• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2019-1889 – Cisco Application Policy Infrastructure Controller REST API
January 17, 2020
Rewterz Threat Alert – APT 21 Targeting Pakistan
January 17, 2020

Rewterz Threat Alert – GandCrab Malware Delivered via Malspam Campaign

January 17, 2020

Severity

High

Analysis summary

An email campaign that was identified distributing the GandCrab ransomware worldwide. The email attempts deceive a potential victim into believing that it is a legitimate message from the Center for Disease Control, stating that there is a flu outbreak. The subject line for the emails was: “Flu pandemic warning.” The infection process begins once a victim opens the attachment. It is a Microsoft Word document titled “Flu pandemic warning.doc”. It is important to note that the malware, in order to be successfully installed, requires the victim to enable macros. As is customary with other ransomware, it aims to lock a victim’s files, and demand that a ransom be paid. At this time, there is not a decryption tool available to unlock a victim’s files.

Impact

File encryption

Indicators of Compromise

Email Subject

Flu pandemic warning[.]doc

From Email

  • viktoria@akk-actg[.]com
  • florian@jesseandjoannabelizewedding[.]com
  • niko@sf-dns[.]net
  • peter@eatpraynope[.]com

MD5

  • fae8e6b098eb9ecce2611f1dffc8f7b9
  • 27fa5f1ef590ee5e503c3d15f210dab7

SHA-256

  • a1ca75dfdcc8038650c27cbd4f7b3edc2cf5915cd75567c9bd2407ea0d099eba
  • 73a994e9fa2804afceaf1286e4aba8522eb3c555b85766b03f03106118165736

SHA1

  • 7971cd39eee59bf64cc2dfd7610d6f529eafd9df
  • 6069666610d09085dc7926cde3d242427e67b167

URL

  • https[:]//www[.]kakaocorp[.]link/static/tmp/eshe[.]png
  • http[:]//www[.]kakaocorp[.]link/
  • http[:]//205[.]185[.]125[.]109/samanta[.]exe

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.