Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Severity
Medium
Analysis Summary
Threat actor TA505 is impersonating Airlines disguising as domestic e-ticket (e-ticket) certificates from the morning of July 25, ahead of the summer vacation season.
The attacker is the ‘** Airline e-Ticket Certificate.’ , And using the sophisticated Korean language in the body of the e-mail content, the e-mail recipient is encouraged to open the attached file.
Attached file is’ e-ticket (random number) .iso ‘file name is attached to the compressed file, the icon and extension when decompressed as a PDF document disguised as a screen saver file’ e-ticket certificate _66016630.pdf. scr ‘or’ L207123.lnk ‘will be downloaded.
The ‘e-ticket voucher _66016630.pdf.scr’ file is malicious code based on .Net. The C2 server acts as an additional payload download.
Impact
Indicators of Compromise
Malware Hash (MD5/SHA1/SH256)
Remediation