• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – GlobeImposter Ransomware Attacking Financial Services
June 27, 2019
Rewterz Threat Advisory – IBM WebSphere Application Server Multiple Vulnerabilities
June 28, 2019

Rewterz Threat Alert – APT 33 Resurfaces with Fresh Attacks – IoCs

June 27, 2019

Severity

High

Analysis Summary

  • APT33 was noticed to send emails with embedded URLs for malicious (.doc) and (.hta) files.
  • The main custom AutoIt backdoor gets downloaded post exploitation to start contacting their POWERTON C&C infrastructure.
  • The (.doc) files are embedded with highly obfuscated macros.
  • The (.hta) files are displaying a decoy document

Impact

Security Bypass

Indicators of Compromise

IP(s) / Hostname(s)

  • 91[.]235[.]116[.]212
  • 185[.]217[.]95[.]26
  • 37[.]220[.]6[.]115
  • 103[.]236[.]149[.]100
  • 213[.]227[.]154[.]22
  • 91[.]216[.]163[.]90
  • 91[.]216[.]163[.]90
  • 91[.]216[.]163[.]90
  • 162[.]255[.]119[.]58
  • 162[.]255[.]119[.]191

Filename

  • Instruction.doc
  • CEA.hta
  • Version.exe
  • Version.7z

Malware Hash (MD5/SHA1/SH256)

  • 878827a207b86c8cfdba7c64e897198f
  • a0567cb99e6ac9b17001c2a07e6f0ea4
  • 3979c1c1751b6671af294bbffa161a22
  • b5d943da309ff49a3c4f261046bc389b
  • 16ecbf1e31675ee56ae315cecf198b33
  • d922ac5490c9446472b2ce5ec6a09682
  • 59c5ceb700bf6aedccf36042af379c0b
  • 54fbb2c0756579b20b5b45e652adf412
  • 3871aac486ba79215f2155f32d581dc2
  • 2cd286711151efb61a15e2e11736d7d2
  • c38069d0bc79acdc28af3820c1123e53
  • 5a66480e100d4f14e12fceb60e91371d
  • 4047e238bbcec147f8b97d849ef40ce5
  • e2d60bb6e3e67591e13b6a8178d89736
  • 974b999186ff434bee3ab6d61411731f
  • 53ae59ed03fa5df3bf738bc0775a91d9
  • 7f4f7e307a11f121d8659ca98bc8ba56
  • bd80fcf5e70a0677ba94b3f7c011440e
  • 4aca006b9afe85b1f11314b39ee270f7
  • f5ac89d406e698e169ba34fea59a780e
  • 99649d58c0d502b2dfada02124b1504c
  • 4047e238bbcec147f8b97d849ef40ce5
  • 46038aa5b21b940099b0db413fa62687

Remediation

  • Scan these IOC’s in your existing environment.
  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the link/attachments sent by unknown senders.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.