• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – TA505 Active Again – IoCs
July 1, 2020
Rewterz Threat Alert – Trickbot – IoCs
July 1, 2020

Rewterz threat Alert – Promethium’s StrongPity3 Targeting New Victims

July 1, 2020

Severity

High

Analysis Summary

PROMETHIUM threat actors have been expanding attempts to infect new targets most likely in Colombia, India, Canada, and Vietnam with its StrongPity3 malware. Using four trojanized setup files, the group is distributing malware via Firefox, VPNpro, DriverPack, and 5kPlayer. The attack vector is not known presently; however, given the nature of the trojanized files, the initial vector could be a watering hole or in-path interception. The trojanized files install the malicious files as well as the legitimate files to, seemingly, obfuscate the installation of said malicious files. Additionally, the files will alter Windows Defender to allow the dropping of the malicious files while preventing detection. The malware has the capability to exfiltrate any Microsoft Office files it finds. Differences between StrongPity2 (SP2) and StrongPity3 (SP3) are few. First, SP3 no longer uses libcurl and only uses winhttp to communicate with its C2 node(s). Additionally, persistence, which was accomplished via registry key entry, is now done via created service. This service changes its name from package to package.

Impact

  • Data exfiltration
  • Detection evasion
  • Security Bypass

Indicators of Compromise

Domain Name

  • state-awe3-apt[.]com
  • hostoperationsystems[.]com
  • cdn2-system3-secrv[.]com
  • ms6-upload-serv3[.]com
  • update5-sec3-system[.]com
  • upd8-sys2-apt[.]com
  • mentiononecommon[.]com
  • safecopydisk[.]com
  • network-msx-system33[.]com
  • upd32-secure-serv4[.]com
  • mailtransfersagents[.]com
  • secure-upd21-app2[.]com
  • syse-update-app4[.]com
  • app-system2-update[.]com
  • mx3-rewc-state[.]com
  • fileservingpro[.]com
  • inhousesoftwaredevelopment[.]com
  • system2-cdn5-mx8[.]com
  • upd-ncx4-server[.]com
  • apt5-secure3-state[.]com
  • file3-netwk-system[.]com
  • upd3-srv-system-app[.]com
  • system2-access-sec43[.]com
  • service-net2-file[.]com
  • updt-servc-app2[.]com
  • ms-sys-security[.]com
  • ms21-app3-upload[.]com
  • awe232-service-app[.]com

