• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Shipping Themed Malspam – IoCs
March 8, 2019
Rewterz Threat Alert – Multiple Malware Campaigns – IoCs
March 8, 2019

Rewterz Threat Alert – Chase Themed Phishing Campaign

March 8, 2019

Severity

Medium

Analysis Summary

A recent campaign of chase themed phishing emails has been observed and is being sent actively to different users containing an embedded url.

The body of the email looks like this:

******** INTERNET EMAIL SECURITY ADVISORY ******** Think Before You Click! Suspicious? Contact Tech Support! ******** INTERNET EMAIL SECURITY ADVISORY ********

This is a secure message from Chase Smallbusiness.

Hello ,

You scheduled a payment of $2,110.64 for your account ending in Regular Personal Checking-4077.

hxxps://secmail[.]Chase[.]com/formpostdir/securereader?id=wKBgK-4O7ktmM5dO5tT3_gXeQFACuH-xY&brand=04044160 <Embedded URL>

You scheduled a payment of $2,110.64 for your account ending in Regular Personal Checking-4077. 

Banking, credit card, automobile loans, mortgage and home equity products are provided by Chase, N.A. and affiliated banks, Members FDIC and wholly owned subsidiaries of Chase Corporation. Credit and collateral are subject to approval. Terms and conditions 
apply. This is not a commitment to lend. Programs, rates, terms and conditions are subject to change without notice.

Questions about banking, mortgage, and investment services?
Call 1-800-869-3557, 24 hours a day – 7 days a week
Small business customers 1-800-225-5935
24 hours a day – 7 days a week

Indicators of Compromise

IP(s) / Hostname(s) 185.162.31[.]140
URLs hxxp://alegriavzw[.]be/tmp/sendincverif/messages/sec/En_en/032019/
Email Subject Chase Smallbusiness

Remediation

  • Block the threat indicators at their respective controls.
  • Always be suspicious of the emails being sent from users that are unknown.
  • Never click on the links/ attachments sent on emails by unknown senders.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.