Rewterz Threat Advisory – QNAP patches Multiple QTS vulnerabilities
December 8, 2020Rewterz Threat Alert – Spear-Phishing Email Spoofs Microsoft Domain
December 9, 2020Rewterz Threat Advisory – QNAP patches Multiple QTS vulnerabilities
December 8, 2020Rewterz Threat Alert – Spear-Phishing Email Spoofs Microsoft Domain
December 9, 2020Severity
Medium
Analysis Summary
A spear phishing campaign is found targeting finance and banking industry with malicious emails. The emails carry malicious attachments to drop malware. The targeted victims are found located in Turkey. It is not yet known which kind of malware is being distributed through this campaign.
Impact
Unknown
Indicators of Compromise
Domain Name
- sdvsrgter[.]gb[.]net
- u17316837[.]ct[.]sendgrid[.]net
From Email
- noreply@mymeet[.]dev
MD5
- 6cb91d0aa0db44cd6c93e1040b875d08
- d891e51a320673d1548d288e167535ad
- 3a30cbde3826f7b3bdc0dba708a179f3
SHA-256
- c897509e8388323345c00d0bd3b7636d84a01ef06393c11878b59c09a46878d9
- 06ecb0f3f8abf2554590466757f77407869705239e5f9f710b42d5293ef91eff
- cff2dc33c1772f6500e0e4e1090667c43f4677b1794180d13628e2ed7d898b89
SHA1
- 95f2ec8d59506bc811a0aec8f67510be81e24e94
- 24c75d1e7f92baf7b63bf64b6c67773e0dffac93
- 803bf4454719d649485e7cfbe83d26af88318ba8
Source IP
- 103[.]153[.]182[.]50
- 104[.]16[.]19[.]94
- 209[.]197[.]3[.]24
URL
- https[:]//sdvsrgter[.]gb[.]net
- https[:]//sdvsrgter[.]gb[.]net/auth/index2[.]php
Remediation
- Block the threat indicators at their respective controls.
- Do not download files attached in untrusted emails.