Rewterz Threat Alert – Advanced Attack Tools Target Non-patched Systems to Distribute Cryptocurrency Miners
June 14, 2019Rewterz Threat Advisory – CVE-2019-5842 – Google Chrome Blink Use-After-Free Vulnerability
June 17, 2019Rewterz Threat Alert – Advanced Attack Tools Target Non-patched Systems to Distribute Cryptocurrency Miners
June 14, 2019Rewterz Threat Advisory – CVE-2019-5842 – Google Chrome Blink Use-After-Free Vulnerability
June 17, 2019Severity
Medium
Analysis Summary
The NanoCore Remote Access Trojan (RAT) is being spread through malicious documents and url’s. Threat indicators are provided in the alert.
Impact
- Credential theft
- Exposure of sensitive information
Indicators of Compromise
IP(s) / Hostname(s)
- 213[.]238[.]177[.]12
- 185[.]244[.]31[.]27
- 185[.]244[.]31[.]137
URLs
- hxxp[:]//bukis228[.]ddns[.]net
- hxxp[:]//sistemkalip[.]net/flycheck/Ticketmasterconfirmation3883948383948394[.]7z
Email Address
- jettashped[@]gmail[.]com
- jpedragosa[@]novomatic[.]com
Malware Hash (MD5/SHA1/SH256)
- 5e2a79a613f7afe4cacb4b29d5cd8eb719b44c8208f7939016818c710c228a9a
- 2a356f3cc5daf93b2b43a54dbe77683b19176870498eaf2e0104db3ca5426e52
- f9106b2667bca64ff737aa0dd6f1d6e15df6583a14f8d3bdfa682cd792ee7233
Remediation
- Block all threat indicators at your respective controls
- Always be suspicious about emails sent by unknown senders
- Never click on the link/ attachments sent by the unknown senders