• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – ‘Bahamut’ Threat Group Attacks Targets in the Middle East and South Asia
October 8, 2020
Rewterz Threat Alert – WordPress Flaw to Leverage Zerologon Vulnerability; Attacks on Domain Controllers
October 8, 2020

Rewterz Threat Alert – QNodeService RAT Distributed in COVID19 Campaign, Spoofs Reuters News Network

October 8, 2020

Severity

High

Analysis Summary

Fake emails have been detected pretending to come from “Reuters News Network”, which is a well known news organization company, using the #COVID19 infection of Donald Trump as a lure to distribute QNodeService RAT. Message body of these phishing emails is in English as well as Arabic. The email claims to break a news from America, about Donald Trump’s health, as the email subject suggests. It has an attachment which is supposed to be a video which in fact is a zip file. The malware has also been used in a Covid-19-themed phishing campaign earlier. Running the file attached in the email led to the download of a new, malware sample written in Node.js; this trojan is dubbed as “QNodeService”.The malware has functionality that enables it to download/upload/execute files, steal credentials from Chrome/Firefox browsers, and perform file management, among other things. It targets Windows systems, but its design and certain pieces of code suggest cross-platform compatibility may be a future goal.

Image

Impact

  • Credential Theft
  • Data Exfiltration
  • Code Execution
  • Unauthorized Remote Access

Indicators of Compromise

Domain Name

piolozxx[.]ddns[.]net

Email Subject

USA President Donald Trump health is very serious!!!! We have the evidence here

From Email

sales@autosellerbulknews[.]life

MD5

  • c4ceec1bf73783dcb2ee150b771e23a4
  • 4589aa06add25d572381c35103b1df8c
  • 7125eea628cb4e5c1fb434438a4078d5

SHA-256

  • bdc561ae53aa52900af298a57b5e2f920f9cdf74bccf674735dbab318499c2d0
  • 5fb3a9eac63a469c8d640cea485939caaebeabe6b56586344941f3329bdea265
  • ccc9d33299c1e6c358f925183ec60168764b34b2f824fba218ba41c89b5efc85

SHA1

  • 20a9f2f207bbb388076383a0ed2c5205ae299433
  • 19a6edd5aa7cd9a1b75543cfade939601dd3a59b
  • 42bdf99bde24425de761a6b4313e89cfc7cb8320

URL

http[:]//piolozxx[.]ddns[.]net/

Remediation

  • Block the threat indicators at their respective controls.
  • Do not download files attached in untrusted emails.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.