Rewterz Threat Alert – Shade Ransomware Hits High-Tech, Wholesale & Education Sectors in Multiple Countries
May 24, 2019Rewterz Threat Alert – Skimmer Acts as Payment Service Provider via Rogue iframe to Harvest Credit Card Information
May 24, 2019Rewterz Threat Alert – Shade Ransomware Hits High-Tech, Wholesale & Education Sectors in Multiple Countries
May 24, 2019Rewterz Threat Alert – Skimmer Acts as Payment Service Provider via Rogue iframe to Harvest Credit Card Information
May 24, 2019Severity
Medium
Analysis Summary
Shade ransomware has been targeting hosts running Microsoft Windows, since 2014. It is also known as Troldesh. Distributed through Russian language as well as English language malspam campaigns and exploit kits, Shade ransomware encrypts files on your computer and appends an extension .crypted000007 with the name of each encrypted file.
When a Windows host is infected with Shade ransomware, its desktop background announces the infection, and ten text files appear on the desktop named README1.txt through README10.txt as shown in Figure 1.
These readme text files are the ransom notes as shown below:
The Malspam-based infections for Shade ransomware involve a JavaScript (.js) or other type of script-based file disguised as an invoice or bill. In some cases, Shade malspam has links for these script-based files. In other cases, the files are directly attached to the emails within a zip file or other type of archive.
Shade ransomware’s favorite victims fall under High Tech category in many countries including U.S, Japan, India, Thailand, Canada.
Impact
- Files Encryption
- Loss of Information
- Financial Loss
Indicators of Compromise
URLs
- hxxp[:]//333media[.]co[.]uk/[.]tmb/inf[.]inf
- hxxp[:]//abcstudio[.]sk/wp-content/themes/fusion-base/fonts/msg[.]jpg
- hxxp[:]//abyaz[.]ir/wp-content/themes/woodstock/js/1[.]pdf
- hxxp[:]//acffiorentina[.]ru/assets/1[.]pdf
- hxxp[:]//actinix[.]com/wp-content/themes/ultra/images/msg[.]jpg
- hxxp[:]//adelekeoluwakemiandco[.]com/wp-content/themes/twentyseventeen/inc/inf[.]inf
- hxxp[:]//agava[.]ee/wp-content/themes/graphene/bootstrap-rtl/1[.]pdf
- hxxp[:]//alpadegra[.]pe/wp-content/themes/mesmerize/customizer/css/hp[.]gf
- hxxp[:]//ambulatorium[.]sk/wp-admin/css/colors/blue/hp[.]gf
- hxxp[:]//amsr[.]ma/templates/businessplan/html/com_contact/categories/msg[.]jpg
- hxxp[:]//andyburkholder[.]com/wordpress/wp-admin/css/colors/blue/hp[.]gf
- hxxp[:]//andyliotta[.]com/wp-content/themes/musicpro/js/cookie/msg[.]jpg
- hxxp[:]//anselmi[.]at/templates/rt_hadron/css-compiled/hp[.]gf
- hxxp[:]//anyadavidson[.]com/wordpress/wp-admin/css/colors/blue/hp[.]gf
