April 16, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2019-0283 – SAP NetWeaver Process Integration Multiple Vulnerabilities
April 10, 2019Rewterz Threat Advisory – Adobe Shockwave Player Multiple Arbitrary Code Execution Vulnerabilities
April 10, 2019Rewterz Threat Advisory – CVE-2019-0283 – SAP NetWeaver Process Integration Multiple Vulnerabilities
April 10, 2019Rewterz Threat Advisory – Adobe Shockwave Player Multiple Arbitrary Code Execution Vulnerabilities
April 10, 2019
Severity
Medium
Analysis Summary
A phishing campaign is actively running with the name of Chase Business and dropping malicious files to different users. Threat indicators are provided.
The email looks like this :
–Begin Message–
We have temporarily suspended your Chase, N.A. account for the funds transfer service.
Here are your account details:
hxxps://securemail.chase[.]com/formpostdir/securereader?id=33779538249&brand=65313164.
Please contact Member Services to re-activate your suspended account.
Sincerely, Member Services
–End Message–
Indicators of Compromise
IP(s) / Hostname(s)
- 103.27.62[.]50
- 133.130.90[.]158
- 187.131.96[.]128
- 35.173.204[.]6
- 62.129.197[.]71
- 84.16.92[.]183
- 94.73.147[.]165
URLs
- 1lorawicz[.]pl
- alparslansenturk[.]com
- financialdiscourse[.]com
- giangocngan[.]com
- kkk-3712[.]com
- zymogen[.]net
- hxxps://securemail.chase[.]com/formpostdir/securereader?id=33779538249&brand=65313164
Filename
- Chase_Acc_BMO_823244.pdf
- IJHE08527555667463100.doc
Email Address
- business[@]e-creatorz[.]com
Malware Hash (MD5/SHA1/SH256)
453ae71569c49be9931836de1975dbe6391f599db93ebf1d25dde287b6a7b4e0
99d2309a864b760721d719840f56e37bfc58c3b573291c68a28a7edc236e3f16