• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2019-6008 – ICS: Yokogawa Products Vulnerability
October 2, 2019
Rewterz Threat Alert – Qbot/Qakbot Attempts to Evade Detection By Overwriting Itself
October 2, 2019

Rewterz Threat ALert – FakeUpdates are Back! – IOC’s

October 2, 2019

Severity

High

Analysis Summary

Financially-motivated threat actors employ tactics that focus on disrupting business processes by deploying ransomware in mass throughout a victim’s environment. Understanding that normal business processes are critical to organizational success, these ransomware campaigns have been accompanied with multi-million dollar ransom amounts. In this newer campaign, the threat actors leveraged victim systems to deploy malware such as Dridexor NetSupport, and multiple post-exploitation frameworks. The threat actors’ ultimate goal in some cases was to ransom systems in mass with BitPaymer or DoppelPaymer ransomware.

A campaign that used compromised websites to deliver heavily obfuscated Trojan droppers masquerading as Chrome, Internet Explorer, Opera, and/or Firefox browser updates. The compromised sites contained code injected directly into the HTML or in JavaScript components rendered by the pages which had been injected. These sites were accessed by victim users either via HTTP redirects or watering-hole techniques utilized by the attackers.

image-1569996986.png

Impact

Financial loss

Indicators of Compromise

Malware Hash (MD5/SHA1/SH256)

  • a2ac7b9c0a049ceecc1f17022f16fdc6
  • 2c444002be9847e38ec0da861f3a702b
  • 7503da20d1f83ec2ef2382ac13e238a8
  • 0e470395b2de61f6d975c92dea899b4f
  • 102ae3b46ddcb3d1d947d4f56c9bf88c
  • aaca5e8e163503ff5fadb764433f8abb
  • 10eefc485a42fac3b928f960a98dc451
  • 175dcf0bd1674478fb7d82887a373174
  • 62eaef72d9492a8c8d6112f250c7c4f2
  • 6e05e84c7a993880409d7a0324c10e74
  • 72fe19810a9089cd1ec3ac5ddda22d3f
  • 7239da273d3a3bfd8d169119670bb745
  • c8bb08283e55aed151417a9ad1bc7ad9
  • 63d4834f453ffd63336f0851a9d4c632
  • 07b0ce2dd0370392eedb0fc161c99dc7
  • 0ef5c94779cd7861b5e872cd5e922311

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the link/attachments sent by unknown senders.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.