- hxxp[:]//app[.]expalglobal[.]com/upload/items/img/1[.]pdf
- hxxp[:]//arbanstore[.]com/wp-admin/css/colors/blue/hp[.]gf
- hxxp[:]//arbanstore[.]com/wp-admin/css/colors/blue/inf[.]inf
- hxxp[:]//archiaidbd[.]com/templates/shaper_helix3/css/presets/inf[.]inf
- hxxp[:]//ascentprint[.]ru/scripts/1[.]pdf
- hxxp[:]//auroradx[.]com/adxwp/wp-content/backups-dup-pro/tmp/gr[.]mpwq
- hxxp[:]//auroradx[.]com/adxwp/wp-content/nfwlog/cache/hp[.]gf
- hxxp[:]//automodernshop[.]com/[.]quarantine/inf[.]inf
- hxxp[:]//b-compu[.]de/templates/conext/content_images_source/msg[.]jpg
- hxxp[:]//b-compu[.]de/templates/conext/html/com_contact/contact/msg[.]jpg
- hxxp[:]//balloflightning[.]com/wp-content/themes/vigilance/css/msg[.]jpg
- hxxp[:]//bamferproductions[.]com/GeneratedItems/1[.]pdf
- hxxp[:]//banzay[.]com/wp-content/themes/di-blog/languages/msg[.]jpg
- hxxp[:]//bbbrown[.]com/wp-content/themes/twentyten/languages/msg[.]jpg
- hxxp[:]//berkaytulpar[.]com[.]tr/inf[.]inf
- hxxp[:]//bitcoinqrgen[.]com/wp-content/ai1wm-backups/hp[.]gf
- hxxp[:]//bjlaser[.]com/templates/outsourcing-fjt/html/com_contact/contact/msg[.]jpg
- hxxp[:]//britishcollege[.]edu[.]lk/[.]well-known/acme-challenge/inf[.]inf
- hxxp[:]//bursabowling[.]com/templates/rt_myriad/custom/1[.]pdf
- hxxp[:]//canadianpricespharmacy[.]xyz/wp-content/themes/maxshop/images/hp[.]gf
- hxxp[:]//capablecanines[.]org/wp-content/themes/Divi/css/hp[.]gf
- hxxp[:]//clubdelideres[.]org/font-awesome/css/hp[.]gf
- hxxp[:]//coastalcrestgroup[.]com/wp-content/themes/betheme/assets/animations/hp[.]gf
- hxxp[:]//conozcatlanta[.]com/[.]well-known/acme-challenge/hp[.]gf
- hxxp[:]//consultantlegality[.]com/wp-content/themes/llorix-one-lite/css/hp[.]gf
- hxxp[:]//costiran[.]com/wp-admin/css/colors/blue/inf[.]inf
- hxxp[:]//crlagoa[.]cdecantanhede[.]pt/wp-admin/css/colors/blue/hp[.]gf
- hxxp[:]//customercarelist[.]info/wp-content/themes/Newspaper/parts/footer/hp[.]gf
- hxxp[:]//cvpass[.]net/wp-content/themes/twentyseventeen/assets/css/inf[.]inf
- hxxp[:]//damyo[.]co[.]kr/wp-content/themes/enfold/config-gravityforms/hp[.]gf
- hxxp[:]//damyo[.]co[.]kr/wp-content/themes/enfold/lang/hp[.]gf
- hxxp[:]//davanaweb[.]com/wp-content/themes/arras-theme/@eaDir/hp[.]gf
- hxxp[:]//davidgillettephotography[.]com/wp-content/themes/boilerplate/boilerplate-admin/inf[.]inf
- hxxp[:]//demo[.]art-of-digital[.]com/yoga/2018/12/24/live-a-perfect-life/feed/inf[.]inf
- hxxp[:]//dicaconsultores[.]com/wp-content/themes/empowerment/inc/msg[.]jpg
- hxxp[:]//dnz17[.]in[.]ua/tmp/inf[.]inf
- hxxp[:]//dongavienthong[.]com/wp-includes/ID3/inf[.]inf
- hxxp[:]//donmago[.]com/wp-content/themes/betheme/js/parallax/msg[.]jpg
