Rewterz Threat Alert – DanaBot Trojan – Active IOCs
August 30, 2021Rewterz Threat Alert – Cerberus Banking Trojan – Active IOCs
August 30, 2021Severity
High
Analysis Summary
Microsoft is continuously tracking this url based phishing campaign using open redirector links. Attackers are combining these types of links with social engineering that impersonate well-known productivity tools and services to lure users into clicking. URL-based phishing threats are continuously growing with the purpose of stealing user credentials. According to the 2020 digital defense report, about 13 billion malicious and suspicious emails were blocked last year and 1 billion of those emails are listed as URL-based phishing threats.
Impact
- Credential Theft
Indicators of Compromise
Domain Name
23moesian-10[.]com
23moesian-11[.]com
23moesian-15[.]com
23moesian-16[.]com
23moesian-17[.]com
23moesian-18[.]com
23moesian-19[.]com
23moesian-20[.]com
23moesian-26[.]com
23moesian-2[.]com
77support-update23-4[.]com
account-info002[.]com
account-info003[.]com
account-info004[.]com
account-info005[.]com
account-info007[.]com
account-info008[.]com
account-info011[.]com
account-info012[.]com
accountservicealert002[.]com
accountservicealert003[.]com
adminmabuk103[.]com
adminsecurity101[.]com
adminsecurity102[.]com
appgetbox10[.]com
appgetbox3[.]com
appgetbox5[.]com
appgetbox6[.]com
appgetbox7[.]com
appgetbox8[.]com
appgetbox9[.]com
bas9oiw88remnisn-10[.]com
bas9oiw88remnisn-11[.]com
bas9oiw88remnisn-12[.]com
bas9oiw88remnisn-13[.]com
bas9oiw88remnisn-14[.]com
bas9oiw88remnisn-15[.]com
bas9oiw88remnisn-16[.]com
bas9oiw88remnisn-17[.]com
bas9oiw88remnisn-19[.]com
bas9oiw88remnisn-1[.]com
bas9oiw88remnisn-20[.]com
bas9oiw88remnisn-21[.]com
bas9oiw88remnisn-22[.]com
bas9oiw88remnisn-23[.]com
bas9oiw88remnisn-24[.]com
bas9oiw88remnisn-25[.]com
bas9oiw88remnisn-26[.]com
bas9oiw88remnisn-27[.]com
bas9oiw88remnisn-2[.]com
bas9oiw88remnisn-3[.]com
bas9oiw88remnisn-4[.]com
bas9oiw88remnisn-5[.]com
bas9oiw88remnisn-7[.]com
bas9oiw88remnisn-8[.]com
bas9oiw88remnisn-9[.]com
berangberang-10[.]com
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment