Rewterz Threat Advisory – PHPGurukul Complaint Management System
April 27, 2020Rewterz Threat Advisory – CVE-2020-5867 – F5 NGINX Controller
April 27, 2020Rewterz Threat Advisory – PHPGurukul Complaint Management System
April 27, 2020Rewterz Threat Advisory – CVE-2020-5867 – F5 NGINX Controller
April 27, 2020Severity
Medium
Analysis Summary
Threat group TA505 behind Locky ransomware and Dridex banking Trojan has now resurfaced with their campaign of malicious Covid-19 attachments via phishing emails to lure users to click on the malicious links which supposedly will aware them of the updates regarding the pandemic of Corona virus. The campaign has emerged at a very crucial time when the people around the world have their eyes on the possible vaccine or any other treatment in these trying times. Once delivered, attackers can then download additional types of malware including banking Trojans and ransomware. TA505 is known as one of the most significant financially motivated threat actors due to the extraordinary volumes of messages they send.
Impact
- Credential theft
- Exposure of sensitive data
Indicators of Compromise
Email Subject
COVID-19 Everything you need to know
Remediation
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.