- hxxp[:]//dresscollection[.]ru/errors/default/css/msg[.]jpg
- hxxp[:]//ekolog[.]org/687a0eb9e70069aa3c7f5a7bc1b08bf0/msg[.]jpg
- hxxp[:]//elurnsummit[.]com/wp-content/themes/writee/templates/inf[.]inf
- hxxp[:]//emfbd[.]org/wp-content/themes/frontier/includes/genericons/hp[.]gf
- hxxp[:]//enaghsh[.]ir/wp-content/themes/mweb-digiland/dokan/hp[.]gf
- hxxp[:]//entrepreneurspider[.]com/wp-content/themes/astra/languages/inf[.]inf
- hxxp[:]//escwireless[.]com/templates/jm-0013/css/gr[.]mpwq
- hxxp[:]//eurotecheu[.]com/wp-content/themes/skt-solar-energy/js/inf[.]inf
- hxxp[:]//farmworldtech[.]com/wp-content/themes/generatepress/inc/customizer/controls/css/1[.]pdf
- hxxp[:]//fcbiolog[.]com/errordocs/style/inf[.]inf
- hxxp[:]//fenapro[.]org[.]br/templates/ja_edenite/css/colors/msg[.]jpg
- hxxp[:]//flashsale88[.]com/wp-admin/css/colors/blue/inf[.]inf
- hxxp[:]//flirtwithclassdemo[.]racevmarketing[.]com/wp-admin/css/colors/blue/1[.]pdf
- hxxp[:]//foodera[.]co/wp-admin/css/colors/blue/1[.]pdf
- hxxp[:]//forestandseaclub[.]racevmarketing[.]com/wp-content/cache/et/26/1[.]pdf
- hxxp[:]//frenchdoitbetter[.]my/wp-includes/ID3/hp[.]gf
- hxxp[:]//gimnazjum-zawichost[.]pl/dokumenty/mlody_naukowiec/msg[.]jpg
- hxxp[:]//gpcezhukone[.]org/templates/rt_audacity/html/com_content/archive/hp[.]gf
- hxxp[:]//greenerpathway[.]info/wp-admin/css/colors/blue/gr[.]mpwq
- hxxp[:]//grunert[.]biz/wp-content/themes/sydney/languages/hp[.]gf
- hxxp[:]//hamayeshgroup[.]com/[.]well-known/pki-validation/inf[.]inf
- hxxp[:]//hitechontheweb[.]com/wp-content/themes/advanced-twenty-seventeen-child/template-parts/footer/inf[.]inf
- hxxp[:]//importfish[.]ru/dynamic/msg[.]jpg
- hxxp[:]//inhome[.]theadleaf[.]net/wordpress/inf[.]inf
- hxxp[:]//innovationsolarinc[.]com/wp-content/themes/isi/bbpress/inf[.]inf
- hxxp[:]//instanttechnology[.]com[.]au/wp-content/themes/skyline/inc/footers/inf[.]inf
- hxxp[:]//invokeshop[.]com/wp-content/ai1wm-backups/inf[.]inf
- hxxp[:]//iqra[.]tn/fbs/hp[.]gf
- hxxp[:]//iqra[.]tn/wp-admin/css/colors/blue/hp[.]gf
- hxxp[:]//isfacca[.]ir/IrSans/css/inf[.]inf
- hxxp[:]//jazarah[.]net/wp-content/themes/truemag/admin/assets/css/msg[.]jpg
- hxxp[:]//jbrealestategroups[.]com/wp-content/themes/bridge/export/msg[.]jpg
- hxxp[:]//jgcarpetcleaning[.]com/wp-content/themes/bb-theme/classes/1[.]pdf
- hxxp[:]//joeksdj[.]nl/VT555/_vti_cnf/msg[.]jpg
- hxxp[:]//kean3[.]com/[.]well-known/pki-validation/hp[.]gf
- hxxp[:]//khabbas[.]com/wp-content/themes/twentyseventeen/inc/hp[.]gf
- hxxp[:]//kokkelering[.]no/wp-content/themes/Divi/core/admin/css/inf[.]inf
- hxxp[:]//koren[.]cc/wp-content/themes/twentyseventeen/template-parts/footer/inf[.]inf
