• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Standard Chartered Themed Phishing Email
April 25, 2019
Rewterz Threat Advisory – Oracle WebLogic Zero-day Vulnerability
April 26, 2019

Rewterz Threat Alert – DNSpionage Threat Actors Resurface With “Karkoff” Malware

April 25, 2019

Severity

Medium

Analysis Summary


The DNSpionage malware campaign has resurfaced with a new sophisticated operation that infects selected victims with a new variant of the DNSpionage malware.

The DNSpionage attacks use compromised sites and craft malicious documents to infect victims’ computers with DNSpionage—a custom remote administrative tool that uses HTTP and DNS communication to communicate with the attacker-controlled command and control server.

With the release of Karkoff, the threat actors are more focused on evading detection and are primarily focused on targeting victims in the Middle East region.

Indicators of Compromise

URLs

  • coldfart[.]com
  • rimrun[.]com
  • kuternull[.]com

Malware Hash (MD5/SHA1/SH256)

  • 5b102bf4d997688268bab45336cead7cdf188eb0d6355764e53b4f62e1cdf30c
  • 6a251ed6a2c6a0a2be11f2a945ec68c814d27e2b6ef445f4b2c7a779620baa11
  • b017b9fc2484ce0a5629ff1fed15bca9f62f942eafbb74da6a40f40337187b04
  • cd4b9d0f2d1c0468750855f0ed352c1ed6d4f512d66e0e44ce308688235295b5
  • e398dac59f604d42362ffe8a2947d4351a652516ebfb25ddf0838dd2c8523be8

Remediation

Block the threat indicators at their respective controls.

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.