November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – MuddyWaters APT Recent Activity and Indicators of Compromise
April 19, 2019Rewterz Threat Advisory – CVE-2019-10955 – Rockwell Automation MicroLogix 1400 and CompactLogix 5370 Controllers
April 24, 2019Rewterz Threat Alert – MuddyWaters APT Recent Activity and Indicators of Compromise
April 19, 2019Rewterz Threat Advisory – CVE-2019-10955 – Rockwell Automation MicroLogix 1400 and CompactLogix 5370 Controllers
April 24, 2019
Severity
Medium
Analysis Summary
Multiple phishing campaigns have been observed as follows:
- Suspicious email in Portuguese containing a malicious URL
- ACH Themed Phishing email that directs to a Microsoft-themed credential harvesting page.
- Maybank-themed Phishing Email with the subject “Re: RN/190419/003 : RE: error”, containing a malicious embedded URL.
Impact
- Malware Infection
- Credential Theft
Indicators of Compromise
URLs
- root[@]live[.]com
- hxxps://www.careerfirst[.]lk/courses/scripts/pc/?cliente=
Email Subject
- ACH Remittance Advice
- Re: RN/190419/003 : RE: error
Remediation
- Scan for the threat indicators and block at their respective controls, if found.
- Do not click on links received in emails from untrusted sources.