- hxxp[:]//languardia[.]ru/wp-content/languages/plugins/msg[.]jpg
- hxxp[:]//leamoreconstruction[.]com/wp-content/themes/buildplus/admin/1[.]pdf
- hxxp[:]//liliatomova[.]com/wp-includes/ID3/1[.]pdf
- hxxp[:]//linetours[.]ru/wp-content/themes/untitled/styles/msg[.]jpg
- hxxp[:]//louismoreno[.]com/wp-content/themes/asterion/page-templates/msg[.]jpg
- hxxp[:]//magicsounds[.]net/wp-admin/css/colors/blue/1[.]pdf
- hxxp[:]//mail[.]333media[.]co[.]uk/public_html/plugins/acl/localization/inf[.]inf
- hxxp[:]//mail[.]360cleaning[.]co[.]uk/skins/classic/images/buttons/hp[.]gf
- hxxp[:]//mail[.]360cleaning[.]co[.]uk/wp_caden_package_1[.]3/Licensing/inf[.]inf
- hxxp[:]//mail[.]creativerentacar[.]com/installer/images/inf[.]inf
- hxxp[:]//mail[.]creativetravelworld[.]com/plugins/acl/localization/hp[.]gf
- hxxp[:]//mail[.]zadiaks90[.]com/installer/images/inf[.]inf
- hxxp[:]//makeupp[.]site/wp-content/themes/twentysixteen/genericons/1[.]pdf
- hxxp[:]//makeupp[.]site/wp-content/themes/twentysixteen/genericons/inf[.]inf
- hxxp[:]//mapsu[.]org/awstats/msg[.]jpg
- hxxp[:]//marathonbuilding[.]com/wp-content/themes/Marathon20140204a/images/msg[.]jpg
- hxxp[:]//marketingcoachth[.]com/wp-admin/css/colors/blue/msg[.]jpg
- hxxp[:]//meeweb[.]com/admin/swfupload/css/inf[.]inf
- hxxp[:]//meurls[.]xyz/wp-content/plugins/ad-ace/assets/css/fonts/iconfont/msg[.]jpg
- hxxp[:]//miumilkshop[.]com/wp-includes/ID3/hp[.]gf
- hxxp[:]//mmonteironavegacao[.]com[.]br/blog/category/msg[.]jpg
- hxxp[:]//montaneproperties[.]co[.]za/cache/1[.]pdf
- hxxp[:]//musiciansassociationofthephilippines[.]com/wp-includes/ID3/inf[.]inf
- hxxp[:]//muslimlifestyleexpo[.]info/wp-content/themes/singlepage/languages/1[.]pdf
- hxxp[:]//myclientsdemo[.]com/cannadyz/css/hp[.]gf
- hxxp[:]//nest[.]sn/wp-content/themes/education-web/languages/msg[.]jpg
- hxxp[:]//new4[.]pipl[.]ua/[.]well-known/acme-challenge/inf[.]inf
- hxxp[:]//noblechild[.]com/wp-content/themes/mt-dark/languages/hp[.]gf
- hxxp[:]//northernoceanmarine[.]com/wp-content/themes/nom/images/hp[.]gf
- hxxp[:]//northernoceanmarine[.]com/wp-content/themes/nom/images/inf[.]inf
- hxxp[:]//novotravel[.]ir/wp-snapshots/hp[.]gf
- hxxp[:]//oestervraafys[.]dk/templates/rt_cygnet/fields/hp[.]gf
- hxxp[:]//orielliespinoza[.]com/wp-content/themes/rara-business/images/hp[.]gf
- hxxp[:]//orielliespinoza[.]com/wp-content/themes/rara-business/inc/css/hp[.]gf
- hxxp[:]//ozemag[.]com/wp-content/themes/emag/template-parts/msg[.]jpg
- hxxp[:]//panamacitybeachcondosforsale[.]net/wp-content/themes/astra/assets/css/minified/compatibility/woocommerce/hp[.]gf
- hxxp[:]//pitbullcreative[.]net/wp-content/themes/alyeska/lang/hp[.]gf
- hxxp[:]//pixonet[.]ir/wp-snapshots/hp[.]gf
