• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Latest LokiBot Malware – IOCs
July 8, 2020
Rewterz Threat Alert – Latest Agent Tesla Infection Chain
July 8, 2020

Rewterz Threat Alert – TA505 APT Group – Latest IOCs

July 8, 2020

Severity

High

Analysis Summary

TA505 is a prolific cybercriminal group known for its attacks against multiple financial institutions and retail companies using malicious spam campaigns and different malware. In the group’s latest campaign, they deploy the Get2 Downloader via malicious HTML redirectors which leads to the malware. This also allow threat actors to to gain access to the compromised network, providing opportunities to steal financial data or install ransomware. This is an active campaign expected to target financial institutions around the world.

Impact

  • Data exfiltration
  • Exposure of sensitive data

Indicators of Compromise

Filename

  • harvest_expense_report_download[.]html
  • harvest_expense_report[.]xls
  • libIntel1[.]dll

From Email

  • Sherry[.]Levine@delikomat[.]pl
  • Carol[.]Croft@valtecnic[.]com
  • ashley@primesigns[.]com[.]au
  • lfh@huohyow[.]com[.]cn
  • matias[.]montejano@valtecnic[.]com
  • anita[.]munoz@redsalud[.]gob[.]cl
  • ratchanee@ralclegal[.]com
  • helen_hong@qz[.]tasia[.]com[.]cn
  • feli@rewe-taetzner[.]de

IP

  • 91[.]217[.]242[.]14
  • 213[.]229[.]130[.]91
  • 23[.]83[.]212[.]26
  • 218[.]104[.]163[.]90
  • 186[.]67[.]179[.]186
  • 203[.]156[.]164[.]146
  • 211[.]21[.]70[.]202
  • 62[.]75[.]145[.]239

MD5

  • add0167db22df546afc750d30382ae1b
  • 3d901db4c7bf978da9ed00b2320a7442
  • 4e828046de52bd609278c51ada23a2e8
  • e2719622f7332eca638163963e85a81d
  • 022772a1cf9010bf08ee690e1af11cf4
  • 87e178a5806fc951a57722eb74f7ab06
  • 467c027bb811e3a12896c76f7e50231a
  • 832e4cbb9b7c4be753d1625a034e8e9f
  • 2b66da476d28e736126f5e0dc43085f4
  • e5c7cef7203770247b54dd59edc1d6e8
  • 597701ea4a28a882e0be2836a63dce38
  • 492978aefc9c62a074c18f18353b3a7f
  • c23455be795ae5b1747401ec7e35500c
  • 92b77e8d825aca55df04ec26f85550c2
  • 1445eee770b4768140156560cc06356f
  • b3a3eb99a9ac3d4683b8a64d06ab28d2

SHA-256

  • 9bdde916ae5c984d5c0b80122c494201037fae31c90d4ded13e619e47c84f412
  • 2eb601d0025201f26375da26a87b251731fbc1c991beb6d085ba7d7537b0f464
  • 6c420e8de223903c6a5dc458f7e11fa17d405ce85dd5cc2d1d45b363c866e98d
  • 5fd9a547fb26b6ce1a8d6c353d9284654b0785eadf9fc8945734e1fd26d8efdf
  • 379ecffcab0c31855e9803c8c4bef5517f18921072eb17dccbe268803359938e
  • 2564b544d2c3ee2a39291e575dcb9ba61cb58647097f8f2bf42a42a09d0b1afd
  • 266b288e3fed3e560c575a99829d5cccfb33d6831ee7d842cc6f5b8fadf2443f
  • 66159933a159971016ec29086bda1a51aaa8e3221830e43b2391fc261427459a
  • 9dd13e02121ff016438f0540d169df51ac44527eabc4116143d6e0b569dc1f99
  • bbb1e775425b5033816f9a289676ee3f4ee6644c724e9ff0152ed0f5012fa146
  • c227a9a4db37fa762ee7064b33cba6289d66d47bdd5c6a6ace5599dfb377f184
  • 461c95f4e03b2f0b4ad50d2d8de568b954b5682f6c241692ffd32e7a16db5acc

SHA1

  • 724de0c255eeb09eb24dbfa63d8b76b856650c80
  • 3a6df0ea98eb15cb3a589631dfe8119627fa36f0
  • b80f012ab0099019852d78ec188b690fa4b82ba0
  • 074152f716803fbc0b0ac6890e8b3f5cc9532210
  • 820ede82a80453d7bb705c1b3a8456ee0186044b
  • b499a92d393c1415463a236e94c5e87fe151cfa6
  • 3c5d07f824c33f1f50e0e0e6268d834666f2e05d
  • eba9a2e8bce2c91e92fcd047be1b89aec9bd2fb5
  • c01e03ddf9405f8d5675c9165603c41ab6ed6e1f
  • 28a3d3f8fc14d841cb04ef78ad957c76a32566ea
  • fd2d86305e385dd53e6c428b88c09532f55af796
  • ed2c5eccb8a8c03960a4b5109c3792016e665e4d

URL

  • hxxps[:]//d1[.]dropboxscdn[.]com/d/dhd6n3h39f7d/index[.]php
  • https[:]//rapid-stores[.]com/nake1

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your existing environment.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.