity Medium Analysis Summary GandCrab – a ransomware-as-a-service variant – was discovered in early 2018. At least five versions of GandCrab have been created since its […]March 25, 2023Severity Medium Analysis Summary NjRat is a Remote Access Trojan, which is found leveraging Pastebin to deliver a second-stage payload after initial infection. There are multiple […]March 24, 2023Severity Medium Analysis Summary CVE-2023-20113 Cisco SD-WAN vManage Software is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 25, 2023Severity Medium Analysis Summary GandCrab – a ransomware-as-a-service variant – was discovered in early 2018. At least five versions of GandCrab have been created since its […]March 25, 2023Severity Medium Analysis Summary NjRat is a Remote Access Trojan, which is found leveraging Pastebin to deliver a second-stage payload after initial infection. There are multiple […]March 24, 2023Severity Medium Analysis Summary CVE-2023-20113 Cisco SD-WAN vManage Software is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – SAP NetWeaver Business Client Unspecified Vulnerabilities
March 19, 2019Rewterz Threat Alert – Malicious IPs and Domains
March 19, 2019
Severity
Medium
Analysis Summary
Following malspam campaigns have been reported:
- A FormBook Malware Phishing using the subject “Revised document”
- A O365 Themed Phishing Email using the subject “A file has been shared with you”
- A Spear Phishing Email containing a suspicious phishing URL, using the subject “Fed Reporter”
- An Emotet Phishing malspam with PDF attachments containing embedded malicious URLs. It uses the subject “Firstname> Online Payment Summary March 2019”
- An AMEX-themed phishing email with the subject, “Your Account Has Been Flagged !” that contains a malicious PDF.
- An Apple-themed Phishing e-mail with the subject line “[ New Update ] [ Receipt Invoice ] [ #ID8461164 ] Thanks for your order in App store at March 14, 2019”.
- A vacation tours website (niagaratours[.]ca) has been compromised and all the payment and personal information entered into the site is sent to the attacker-controlled domain at handelaar[.]org.
- A Trickbot Malspam campaign using the subject “Deposit 91369724 paid 02/26/2019”
Impact
Phishing
Malware infection
Emotet
Trickbot
Indicators of Compromise
| IP(s) / Hostname(s) | 109.74.194[.]49 |
| URLs | niagaratours[.]ca handelaar[.]org hxxp://niagaratours[.]ca/niagara/ hxxp://handelaar[.]org/validation[.]php?image_id= |
| Email Subject | A file has been shared with you Revised document Fed Reporter Online Payment Summary March 2019 Your Account Has Been Flagged ! [ New Update ] [ Receipt Invoice ] [ #ID8461164 ] Thanks for your order in App store at March 14, 2019 Deposit 91369724 paid 02/26/2019 |
Remediation
- Block the threat indicators at their respective controls.
- Scan for the email subjects and if found, block the related email addresses, URLs, etc.
- Do not download email attachments coming from unknown sources.
- Always scan files downloaded from internet prior to execution.