Rewterz Threat Alert – Malicious IPs and Domains
March 19, 2019Rewterz Threat Alert – CEO Fraud Themed Phishing Email
March 20, 2019Rewterz Threat Alert – Malicious IPs and Domains
March 19, 2019Rewterz Threat Alert – CEO Fraud Themed Phishing Email
March 20, 2019Severity
Medium
Analysis Summary
Following threat indicators have been retrieved from multiple malware and phishing campaigns. These malicious IPs and domains are involved in dropping various Trojans and malware.
Impact
- Olympic Destroyer
- AutoIT malware
Indicators of Compromise
IP(s) / Hostname(s) | 159.148.186[.]116 5.133.12[.]224 86.96.193[.]134 |
URLs | accountservice[.]org ilmuniversityonline[.]com newage[.]minernewage[.]com newage[.]newminersage[.]com newage[.]radnewage[.]com |
Filename | verclsid.exe streamer.exe stream.txt |
Malware Hash (MD5/SHA1/SH256) | 02017a5216d0726471de5ecca0610fa25d946148476b6af172c786b29b87c88e 09fa321c109450dba8b97f8b8e268e9a8e996b3febc0f02127927a8a3d314269 51a32b51cd38c043944c85095e518f33685f68125e1bd388fcdaee6b12a696d5 893b978f47cd4c2f30e1f5e3bb75bee9aa996ddb12e79f882bfbb2f5d53d1a64 aac65773727c6eb86accd7b3905da6d2dbfc945fe57101f86bb5ceba12db1496 ac17114be068f1cdfe1e660ddbe78dd73f8d7259be0fcd5a64cb4df8b9611daf b85027de6871e2ed1a2154edb645fd016807989b44107fc2804eb6e9acce3b9d c0137e41f9d1b165c57e76714bb44e4ca4de2f8f83f6fd4bd34c90ed01553764 77c2372364b6dd56bc787fda46e6f4240aaa0353ead1e3071224d454038a545e b4d8d7cbec7fe4c24dcb9b38f6036a58b765efda10c42fce7bbe2b2bf79cd53e |
- Block the threat indicators at their respective controls.
- Keep operating system patches up-to-date.
- Never click on the links/attachments sent by unknown senders.