SHA-256

  • 84942df440c892c1e63aff41d9fe4694ea4b8a9102c62faf07c4510671abef13
  • c59544a76fd425b76d7d9b4805d817c8a91a6a63c9862200c927e27efcd20bfa
  • bdbc514e274d70e260620d9b7dcfc3ee4cf4eb321474dfbd1eb81d2f17cebc23
  • b75fbe3b21d83e2000928349d1610f292e1a4c072fd0454309fe1c6c7d85ff46
  • 5cb8f86e03a544531d972e132c81d6785b66dd1b15b6c35a0a04fd83a8bed695
  • f8c953a9b737c5fe69ab9cfb5b20d576f15396a40de10ea6c3216042a97132f4
  • 783b3c61a4069f0325f3560ab9664ff5fb381f37b08a3d4eb4866ba6bc194135
  • 3e58d7efc5e03bd06f227041e5c73f4ecfa5e35ca8419a9ff8b8571eafd34e48
  • c72bf8537fc189b81855666d7f59ad8e24011c735921a15932275757a485e7a4
  • 17adbb68c3410d3f1c4c19b1808149e74148839f1c082c3011bff86ddb71acb4
  • dbd6393bf96518218b4f4522aef4ffa27e517cbce7252841b86031354aec031a
  • e4135bfeda1de00c3834f7782b77fdb2811f5d07fc60f643553426d9e45b664c
  • dd40b8ddb5a5795536a65cc0ab6dcc84862d4e14965cde6b4e9ad2b89a0e3905
  • e80034618538abc1c86a7021ab869c4ce63429d35adbaf8c07ce25f297a61bd2
  • 3ce08ada9cf964789ce70fd2637ded197ac5b154e0b71e9cdb4d99de7ab52267
  • 02d68d2a9b62d1fd79c80e7c01182d18966a8fccc07d997b0f4c3ef71e87910f
  • d0ee66f8be0ed721774391365604de70dda4751213a667812e4c4a661f71559d
  • 80ad6598f6e0b7c2b7258cbb69aa782dbcac308ca3d9d451b9bb5290b943a58f
  • 5190c4fbddb2bfd08ce4a11714ec54dcaf57978f6193720c5b2c7127ef2c5f1f
  • 2c3b3c085b3992ab105bbc4696391f4f81374c54bb8966e53d2b2de8b7648681
  • 2b62a469fa9737dabc52840a741a7d71c86c74bd6909c30cb481e2d66e0df75e
  • 835a545fe93bfa75931079ef36169bfc56906f74b9b9862848ff79534b33f416
  • 3165650b667f315eae56895ee2041ffb17f89a92b034efd045f5e88bf788016d
  • fad11a279c6fe195f8110702f962c5296015344da17919b361f73f7f504063ca
  • 3feb6ecbc3b5f4ef64cf974fc117e58ac750188c483c488dd5b5970263bfdb0e
  • 5b5b0a0ff8e5bdf11657e0134a638a818e31af9517e5feffea247eaa2660ee23
  • 4282ac2c4b38f2fa79b3f77f9af80053befb69634f8e93d9e1941a600ae08857
  • c790e1916a475fbc18e7f239acf0d9399234cf2160529ba25ab44179674d549a
  • 154f3f4338184bc113dc874de6270a025d6d9c3d2a989f2b32d7d90fa222e0c9
  • 211aae5346741680cb921d73e2833368cd0f0cc36e15b16115599554dcb2386d
  • 2ed2553ec6efdf24266be1eb812ab1978ec926d1b8bf281a547be2e43173eeee
  • d63533bb200525a0a88a68c592c8d4f534fcf83b0acf8ec6be24b7059b0352ae
  • a6298a1b8c9844764c731327bb1daa7abd50cd85b9f5556e38bd5c88b8184cc4
  • 8e670fc7e22d0fa3eb96262686bd7eec18f81e3dc1eb9b55526078ffd9ae00c3
  • b06ab1f3abf8262f32c3deab9d344d241e4203235043fe996cb499ed2fdf17c4
  • 55e83292bd9a1f843639bfb98648a40b931a9829d62e6b23904034c417ffa430
  • 24e8f4917bb3cf7d6fd91fc1c95e978ea75a0e6da9033911e48b0fda94be62af
  • e2cd8fd988a9a08f4bd73d7343ae54e68ee2a0a4728277792115edc86900e899
  • a4377256776becf75f0f61874cfec3729e17e894f5c9fc1576321f0398142878
  • ea4b507c3236b56ef4ea44f5ac9a531a175d643d184e356ae8833d36c1957372
  • a1ce1b78cc1a9d6092b086f2d0796cde519033ec0935d9cecdea86b6cda87882
  • 55b0bc3b61ee76561ffaa1323fd20a9522e786bfa5eadbba621582ad529ff9e1
  • c1787de8b5a293197582000d8b94095d8377a5d42aa0b4940a7039cbf4df4b72
  • 11849a6fcb76267676532422db4e9bf4f5c8c525fea0d950f844736bedb8b53e
  • b1916e7de11e87fa45c222d0532955e781f6695ae0ee15775894d3b3aa72ba98
  • 68f5819687e8f410dea315f32cd04e33ca7c3ec62e9bb9bae9e03b5ded29970e
  • c936e01333e3260547a8c319d9cfc1811ba5793e182d0688db679ec2b30644c5
  • a83a882fbe094f4d00a8dc589869adc8a1432a966295fa0c46c2afcced3aac1f
  • 2ab2a6e863538b162b0c7b4287b3e9f65116a9ad9efce6ebb9018c69bbf71460
  • ea750383d3af605e5cdf2647b9cd30886aa8a428b3bcf6bc96cc178c9afa78d9
  • b4548a933d5a59d096d75ad4c6aec1046017a62ca2a1d59edd2d97d760dca1eb
  • 03c314990a8d262530f114092c85fd9ddcbd8c423f8bd769864809d1af2f5fad
  • b1413688f6452b07129e5182311c7efd628bb795613c23fc58c4202e38dda4e7
