Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 19, 2023
Severity High Analysis Summary A new information-stealing malware called Mystic Stealer emerged in April 2023, gaining popularity in cybercrime circles. It targets various web browsers, browser […]September 19, 2023Rewterz Threat Alert – BlackCat/ALPHV Ransomware Group Allegedly Encrypted Over 100 MGM ESXi Servers
Severity High Analysis Summary An affiliate of the BlackCat ransomware group, also known as APLHV, recently carried out a significant cyberattack on MGM Resorts, leading to […]September 19, 2023Severity High Analysis Summary APT37, also known as ScarCruft or Red Eyes, is a state-sponsored cyber espionage group originating from North Korea. The group has been […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 19, 2023Severity High Analysis Summary A new information-stealing malware called Mystic Stealer emerged in April 2023, gaining popularity in cybercrime circles. It targets various web browsers, browser […]September 19, 2023Rewterz Threat Alert – BlackCat/ALPHV Ransomware Group Allegedly Encrypted Over 100 MGM ESXi Servers
Severity High Analysis Summary An affiliate of the BlackCat ransomware group, also known as APLHV, recently carried out a significant cyberattack on MGM Resorts, leading to […]September 19, 2023Severity High Analysis Summary APT37, also known as ScarCruft or Red Eyes, is a state-sponsored cyber espionage group originating from North Korea. The group has been […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – Latest Attack Techniques From Qbot
August 31, 2020Rewterz Threat Advisory – CVE-2020-5621 – Multiple NETGEAR products cross-site request forgery
September 1, 2020
Severity
High
Analysis Summary
Researchers have recently identified a new malspam campaign that delivers the Wacatac Trojan. Attackers compressed an executable in different types of archive file attachments. If potential victims extract and execute those attachments, they will most likely become infected. The campaign began on August 21, 2020 and is still ongoing up to today August 31. The involved spams attract victims’ attention using important banking information as an email subject. Many of them attach a RAR archive file, but it could also be an ACE archive.
On Windows platforms, if the victim opens it, regsvcs.exe will start and, in turn, trigger a process to gather the user’s personal information on the file system. Here’s the infection process.
At the same time, it also establishes a communication session between a remote controller (i.e. 220-cpanel-02.wlink.com.np or 250-cpanel-02.wlink.com.np) and the infected device via Extended Simple Mail Transfer Protocol (ESMTP). This connection is supposedly used by the remote controller(s) to take control of the infected device.
Impact
- Information theft
- Exposure of sensitive data
- Gain access of victim’s device
Indicators of Compromise
MD5
- 9bfc740fa669c4418d89fd5556ce5c43
- e7eed309f5a6bdb6d1384317e5801a85
SHA-256
- fab4c74418538e8284f7796ce0a281b88915e66d27e0e0b52507f843c0fbc3cd
- 94b6fee9a92b1f031ad025ceadcc8b44822777463c3bb13c8f89071cb0bc306a
SHA1
- 6cc4714eeaf98fa918d8147ec56ec14b4adabd6d
- e48806c057dc2045584d34695f0a02ee7fa29343
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.