logo_SVG-01
✕
  • Platform
    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    • Managed Security Services
    • Managed Penetration Testing
  • Services
    • Assess
      • Compromise Assessment
      • Advanced Persistent Threats Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      • SOC Maturity Assessment
      • SOC Model Evaluation
      • SOC Gap Analysis
      • SIEM Gap Analysis
      • SIEM Optimization
      • SOC Content Pack
    • Train
      • Simulated Cyber Attack Exercise
      • Tabletop Exercise
      • Security Awareness and Training
    • Respond
      • Incident Analysis
      • Incident Response
  • Solutions
  • Resources
    • Blogs
    • Press Releases
    • Threat Insights
      • Threat Intelligence Reports
      • Threat Advisories
      • Monthly Threat Insights
  • Why Rewterz?
    • About Us
    • Careers
    • Contact
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Rewterz Threat Alert – RevengeRAT Being Distributed via Malspam Campaigns

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    March 17, 2023
    March 17, 2023
    Rewterz Threat Alert – Chaos Ransomware – Active IOCs
    Severity High Analysis Summary Chaos is a customizable ransomware builder that emerged on June 9 2021 (in underground forums) by falsely marketing itself as the .NET […]
    March 17, 2023
    March 17, 2023
    Rewterz Threat Advisory – Multiple Adobe ColdFusion Vulnerabilities
    Severity High Analysis Summary CVE-2023-26361 CVSS:4.9 Adobe ColdFusion could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially […]
    March 17, 2023
    March 17, 2023
    Rewterz Threat Alert – Ursnif Banking Trojan aka Gozi – Active IOCs
    Severity Medium Analysis Summary Ursnif banking trojan also known as Gozi and Dreambot has been around for more than 10 years. It gained popularity in 2015 […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Rewterz Threat Alert – RevengeRAT Being Distributed via Malspam Campaigns

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    March 17, 2023
    March 17, 2023
    Rewterz Threat Alert – Chaos Ransomware – Active IOCs
    Severity High Analysis Summary Chaos is a customizable ransomware builder that emerged on June 9 2021 (in underground forums) by falsely marketing itself as the .NET […]
    March 17, 2023
    March 17, 2023
    Rewterz Threat Advisory – Multiple Adobe ColdFusion Vulnerabilities
    Severity High Analysis Summary CVE-2023-26361 CVSS:4.9 Adobe ColdFusion could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially […]
    March 17, 2023
    March 17, 2023
    Rewterz Threat Alert – Ursnif Banking Trojan aka Gozi – Active IOCs
    Severity Medium Analysis Summary Ursnif banking trojan also known as Gozi and Dreambot has been around for more than 10 years. It gained popularity in 2015 […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
Rewterz
Rewterz Threat Advisory – Update fixes IE 0-day RCE vulnerability and 74 other flaws in Microsoft Products
November 13, 2019
Rewterz
Rewterz Threat Advisory – CVE-2019-11135 – Intel CPUs Vulnerable to Variant 2 of #ZombieLoad Attack
November 14, 2019

Rewterz Threat Alert – RevengeRAT Being Distributed via Malspam Campaigns

November 13, 2019

Severity

High

Analysis Summary

A multi-stage vbs downloader is found being delivered to targets via malspam campaigns which was used to distribute RevengeRAT and WSHRAT. This infection starts from an MHT file contained in a zip document sent over email, which communicates back to the following open directory server: http://newdocreviewonline.3utilities[.]com/

Contained on this server are two files, Review.php, which downloads Microsoft.hta. This file is a JavaScript file full of URL encoded characters:

Decoding the characters shows an html file with some VBScript code inside of it that essentially creates a new script called A6p.vbs (stored in AppData/Local) which it then uses to pull down and execute the stage2, a new script called Microsoft.vbs. This stage2 is downloaded from:

https://scisolinc[.]com/wp-includes/Text/microsoft.vbs and is heavily obfuscated.

The RevengeRAT is known for targeting government entities, financial services organizations, information technology service providers and consultancies.

Impact

  • Unauthorized Remote Access
  • Credential Theft
  • Data Manipulation
  • Financial loss

Indicators of Compromise

Domain Name

newdocreviewonline.3utilities[.]com

MD5

  • e3edfe91e99ba731e58fc2ad33f2fd11
  • b7927fd753061058bc67178c3bddf110
  • 2433eaa83c9cdf9d1fbd33490f17067a
  • d6a5cc000867f5778c3f761ea5a35d63
  • d85f8899ff755d4e46ee47305937ec57

SHA256

  • 9ada62e4b06f7e3a61d819b8a74f29f589b645a7a32fd6c4e3f4404672b20f24
  • d86081a0795a893ef8dc251954ec88b10033166f09c1e65fc1f5368b2fd6f809
  • c229c614c9bd2b347fd24ad12e3c157c686eb86bc0a02df1c7080cf40b659e10
  • ced8be6a20b38f5f4d5af0f031bd69863a60be53b9d6434deea943bf668ac8d8
  • 68dc6680befd948e2476fba139a53b7cce5471efe3aa3cadcb2feed714073091

SHA1

  • 2108e82d020ef7a0bcb61df031b96cad2232e892
  • cc34ab40bb24dd840395a68273c427fc9b50d264
  • 7fc512ac0768b3e6b224453f6c4578218857b3c1
  • d6040c2fc8b6006acfa1612ecaa36bb7740bc28e
  • 1f503a1551d2598c5e65e95297454e19e9ccbfbb

Source IP

  • 193.56.28[.]134
  • 185.84.181[.]102

URL

  • hxxp[:]//newdocreviewonline[.]3utilities[.]com/
  • hxxp[:]//newdocreviewonline.3utilities[.]com/2/
  • hxxp[:]//newdocreviewonline.3utilities[.]com/1/
  • hxxp[:]//newdocreviewonline.3utilities[.]com/microsoft[.]hta
  • hxxps[:]//scisolinc[.]com/wp-includes/Text/microsoft[.]vbs
  • hxxp[:]//britianica.uk[.]com:4132
  • hxxp[:]//185.84.181[.]102[:]5478

Remediation

  • Block the threat indicators at their respective controls.
  • Do not respond to emails coming from untrusted sources.
  • Do not download files/visit links attached in untrusted emails.

Platform

  • Rewterz XDR
  • Rewterz Defense
  • Rewterz Threat Intelligence

Managed Security Services

  • Managed Security Monitoring
  • Remote SOC
  • Onsite SOC
  • Hybrid SOC

Assess

  • Compromise Assessment
  • APT Assessment
  • Penetration Testing
  • Architecture Design & Review
  • Red Team Assessment
  • Purple Team Assessment
  • Social Engineering
  • Source Code Review

Transform

  • SOC Consultancy
  • SOC Maturity Assessment
  • SOC Model Evaluation
  • SOC Gap Analysis
  • SIEM Gap Analysis
  • SIEM Optimization
  • SOC Content Pack

Train

  • Simulated Cyber Attack Exercise
  • Tabletop Exercise
  • Security Awareness and Training

Respond

  • Incident Analysis
  • Incident Response

Threat Insights

  • Threat Advisories
  • Monthly Threat Insights
  • Threat Intelligence Reports

Resources

  • Blog
  • Press Releases

Connect With Us

  • Contact
  • Careers
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.
Get a Demo