  • 8e3993583cd2506ccbac4b247949ddee7d6971432576a0f9c485f9f0942054ae
  • f1a3c2bd241e09f4e98ca15c0d3d804297086c84883d81bb8b74960c6e986555
  • 44ba0bfe401a07f4570fd3ca26f5955350ac831a21326face55465f8d9a7ec52
  • 418203a531ceb1f08a21b354bc0d3bf8f157c76b521495c29639d7bffa416b38
  • 2a7898573bd8be121eda249e7521efd2d599354d51fabae7edafef9d60dae8b1
  • 40e99d0dfc27c66170ed57610a1c3cc9a0b6e87a0d544d739f828f10faf2758b
  • ff8b71b7e9b320d272babb15324b7417f182313f71c4af0b9961424a12154b66
  • 3a96f09255af4eb1d3fe3ea6dd4befc71543ef317b1d9f9561255a725eb48a62
  • fa68aa01fad37dd7e7d6222ef833ec4e63317c0821a45834dfe284fdafb9069a
  • bac8489de573f614d988097e9eae53ffc2eb4e7dcb0e68c349f549a26d2130a8
  • 89f1a82f4919db731cc4a5c5a71fbe1a9a1d362b6da61b018c89ea2cd26c0de3
  • c2c333a5f46eb5894f05f3323ab8aea87b3c2e9ba0221c28dcf46b0842592ac6
  • 6f0b9fdc7edf43a9d1262263320e623a7e2b349f54185491262fe5184413222f
  • 6684c2348d205962d41977b2db6263733809b635cdc039447373c34e04d6bc20
  • ed2aa3272db6eebedcabbb3c61cb699e6ec5d91b4297b8a6186a03f5b4999a80
  • 18c6224decd141a6412f3d2aa71dbd086e9a71bd51b3baed1cb2b2715d676872
  • d77901484e91445d8d11b82ff487b9e56b48930fe3086e5858ea754e9f490c1f
  • d912445a5e8beda7e842756fd6e598d91ef0526c913a6f1e6135957f19fa64ca
  • fa71584f27f5eacca9f3d5644fd06ccebcc14b8394efeaccd38259f8382c26e5
  • 586fc08567a69f4abbafd05c98be469dfaaa9b93eaccc5043dcf22d2b666bf63
  • fbd66a4f385e8c573c51c19a49c7e9c2ffa1639f4648721591b7ea0af845a313
  • e26a76def39740596843a57c3edcfe9f5000af5f5b538215a5799db58f41fe33
  • fcfd34f99b0a5f4bb91c0d6eaa9b2fdcc3bf9b3dd594213a389a056828a537c1
  • f694f02ee26d544ad41f543ecd166bd71d02b3723b8a5ee515a9c2944a667971
  • 12e670dc36ac50e86a58f759fa4a5de25e574227a19e1942aaa788c82540a910
  • e8e2f7538530b6ea3f4726b13bf76c4e0696cdaf1a0547294b447c21df1c594d
  • 4ee465d58613c03c15c0e92728bba76a065149d4773a1ce59c76d414d70fb190
  • 4235f33576b503faacbafb1b612f5fdf91fb406e73964f61064f232bd2b9c21c
  • d8d0c3854c54e2bacb40ead54d94268dda6ea6aef1ac1f78b8d10b990a4441a2
  • 39cf2459a85f9b8bcc81233964e05dec3f5ec9e8de74329f995c6a0cc8a8db36
  • dd812ba2bc5f441d8a9594443040f8fea7e3f91bdf1dd1968bbbbc7747e0bc68
  • e4c55a5b1c07d93b2ae956f7404279c1a68344e7d27e6a3aa917c79c17f7fa05
  • 2ee74ceaa5964cf223aefb3cf4e0c25ea96c7d4bc0eba48439716e763d2f3837
  • 65041a83c88ba90e489de8ac275688815c51b93ae568c627b74fc160d2db6bab
  • 7ae0aa490bad2fa152cd097caaaebfcef7a393a74e886a02b22109b38a4d9fc4
  • e843af007ac3f58e26d5427e537cdbddf33d118c79dfed831eee1ffcce474569
  • 1af0958f8590b626bedfcd1972cd3ea49d9576db86f1e768e5520f9615d01a19
  • cac5c0da0b4495a1dee326e4259fb8bcdecb162a780d0d215ad33e751ebbff34
  • c94e52455826c63a8800e6a66d72db467e1266f3b06aabbaad14c0d7463ee266
  • bb4628f0b29d906f1ec4c41a5fe5f7fe1b53432b765d5ef0a560e8d2ef5e5541
  • 6d4af9f7e14e1ae7f871cd0bcdd87927cde8d236fd9d37e76554729abe3e31e4
  • 6424307ea25f1889e4b9fb8a64d860e42681cddf71a5a70af7963ab282225c8d
  • dbf3e5bb9b7b5806d831617fbeed088d56fc2f5794a833d24eff96c165ba417b
  • 64a448ee194fe58c8c212faa4fbe737f8088ef387cc4551a0f1d86e9d4bdab02
  • 9ce65cced9949cef6b69f86542533e653b91ce7d43cb6b51e8ae402b6dadf651
  • 61f8dc6d618572a86bd0b646d16186bb6b0fff970947a7df754add4f65ec8625
  • 91e20fb663b1809279666fb1e7ef7bd8da42ae51e0c05b51515ba851e2a991ac
  • d40a3503a960663187a83f560e94563cd11606a610a4b176b0ac065af037f175
  • 7c195b85528b3ed75672fbcea0d32a2f45d541cf8c71e855b03d6266a8facdc0

Remediation

  • Block the threat indicators at their respective controls.
  • Do not download files from random sources.
  • Keep all software and browsers updated to latest patched versions.
  • Only download software from authentic and official sources. 
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.