Rewterz Threat Alert – Malspam Campaigns Spreading Dridex Banking Trojan

November 20, 2019

Rewterz Threat Advisory – Linux Webmin Servers Being Attacked by New P2P Roboto Botnet

November 21, 2019

Rewterz Threat Alert – Trickbot Info-Stealer Active Infection Campaigns – IoCs

November 20, 2019

Severity

High

Analysis Summary

TRICKBOT is an info-stealer banking trojan which has been used in multiple malspam campaigns for a while. The trojan is capable of stealing credentials, moving laterally, stealing data and providing remote access to malicious threat actors. Indicators of compromise have been retrieved from most recent campaigns dropping the Trickbot malware.

Impact

Information Disclosure
Credential Theft
Unauthorized Remote Access

Indicators of Compromise

MD5

da77fae2b9245ff7fd1ff5e097094421
4c28c31537491782f4fd72c6c981b422
4ca2e41f6336c9a1a91567939538ed4e
c7d7d5282b1f50074bd83e534115eff0
290583efdf6f8ac36f56c2dfe5efc958
e48450e526ff57dae1c28f540352d37b
f892b36774517ef25355345c9a152dc9
c09a4bbb16553d4e0ad88315ff6a46b4
296ea4976390a4469cd495b85ca9c983
c20b04b9ea7d91eaa1027c33d0c81a15
1fd71bbb44a264412e53263ee94e60aa
54ce54fca50b62ac0f7fcd84822a3923
3f82a50d04cdd43eb9b9432bcd3ab8a3
f16242c00a9d8718170e682d0b828ca6

SHA-256

af72ea0349dc0e1cd9f6c6a3f3bd58fa828ec14d59d60b8713252773c5751d52
5a57b2831babc7bfab809923cacbe7bd4e0d663c4015f528458dde68c5a87251
102c007ae1c5d31265fcb60fd14eb1f0aebad9e3daa3ecab6761fb4d3e84d3d6
98ef4070cb18c7ec28d51d4e5906b9d9ac92ffda12ba4b99c61c6eeb0b567198
0bfc771e5ad57d72158965483fafea2869bd8a7f489d0fd09303290473a8eb0a
6a5de7693e48934a8060ecd1f6fc94d0931a6cf51c60130a1083319b0df0f58c
457f8a035d1b5af45ca04ad0d51a6083cc393ae46847675120f7daa2b35cd08c
dd708991d246f56ec4978a14d7a997fd32ed6b8a6f882db19e57fde0b28e56ae
1d6d0b88eef7d224714ad936370173e620a12100f0a49716a2cfeb6b5da6fae0
827cf33f7ef0754b6801277050df0e78b644d42a8010e7c9fcc213baa86493c6
9987ce69eef1fe17de63b11e089c268f3d4b85d174f35f09294d74f76824e669
4995334f4ac0ec8ec725a3b91c54662dc1c2307d5c7747b6494dec0890390026
9b7277765e7fd185fb1fb1e4297bc581e298be0d6eb6d9c3cb446b7733b7a14b
aef76e35056eabd7a4aad30fd870fc90468e48bc53b5011fd2e8368391ae4353

SHA1

f9a5ddc87b0e07eba73ec6b4c8e469e0a962371d
57f1db1723e6b8fa979ea04c53699b3600986783
8af62136bc3929f19848d7e3af54ab149ea058f1
8113be44d81cf6ecf40b8580234ea00972a01daf
1f76c4fa1459a42b4b82d1ec83b3ee702ef9dafb
1e8da0d7c66d3cf6c57a2d92a42045227dccadc1
b14357269fadb46062ed92646ab8f5cd2bd07722
db6324fc3926cc74c40070dafd4fb3d1d290bec0
05f8915d7de5a5a61da5d9ee755c652116ac0224
fdb9ac2a1602a2d0d188c575b8b6ccce8603cc6d
7b40375081d919d9ae78f9b3ea09d2157f42f213
9848fc5c469aa15ea43b7e7d3beef9ca83cfe64e
a1e514792ec8e547582ed7b407ec4a0a2f10f308
2348ecc16c768a1e82f29d9e1abae0dbcb57a1f1

Remediation

Block the threat indicators at their respective controls.
Do not download files/click on URLs attached in untrusted emails.
Do not enable macros for untrusted files.
Do not download files/software from random sources on the internet.
Keep all systems and software updated to latest patched versions.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – Chaos Ransomware – Active IOCs

Rewterz Threat Advisory – Multiple Adobe ColdFusion Vulnerabilities

Rewterz Threat Alert – Ursnif Banking Trojan aka Gozi – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us