• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Credential Phish From Scam URL
October 22, 2019
Rewterz Threat Alert – Winnti Group’s skip 2.0: A Microsoft SQL Server backdoor
October 22, 2019

Rewterz Threat Alert – APT41 and LOWKEY launch financially motivated attacks

October 22, 2019

Severity

High

Analysis Summary

APT41 is described by FireEye as a Chinese state-sponsored group involved in espionage and attacks that financially benefit the group. FireEye has published a report looking at some of the malware used by the group, LOWKEY and DEADEYE. The first malware family analyzed is three variants of DEADEYE, which use RC5 encryption that FireEye note is unusual in malware they typically analyze. DEADEYE also features an additional RC4 layer. Two variants of LOWKEY were also identified, one that uses a listener on TCP port 53, the other that listens on TCP port 80 (HTTP) and intercepts URLs containing commands. LOWKEY has been used in tightly targeted attacks and utilizes system specific payloads.

Impact

Exposure of sensitive information

Indicators of Compromise

MD5

  • 2b9244c526e2c2b6d40e79a8c3edb93c
  • 04be89ff5d217796bc68678d2508a0d7
  • 092ae9ce61f6575344c424967bd79437
  • 37e100dd8b2ad8b301b130c2bca3f1ea
  • 39fe65a46c03b930ccf0d552ed3c17b1
  • 5322816c2567198ad3dfc53d99567d6e
  • 557ff68798c71652db8a85596a4bab72
  • 64e09cf2894d6e5ac50207edff787ed7
  • 650a3dce1380f9194361e0c7be9ffb97
  • 7dc6bbc202e039dd989e1e2a93d2ec2d
  • 7f05d410dc0d1b0e7a3fcc6cdda7a2ff
  • 904bbe5ac0d53e74a6cefb14ebd58c0b
  • c11dd805de683822bf4922aecb9bfef5
  • d49c186b1bfd7c9233e5815c2572eb98
  • e58d4072c56a5dd3cc5cf768b8f37e5e
  • eb37c75369046fb1076450b3c34fb8ab
  • ee5b707249c562dc916b125e32950c8d
  • ff8d92dfbcda572ef97c142017eec658
  • ffd0f34739c1568797891b9961111464

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious from emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.