Rewterz Threat Alert – Fuel Dispenser Merchants Targeted by Cyber Criminals
December 19, 2019Rewterz Threat Advisory – CVE-2019-18234 – ICS: Equinox Control Expert Code Execution Vulnerability
December 20, 2019Rewterz Threat Alert – Fuel Dispenser Merchants Targeted by Cyber Criminals
December 19, 2019Rewterz Threat Advisory – CVE-2019-18234 – ICS: Equinox Control Expert Code Execution Vulnerability
December 20, 2019Severity
High
Analysis Summary
Rancor is a Chinese cyber espionage group targeting organizations in Southeast Asia. In their most recent investigation involving Rancor, Palo Alto found an undocumented, custom malware family in use alongside the group’s existing toolset. The attacks used various first stage malware, including the new family, in an attempt to install either Derusbi or KHRat malware as a second-stage payload.
Impact
System access
Indicators of Compromise
Domain Name
- cswksfwq[.]kfesv[.]xyz
- connect[.]bafunpda[.]xyz
IP
199[.]247[.]6[.]253
SHA-256
- 0eb1d6541688b5c87f620e76219ec5db8a6f05732e028a9ec36195d7b4f5e707
- aaebf987b8d80d71313c3c0f2c16d60874ffecbdda3bb6b44d6cba6d38031609
- 0d61d9baab9927bb484f3e60384fdb6a3709ca74bc6175ab16b220a68f2b349e
- db982b256843d8b6429af24f766636bb0bf781b471922902d8dcf08d0c58511e
- cc081ffea6f4769733af9d0bae0308ca0ae63667fa225e7965df0884e96e2d2a
- bc1c3e754be9f2175b718aba62174a550cdc3d98ab9c36671a58073140381659
- 83d1d181a6d583bca2f03c3c4e517757a766da5f4c1299fbbe514b3e2abd9e0d
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.