September 18, 2023

Rewterz Threat Alert – Lumma Stealer Malware aka LummaC – Active IOCs

Severity Medium Analysis Summary Lumma is an information stealer that is sold as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums and Telegram. Lumma is an information […]

September 18, 2023

Rewterz Threat Advisory – Multiple WordPress Plugins Vulnerabilities

Severity Medium Analysis Summary CVE-2023-4948 CVSS:4.3 WooCommerce CVR Payment Gateway Plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by missing capability […]

September 18, 2023

Rewterz Threat Update – Microsoft Teams Used for Stealing Accounts by Ransomware Access Broker

Severity High Analysis Summary Microsoft has stated that a ransomware group working with an initial access broker has recently started using Microsoft Teams for their phishing […]

September 18, 2023

Rewterz Threat Alert – Lumma Stealer Malware aka LummaC – Active IOCs

Severity Medium Analysis Summary Lumma is an information stealer that is sold as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums and Telegram. Lumma is an information […]

September 18, 2023

Rewterz Threat Advisory – Multiple WordPress Plugins Vulnerabilities

September 18, 2023

Rewterz Threat Update – Microsoft Teams Used for Stealing Accounts by Ransomware Access Broker

Severity High Analysis Summary Microsoft has stated that a ransomware group working with an initial access broker has recently started using Microsoft Teams for their phishing […]

Rewterz Threat Alert – Mac Trojan Shlayer Distributed via Google Searches

June 19, 2020

Rewterz Threat Alert – Cobalt’s Updated Tactics and Tools

June 19, 2020

Rewterz Threat Alert – Raddex Malware Targeting Arabic-speakers, Linked to Golden RAT

June 19, 2020

Severity

Medium

Analysis Summary

Security researchers have uncovered a new sample of Android malware called Raddex targeting Arabic-speakers that is reportedly linked to GoldenRat (also known as APT27 or APT-C-37). The threat actor aims to get a superuser access to the device. The Raddex malware is also categorized a s a spyware that collects sensitive information from the device and sends it to a C2 server.

Impact

Device takeover
Exposure of sensitive information

Indicators of Compromise

Hostname

295[.]yao[.]cl

MD5

4ae13489e22c79cc794d59ff74cb1aee
b91491c2525b4a578a88b7a13df679aa
389c20a9a4a4aada461535ad22e0dc2a
006ead0cabf1312dbce67ed42d524bfc
1f9e92fdc5bdb2467dd2e1015304bed5
006ead0cabf1312dbce67ed42d524bfc

SHA-256

4ddc1325ac72ceaca843b017b7b68ef54b9c63757fb72c38738b076353e0ee25
29c5c3c15c5cb2a8f9e87d6732bc138d9ef570de745d6193cb7acf684368aef5
434ccfbc3780a3c76fb5cc02a1a681a3388ca9760de7b7ac17c0f3ccb55b24a5
f416b7c6e390aab28f9f19839ece94c748cf0957eb94eb0dfd9b12ce6e301cde
d4b69105a02386a4c1f11d9b14f75f9a115bcfe54548cffcc271cb3f7630fc78
f416b7c6e390aab28f9f19839ece94c748cf0957eb94eb0dfd9b12ce6e301cde

SHA1

33974523679d0eef019e764cf72966a2656080e1
eb9462fd6d1db3a9c552e64657f618a01dc1c094
0d0668f0da2d24fed3a58eba486983637e7ca7a7
6e74b2e814977bb04071ac6e9def70c37bcd55cc
bc682a8bc6ea8550a9c6286a7011ed8a87396723

Source IP

94[.]177[.]251[.]146
205[.]251[.]145[.]29

Remediation

Block the threat indicators at respective controls.
Be very careful while granting permissions to any apps.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – Lumma Stealer Malware aka LummaC – Active IOCs

Rewterz Threat Advisory – Multiple WordPress Plugins Vulnerabilities

Rewterz Threat Update – Microsoft Teams Used for Stealing Accounts by Ransomware Access Broker

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – Lumma Stealer Malware aka LummaC – Active IOCs

Rewterz Threat Advisory – Multiple WordPress Plugins Vulnerabilities

Rewterz Threat Update – Microsoft Teams Used for Stealing Accounts by Ransomware Access Broker

Threat Insights

About Us

Our Leadership

CSR

Connect with Us