Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
May 30, 2023
Severity High Analysis Summary Recently, researchers discovered an advanced phishing method called “file archiver in the browser” that exploits .ZIP domains to deceive unsuspecting individuals. This […]May 28, 2023Severity High Analysis Summary An email protection and network security services provider has issued a warning regarding a zero-day vulnerability that has been exploited to compromise […]May 26, 2023Severity High Analysis Summary CVE-2023-32165 CVSS:9.8 D-Link D-View could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in TftpReceiveFileHandler […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
May 30, 2023Severity High Analysis Summary Recently, researchers discovered an advanced phishing method called “file archiver in the browser” that exploits .ZIP domains to deceive unsuspecting individuals. This […]May 28, 2023Severity High Analysis Summary An email protection and network security services provider has issued a warning regarding a zero-day vulnerability that has been exploited to compromise […]May 26, 2023Severity High Analysis Summary CVE-2023-32165 CVSS:9.8 D-Link D-View could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in TftpReceiveFileHandler […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – CVE-2019-10072 – Apache Tomcat WINDOW_UPDATE Denial of Service Vulnerability
June 21, 2019Rewterz Threat Alert – TrueBot Malspam campaign – Silence Group
June 21, 2019
Severity
High
Analysis Summary
A new variant of the Ryuk Ransomware has been discovered that adds IP address and computer blacklisting so that matching computers will not be encrypted. These features include IP address and computer blacklisting to prevent certain systems from being infected. The new version was also digitally signed, possibly in an attempt to evade detection prior to installation. The IP ranges and computer names in the malware’s blacklist (i.e. a list of hosts not to infect) are listed below. The article indicated this blacklist may have been added to prevent infecting Russian systems during worming attacks. If the victim’s system does not fall into one of the blacklist categories, the files are encrypted as usual and a .RYK extension is appended to the file name. RyukReadMe.html is created as the ransom note and contains the phrase “balance of shadow universe” and an email address to contact for payment instructions.
Impact
- Unauthorized system access
- Files encryption
Indicators of Compromise
IP(s) / Hostname(s)
- 10[.].30[.].4[.].0/255
- 10[.].30[.].5[.].0/255
- 10[.].30[.].6[.].0/255
- 10[.].31[.].32[.].0/255
Email Address
- neyhyretim@protonmail.com
- sorcinacin@protonmail.com
Malware Hash (MD5/SHA1/SH256)
- 0b1008d91459937c9d103a900d8e134461db27c602a6db5e082ab9139670ccb6
Remediation
- Block all threat indicators at your respective controls.
- Search for these IOCs in your environment.