Rewterz Threat Alert – SLUB Backdoor Uses GitHub, Communicates via Slack
March 8, 2019Rewterz threat Alert – Malspam NanoCore RAT Malware – IoCs
March 11, 2019Rewterz Threat Alert – SLUB Backdoor Uses GitHub, Communicates via Slack
March 8, 2019Rewterz threat Alert – Malspam NanoCore RAT Malware – IoCs
March 11, 2019Severity
Medium
Analysis Summary
Nymaim Malware has been spread through different phishing emails and dropping malicious url’s through .exe files and .docs files.
Impact
Nymaim malware infection
Indicators of Compromise
IP(s) / Hostname(s) | 209.141.61[.]249 49.51.137[.]228 |
URLs | feustegeh[.]com jestowendo[.]com |
Filename | (Vicky_Linsey_Resume.doc) (Vicky_Linsey_Resume.docm) |
Malware Hash (MD5/SHA1/SH256) | 2cc1db846ad6a94c17de63829f598ac11fc9307f3d61fd4406c2c9cb5977d17f 692d1d6f27420e4298cd6150625dcbca36edc7ab09c90cae4b1e0e6d82ed4dd1 c1c025a386c824332f43e6ab418288b07c186e1ee80312ade999fab867c6f2f5 |
Remediation
- Block threat indicators at your respective controls
- Always be suspicious of the emails sent by unknown senders
- Never click on the links/ attachments sent by unknown users/senders