

Rewterz Threat Alert – Bandook Malware Targets Multiple Sectors
November 27, 2020
Rewterz Threat Alert – StrongPity APT-C-41
November 30, 2020
Rewterz Threat Alert – Bandook Malware Targets Multiple Sectors
November 27, 2020
Rewterz Threat Alert – StrongPity APT-C-41
November 30, 2020Severity
Medium
Analysis Summary
NanoCore is a remote access tool (RAT). In most cases, this malware is distributed using spam email campaigns. Criminals send thousands of deceptive emails that contain malicious attachments. Once opened, these files immediately infect computers with malware such as NanoCore. The presence of this malware can result into data exfiltration, since the malware distributor gains remote access to the infected system. The malware is also capable of disabling some tools, stealing credentials and sensitive information.
Impact
- Credential Theft
- Unauthorized Access
- Theft of Sensitive Information
Indicators of Compromise
MD5
- 87e77797615466baa21cde3f7bb347f2
- d17a52d8263a29f0afffc30761720be6
- 466374834392ddb16028e2e90a695e22
- ddb5d5410477cd3855a1f542112808c0
- bb6f9ffd7714ccbadf5d6d37efc73c1a
SHA-256
- d50a35f05df59b5b35e07dd204e5312629b3670b09da6801c56f89c5aef8ff6b
- 96a34a59ffd94ac128d876e672507847b2ca5261b5819ae1db1402ff641375ad
- 413071284c887dc820673640fef4d8c0f3eb4e23db3ef3f3c4b10c4e76b531a8
- 9f76f4b990ce938d48b11501ad00d99795b172b44b1f94ea7ca3a26ceb64c1d5
- bd8cfbef2d3351bf256ed71484202f8351fe4705d32a23f8afa0b7e86b5aa250
SHA1
- 9cd228af2ea1f503fe76ed0ead2cfaab8ce7f08a
- ff9fa32a78a32e735ea679041af9346947c0e6de
- 7bbdf8489efde85fc286a9e1e74d1105fa92e09a
- 5fc06ec885cafa6e8f955651b9e2115b705b2b4d
- 167f22c4e387dd05b4dd0bd3e172f4f805572b07
Source IP
- 185[.]19[.]85[.]135
URL
- http[:]//poseidon99[.]duckdns[.]org/
- https[:]//poseidon99[.]duckdns[.]org/
Remediation
- Block the threat indicators at their respective controls.
- Do not download files from untrusted emails.
- Enable multi-factor authentication where possible.