- hxxp[:]//plasticbottle-factory[.]com/wp-content/themes/baiila/fonts/hp[.]gf
- hxxp[:]//prathmeshbiotech[.]com/templates/jd_miami/css/presets/inf[.]inf
- hxxp[:]//precision[.]bc[.]ca/wp-content/themes/precision/colors/hp[.]gf
- hxxp[:]//prigo[.]com/bluewhale/hp[.]gf
- hxxp[:]//rayaxiaomi[.]com/wp-content/themes/abchlik/widgets/hp[.]gf
- hxxp[:]//repairinc[.]wsid[.]net/wp-admin/css/colors/blue/inf[.]inf
- hxxp[:]//rickspringfield[.]jp/PHOTOS/PHOTOS_files/msg[.]jpg
- hxxp[:]//robinchahal[.]com/ftp/msg[.]jpg
- hxxp[:]//rockett[.]net/wp-content/themes/simplemag/formats/hp[.]gf
- hxxp[:]//ryzconstruccionesciviles[.]com/wp-content/themes/spacious/font-awesome/css/inf[.]inf
- hxxp[:]//sabbath[.]weswesmusic[.]com/wp-includes/ID3/hp[.]gf
- hxxp[:]//sagami-suisan[.]com/wpBK/msg[.]jpg
- hxxp[:]//schwimmerforum[.]de/archive/hp[.]gf
- hxxp[:]//shop[.]albertgrafica[.]com[.]br/vqmod/install/msg[.]jpg
- hxxp[:]//smarthost[.]kiev[.]ua/templates/sunshine/css/msg[.]jpg
- hxxp[:]//snowfeel[.]in/wp-admin/css/colors/blue/hp[.]gf
- hxxp[:]//solutionpc[.]be/modules/php/1[.]pdf
- hxxp[:]//spidernet[.]comuv[.]com/wp-content/themes/twentyseventeen/inc/inf[.]inf
- hxxp[:]//standard-cement[.]kz/hp[.]gf
- hxxp[:]//stilldesigning[.]com/wp-content/themes/stilldesigning-2014/css/hp[.]gf
- hxxp[:]//subastaomarwheels[.]com/wp-content/themes/revo/css/fancy/hp[.]gf
- hxxp[:]//szimano[.]org/wordpress/wp-admin/css/colors/blue/1[.]pdf
- hxxp[:]//tanmoy[.]xyz/wp-content/themes/sility/files/hp[.]gf
- hxxp[:]//tasooshi[.]com/wp-content/themes/astra/assets/css/minified/compatibility/woocommerce/msg[.]jpg
- hxxp[:]//tasooshi[.]com/wp-content/themes/astra/inc/addons/transparent-header/assets/js/minified/msg[.]jpg
- hxxp[:]//taxi-kazan[.]su/administrator/cache/msg[.]jpg
- hxxp[:]//telebriscom[.]cl/wp-content/themes/fitness-wellness/languages/msg[.]jpghxxp[:]//thabazimbi[.]net/css/1[.]pdf
- hxxp[:]//thaisell[.]com/AM/hp[.]gf
- hxxp[:]//thefourthseasona-1-z[.]com/wp-includes/ID3/1[.]pdf
- hxxp[:]//thegioibds[.]net/wp-includes/ID3/1[.]pdf
- hxxp[:]//thelearningcompany[.]com[.]au/templates/eventus2/images/presets/default/inf[.]inf
- hxxp[:]//tilmenyoresel[.]com/catalog/controller/account/inf[.]inf
- hxxp[:]//tntnailswoodlands[.]com/wp-admin/css/colors/blue/hp[.]gf
- hxxp[:]//tntnailswoodlands[.]com/wp-admin/css/colors/blue/inf[.]inf
- hxxp[:]//tosama[.]de/templates/jsn_artista_pro/js/inf[.]inf
- hxxp[:]//tourview[.]ir/wp-includes/ID3/hp[.]gf
- hxxp[:]//trdesign[.]org/themes/bartik/color/1[.]pdf
- hxxp[:]//tugaukina[.]com/wp-content/themes/sahifa/framework/admin/images/inf[.]inf
- hxxp[:]//twosisterstravelco[.]com/wp-content/themes/uncode/languages/hp[.]gf
