Rewterz Threat Alert – Maze ransomware – IOCs
December 23, 2019Rewterz Threat Advisory – CVE-2019-19781 – Citrix Application Delivery Controller and Citrix Gateway RCE Vulnerability
December 24, 2019Rewterz Threat Alert – Maze ransomware – IOCs
December 23, 2019Rewterz Threat Advisory – CVE-2019-19781 – Citrix Application Delivery Controller and Citrix Gateway RCE Vulnerability
December 24, 2019Severity
High
Analysis Summary
New PowerShell-based malware resembles QUADAGENT. PowDesk checks for the presence of LANDesk Agent folder and service before C&C beacon.
Oilrig keep focusing on the IT supply chain domain, now via LANDesk agent.
Impact
Exposure of sensitive information
Indicators of Compromise
SHA-256
8406ca490c60ec41569b35f31f1860ff4663bba44d1daac64760ecdfe694203d
URL
http[:]//lcepos[.]com/php/reclaimlandesk[.]php
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachment sent by unknown senders.