• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – DanaBot Trojan – Active IOCs
August 30, 2021
Rewterz Threat Alert – Cerberus Banking Trojan – Active IOCs
August 30, 2021

Rewterz Threat Alert – Widespread Credential Phishing Campaign

August 30, 2021

Severity

High

Analysis Summary

Microsoft is continuously tracking this url based phishing campaign using open redirector links. Attackers are combining these types of links with social engineering that impersonate well-known productivity tools and services to lure users into clicking. URL-based phishing threats are continuously growing with the purpose of stealing user credentials. According to the 2020 digital defense report, about 13 billion malicious and suspicious emails were blocked last year and 1 billion of those emails are listed as URL-based phishing threats.

Diagram showing attack chain of phishing campaigns that use open redirect links

Impact

  • Credential Theft

Indicators of Compromise

Domain Name

23moesian-10[.]com
23moesian-11[.]com
23moesian-15[.]com
23moesian-16[.]com
23moesian-17[.]com
23moesian-18[.]com
23moesian-19[.]com
23moesian-20[.]com
23moesian-26[.]com
23moesian-2[.]com
77support-update23-4[.]com
account-info002[.]com
account-info003[.]com
account-info004[.]com
account-info005[.]com
account-info007[.]com
account-info008[.]com
account-info011[.]com
account-info012[.]com
accountservicealert002[.]com
accountservicealert003[.]com
adminmabuk103[.]com
adminsecurity101[.]com
adminsecurity102[.]com
appgetbox10[.]com
appgetbox3[.]com
appgetbox5[.]com
appgetbox6[.]com
appgetbox7[.]com
appgetbox8[.]com
appgetbox9[.]com
bas9oiw88remnisn-10[.]com
bas9oiw88remnisn-11[.]com
bas9oiw88remnisn-12[.]com
bas9oiw88remnisn-13[.]com
bas9oiw88remnisn-14[.]com
bas9oiw88remnisn-15[.]com
bas9oiw88remnisn-16[.]com
bas9oiw88remnisn-17[.]com
bas9oiw88remnisn-19[.]com
bas9oiw88remnisn-1[.]com
bas9oiw88remnisn-20[.]com
bas9oiw88remnisn-21[.]com
bas9oiw88remnisn-22[.]com
bas9oiw88remnisn-23[.]com
bas9oiw88remnisn-24[.]com
bas9oiw88remnisn-25[.]com
bas9oiw88remnisn-26[.]com
bas9oiw88remnisn-27[.]com
bas9oiw88remnisn-2[.]com
bas9oiw88remnisn-3[.]com
bas9oiw88remnisn-4[.]com
bas9oiw88remnisn-5[.]com
bas9oiw88remnisn-7[.]com
bas9oiw88remnisn-8[.]com
bas9oiw88remnisn-9[.]com
berangberang-10[.]com

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.