• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – Cisco Firepower Threat Defense Software Multiple Security Updates
May 7, 2020
Rewterz Threat Advisory – CVE-2020-3125 – Cisco Adaptive Security Appliance Software Kerberos Vulnerability
May 7, 2020

Rewterz Threat Alert – COVID-19 Phishing Email Indicators

May 7, 2020

Severity

Medium

Analysis Summary

Cybercriminal and advanced persistent threat (APT) groups are leveraging COVID-19 themed health, informational, and warning notice emails in an attempt to obtain credentials, e.g., Microsoft O365 accounts. These emails direct targets to click links by purporting to be online services requiring authentication. Malicious actors use these links to capture victim credentials and then redirect victims to the World Health Organization’s (WHO) Coronavirus notice. Threat actors are continuing with their malicious activities to rob the users of from their sensitive data for their gain in these trying times and are making full use of the situation.

Impact

  • Credential theft
  • Exposure  of sensitive data 

Indicators of Compromise

Filename

  • AWARENESS NOTICE ON CORONAVIRUS COVID-19 DOCUMENT_zip[.]jar
  • Covid-19_zip[.]bin
  • COVID-19[.]rar
  • Attachments-Fwd_ Proforma for COVID-19[.]zip
  • COVID-19 WHO RECOMENDED V[.]gz
  • Covid 19 Immunity Tips (2)[.]zip
  • zbetcheckin_tracker_COVID-19[.]jar

MD5

  • bac2f22d53c6f2b43eba6adbb0f2ea9a
  • 08dd5ee67ee69ddfa11cb55562baef58
  • c49856a3df308e8b1739b357832c8e9b
  • 5da446b5f22bfa77a51b654762583a28
  • 378bbb172ccae5e28549a003e4e84bce
  • 51b7f0213cb2945d42b88996761ce74b
  • e8973e617a743a5597b63ce268986761

SHA-256

f7b0d6d95f2644e32c22eb3e681e33387ac27d71dd73eee3ff37ce77985ab177

3e1fb4ff54112a78d8bdccbe596c119201f079010c4f69cdf2c99385e7aee3dc

15e029c3834435150c76741e714540fcb799662db8cc2c61ba4ef192a781727b

47f1570e770d236836c0d3cb50755b6dd91e1be58a0d3e61507c7baacfd27784

43670ae43df9e361fa15f09f611da32db104ee207ed5af3e7e7f098ad82a68e0

2c464648ff97fd39dab054d0c3e1bd249e244fcc975b697e312796669c7763f1

5b0ba8d58a64630cb5fcb80e72520bd2ef6f322003fa2588d4d594620e6685ae

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.