- hxxp[:]//tyger[.]ro/wp-content/themes/twentysixteen/inc/inf[.]inf
- hxxp[:]//varfolomeev[.]ru/cgi-bin/msg[.]jpg
- hxxp[:]//veganwarrior[.]racevmarketing[.]com/wp-content/cache/et/8/1[.]pdf
- hxxp[:]//vehiclescanner[.]co[.]uk/[.]quarantine/hp[.]gf
- hxxp[:]//visionfirst[.]site/wp-admin/css/colors/blue/gr[.]mpwq
- hxxp[:]//visitjourney[.]org/wp-content/plugins/admin-menu-editor/ajax-wrapper/hp[.]gf
- hxxp[:]//vlakvarkproductions[.]co[.]za/[.]well-known/acme-challenge/inf[.]inf
- hxxp[:]//voasi[.]com/wp-content/themes/twentyseventeen/assets/css/msg[.]jpg
- hxxp[:]//www[.]333media[.]co[.]uk/wp-content/plugins/Plugin/Licensing/inf[.]inf
- hxxp[:]//www[.]baumont[.]fr/wp-content/themes/dt-the7/languages/hp[.]gf
- hxxp[:]//www[.]djyan[.]net/administrator/cache/inf[.]inf
- hxxp[:]//www[.]eliasmetal[.]co[.]il/wp-content/languages/plugins/1[.]pdf
- hxxp[:]//www[.]glitzygal[.]net/wp-content/themes/FreshClean/includes/msg[.]jpg
- hxxp[:]//www[.]gran-premio[.]es/wp-content/themes/elastico/functions/css/hp[.]gf
- hxxp[:]//www[.]gran-premio[.]es/wp-content/themes/elastico/js/hp[.]gf
- hxxp[:]//www[.]illustr8design[.]co[.]uk/wp-content/themes/illustr8black/font/hp[.]gf
- hxxp[:]//www[.]insidepoolmag[.]com/wp-content/themes/vidorev/page-templates/msg[.]jpg
- hxxp[:]//www[.]krayot[.]ru/includes/hp[.]gf
- hxxp[:]//www[.]krohm[.]net/wp-content/themes/Flexible_old/css/hp[.]gf
- hxxp[:]//www[.]leamoreconstruction[.]com/wp-content/themes/buildplus/admin/1[.]pdf
- hxxp[:]//www[.]mashmul[.]ir/components/com_ajax/hp[.]gf
- hxxp[:]//www[.]phazethree[.]com/wp-content/themes/customizr/inc/admin/css/msg[.]jpg
- hxxp[:]//www[.]plasticbottle-factory[.]com/wp-content/themes/baiila/fonts/hp[.]gf
- hxxp[:]//www[.]scottpatton[.]com/birthday/hp[.]gf
- hxxp[:]//www[.]scottpatton[.]com/img/common/hp[.]gf
- hxxp[:]//www[.]sey-org[.]com/wp-content/themes/frindle/templ/msg[.]jpg
- hxxp[:]//www[.]soundtel[.]com/cgi-bin/msg[.]jpg
- hxxp[:]//www[.]thecustomboxeshelp[.]com/wp-content/themes/Newspaper/mobile/amp/css/inf[.]inf
- hxxp[:]//www[.]x-ng[.]de/wp-content/themes/my-vcard-resume/vendors/bootstrap/css/hp[.]gf
- hxxp[:]//www[.]xfreaks[.]at/templates/reinhard4/css/inf[.]inf
- hxxp[:]//zipcarbahamas[.]com/wp-admin/css/colors/blue/inf[.]inf
- hxxp[:]//zzb[.]kz/libraries/cms/captcha/hp[.]gf
Malware Hash (MD5/SHA1/SH256)
- 1fc2e4c5ff5844410fc7b78c6987cddf
- 44ff529219044aea635985dbb98b63f1
- c834c0e071ba81c16ec8093233a268c9
- d4dd2a704dc4058951b330bf9e72df57
- 7288d113b95d76bdb5e80040fcded9a4
- 862ced9771f1d1af136e0b00c9a37496
- 4efaa45b9e7c58ee04eecbf11c430063
- fc2d1d2825c42a11b56d6e5fd0ef0317
- 358f9893f047e1e0e7d4eee13bd4a3b6
- 17c7cda30096c869c95c50852b4043c9
