• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – New Ursnif Campaign: A Shift from PowerShell to Mshta
April 13, 2020
Rewterz Threat Alert – Malvertising Campaign Delivering Fallout Exploit Kit
April 13, 2020

Rewterz Threat Alert – Covid-19 Malicious URLs

April 13, 2020

Severity

Medium

Analysis Summary

As the world continues to fight with the novel Coronavius, the rise in the activities of the threat actors to exploit the situation to rob the users of their vital data and information for their gains has gone up rapidly. It shows that the threat actors are eager to cash into the situation of this epidemic and make the most of the situation. Thousands of shady websites containing Covid , Corona, Covid19 are luring users to either check if they’re infected or not or rob into their credentials via phishing emails. The number has been on the rise and it shows the desperation of the threat actors to make an impact in this crisis. 

While some of the threat actors are using donation scams to help other people fighting the situation using as close to the real name of the charities while others are trying to lure users with the official image of the governing body WHO.

View image on Twitter
View image on Twitter

The rapid rise in the number of domain registrations is huge and the it carries on growing day by day. Threat actors are capatilizing this opportunity and robbing off people with the valuable data and financial loss as well.

covid domains.002

Impact

  • Credential theft
  • Information theft
  • Exposure of sensitive data
  • Financial loss

Indicators of Compromise

URL

  • http[:]//business-facebook-covid19[.]com
  • http[:]//covid19remediationservices[.]com
  • http[:]//riddoffcovid19[.]xyz
  • http[:]//covid19abatementservices[.]com
  • http[:]//googlecoronaviras[.]com
  • http[:]//googlecoronavieus[.]com
  • http[:]//googlecoronavirys[.]com
  • http[:]//googlecoronaviru[.]com
  • http[:]//www[.]ciicovid19update[.]in
  • http[:]//coronasmask[.]space
  • http[:]//coronariennes[.]northsidefleamarket[.]com
  • http[:]//coronariennes[.]inspectortips[.]net
  • http[:]//www[.]covidvirus[.]guru
  • http[:]//covidvirus[.]guru

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on he links attachments sent by unknown senders.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.