Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Severity
Medium
Analysis Summary
A spear phishing campaign distributing a Trojan via an .XLS attachment. It was observed targeting an Italian organization and has been attributed to the threat group TA505. The connection was drawn due to the the use of a command and control server in Germany, previously used by the group in past campaigns. The email attachment itself contains an embedded malicious macro. The infection process begins once the .XLS attachment is opened, ultimately leading to the malware being installed on the victim’s system. It is important to note that in order for the Trojan to be successfully installed, the victim must enable macros. It was reported that the macro source code is extremely obfuscated and contains over sixteen-hundred lines of code.
Indicators of Compromise
IP(s) / Hostname(s)
URLs
Malware Hash (MD5/SHA1/SH256)
Remediation