- d27974f69100fe36c948f25529a72a2d
- 21d5abb9977d71918ee1de4e83dc8e84
- 6cc16cb37135f58895345e3f8cbfdd5d
- 6f3e147fca1f2c8fe6275082d66e2a30
- 75e0a3f7fa6853b006b7871be3217e21
- 588c44f7d45328df605aaa90902f51b4
- 9cbdc4243bf6b775c17ddae33472d7f0
- 399602c103cf91b3983742ab89a71918
- e64ffb9762baa56fca2dcf788e671c19
- d0b32bcb0d2d3c809dd829d0b4f5e36f
- f0a70786bc46ef829652208789fb71a8
- a49becf00b4f784713850c36c93743fd
- 26e56de629257522119b9c0bf303f178
- efeef329677779bdce968ad62a4744a6
- 92b5abef090c538d37aaa4d4220d203c
- f8f2854a70018b6dc26069bfd677ac65
- 6050d781f8a9138342195c195354f601
- 013aae78d326cfb1cc3c1baf924368c1
- adead6c71c051595f60dbd42919cbfa3
- b891aa5781114582c27baa0c8029777c
- d7b1976d623015332b2ff468f385ea69
- e3b60927db92de73e80813fa24a7c61b
- a645c3785b9f3ece07bd959631f8fdc0
- 7382581e63ff4fe62477dd915fa33736
- 5d5d9dba99e609b34ea040ef7003e444
- 834e658f1c9206f3dcf1076192ba7256
- 969305f9f01a46e8eee82885d9bde2bd
- 2d4f8a97b58382be42c61bacd190a577
- 024b96c94297855f73d34df614a4baa3
- 5b6401c25c4db9c6552a24bcf72295b8
- 66527ee46c0939b508607efab87b352d
- 4d988338e79cb04cdc1358d49dfdd2e9
- e1910ce7fa51b3d99c1664c632949cdd
- 80c87c3b7187bf24ad3e3805c9ceccca
- e8178a58198d491bd2dbcc2c170fd40d
- 4a9246917961b64d89d52f812647a4c6
- 46d391cb2a6c43cee82609ee33fb371b
- 86cc993b9af22ce2624a6a3d7831e422
- b82b82beb62ac4eb418482d9bcb517c2
- 08588913138eae6baec523566ae4131e
- e5dbf26de67c36360904167fc0d014e7
- bd2504c9adb62cce7cc148f97f5f9201
- bb39f3c3bafd9fac9c8cc1b8ed2a6e40
- b6a294ac8421dfc269e9af7428094063
- eecc3f8b06d10c937ee2bdda9afdfc03
- 214139f97f853b7febdf030baba6bafd
- ee65ebbc954c2ad5a09042d138af0679
- 91ecfc7bef3e8f2851cd0b3a80e767b4
- 9c216a7d7e50c0576ca4bdc794db37c8
- 4dc6394261c4404164c1061deef9afb3
- 821db42aed5076881f1ccf04fb9f3025
- 65c7547198528217791e1f0de2788e7d
- 2507d78dec3de7552c582576ba48865d
- e704da02579efeb63b16181bdec2b77f
- cb65cf232455da6e55f9d27339caa4b3
- cb444d53bc22ef7a48f809801bb06ec7
- d618bf728cecc3d684fc28c23996a95f
- f97ff2b608b522b1a6769a87c74af6d4
- 38af0830c3144800359245d53a8854b5
- 7e921e11caeb6f9594fa286d217af62e
- e3cce010a6dd36ea82db065ee92f2c2e
- eb4a56ff586f6c8efe402a1684c79464
- 4a56b5573673cc7d2cb3161fbfce5c7c
- 201e80d06b45399649f453017eb5a4e5
- 84b8bc2fea52b2090f29857f5d7e467e
- 73dea1a75637e14f6fcd012fe2815636
Remediation
- Block the threat indicators at their respective controls.
- Do not download email attachments coming from untrusted sources.
- Do not click on URLs received in untrusted emails.
- Scan all files prior to execution.
- Closely monitor invoice/bill-themed emails, (They’re also frequently reported in phishing alerts).