• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – IBM Cognos TM1 Dojo Toolkit Script Insertion Vulnerability
July 1, 2019
Rewterz Threat Alert – GreenFlash Sundown Exploit Kit Delivered Through Malspam Campaign
July 2, 2019

Rewterz Threat Alert – Agent Telsa Keylogger & NanoCore RAT Malware – Indicators of Compromise

July 1, 2019

Severity

Medium

Analysis Summary

An email campaign discovered distributing the Agent Tesla malware and NanoCore RAT malware to different users with different subjects and dropping malicious url’s. Threat indicators are provided.

Impact

  • Exposure of sensitive information
  • Infostealer keylogger

Indicators of Compromise

IP(s) / Hostname(s)

  • 89[.]42[.]221[.]132
  • 185[.]217[.]1[.]168
  • 88[.]232[.]220[.]141
  • 41[.]219[.]22[.]204

URLs

  • mail.epurom[.]ro
  • emisparkle.duckdns[.]org

Malware Hash (MD5/SHA1/SH256)  

  • 5534d2586eb229fe15a9f903c8e412d0
  • 1fdca8ac2e9f4a4f680dfecc4889305d
  • e4088c985e80b827f31f4bf6902fd95f

Remediation

  • Always by suspicious about emails sent by unknown senders.
  • Never click on the link/ attachments sent by unknown senders.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.