Rewterz Threat Advisory – CVE-2020-1946 – Apache SpamAssassin command execution
March 25, 2021Rewterz Threat Advisory – Multiple OpenSSL Security Vulnerabilities
March 26, 2021Rewterz Threat Advisory – CVE-2020-1946 – Apache SpamAssassin command execution
March 25, 2021Rewterz Threat Advisory – Multiple OpenSSL Security Vulnerabilities
March 26, 2021Severity
Medium
Analysis Summary
NanoCore is a remote access tool (RAT). In most cases, this malware is distributed using spam email campaigns. Criminals send thousands of deceptive emails that contain malicious attachments. Once opened, these files immediately infect computers with malware such as NanoCore. The presence of this malware can result into data exfiltration, since the malware
distributor gains remote access to the infected system. The malware is also capable of disabling some tools, stealing credentials and sensitive information.
Impact
- Credential Theft
- Unauthorized Access
- Theft of Sensitive Information
Indicators of Compromise
URL
- https[:]//github[.]com/servcloudbackup/framework/raw/main/Update%20of%20the%20OFFICE%20PACK[.]xlam
- http[:]//45[.]14[.]226[.]221/cdfe/Fack[.]jpg
- https[:]//cdn[.]discordapp[.]com/attachments/814408945828626445/822323767334273094/VEqScSTKqHP3LQI[.]exe
- https[:]//cdn[.]discordapp[.]com/attachments/349874574349041665/743459482046038046/proxShareRaw[.]exe
- http[:]//cdn[.]discordapp[.]com/attachments/692018337919795271/818229316168187934/booter[.]exe
- http[:]//covid19vaccine[.]hopto[.]org/march%20nano[.]exe
- https[:]//zarpli[.]com/aab[.]txt
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.