Rewterz Threat Alert – Lazarus – IOC’s

October 8, 2019

Rewterz Threat Advisory – CVE-2019-13529 – SMA Solar Technology AG Sunny WebBox Cross-site Request Forgery Vulnerability

October 9, 2019

Rewterz Threat Alert- Geost Android Banking Botnet Targeting Russians

October 8, 2019

Severity

Medium

Analysis Summary

A large-scale banking botnet has targeted approximately 800,000 Android devices belonging to Russian citizens since at least 2016, according to a new research report by a trio of cybersecurity researchers.

The botnet, which researchers call Geost, used at least 140 malicious domains and 13 command-and-control servers scattered throughout the world to target victims and expand its reach.

Over the years, the attackers behind Geost had access to “several million Euros” within Russian bank accounts, according to the researchers. It’s not clear, however, how much the group may have taken over the last three years.

The researchers found that the attackers targeted customers of at least five Russian and Eastern European banks by hijacking SMS traffic between these financial firms and their customers.

Targeting Android Devices

The Geost botnet was designed to target Android devices, according to the research report.

The devices were targeted with 150 APKs – programs for Android devices that allow users to download Gmail attachments to their devices. The researchers found that the APKs resembled a number of fake applications that mimicked legitimate apps found in the official Google Play store, including those for banks and social networks.

Impact

Exposure of sensitive information
Financial loss

Indicators of Compromise

Malware Hash (SHA256)

70e6454910b1c4e1ff1a86a6e7506e6e5c234fca2fe77e44a00287aacc86853e
0bf2fc434ae4ab98e0a25388042ae011048d54404e0b94bd513bd6927d9f918a
934ae455b772165443580610916b3af352c3c46a83cb17cb7f380d6835d84552
b9862f5f097e2c05577b602022ffd7429af448b5ff485bfa8f3d8919d819eec5
299c3916838e527986c5d252322386add8c320a5da2138986a59e2b667a00945
3d32fb91da5ed45ecc8e7880b85e817e05d2134f5ecd69f5b4478be8013ae2da
5627c1d1ea942bab7134396dd7ba89009e6ff921c1e1a608a6dcdbdda2b14744
2a307a34de0b9d33bfc225e60c393c380b981a9fc52ce1277fc30445237f151d
6a7782b019566becbe0a7c06e56abbe54e3d72726f26b1bf95499b21b076d39e
0367d4e913b28fad8c57a37ac21cac5cda347846bb2b0f5d505fa47696ba2f2a
7d49950323cf0eae8b5ae36e4aefc688a1bfa1a651457382e9f9a4a4e28073c1
302c2d88fba26235b3229dd1b146a767449d47ede008556ef0d79a3c7b44d382
6e6dd2329188b334e519845804bef6e52454620dfb37ae46a457a81c478d2f77
dddfcd90fbb5b02756ec03ea75d2d98b6d1f29e14fbdbebfe6e2c77026591056
7659e30f3d8d45d7c595cb03ffe6ad6706b9c4b17d8c284a0fa6c90e226f44e6
f265608593e47c25a6bbdf31179776b401e08f08c4930dcac50684be70aa8902
4748c004a3e4b35b0daddd054e22c393c7c66aaa1d08ee3cba7c3bddc26b0a6f
4727b7727ee4ae5d9f041dc7f066da70b8cfb7417d0904e34b7b4028c38f2c76
8d1cd474f4aefcaf5f2fd6ce890ca49398194c796631b73c090fbcce2ed4f2dc
c63e7ccf63feeaf145c0303bd91bf46f43a4b2170cba0b9939492eae88b0175a
b1a376b1427a0373915f228d51eb26ea6cd009b4dd11796902f3fee6f8af122e
18ab096f1d2cd8a2759204838114e5ab4ff82f07adc8efce393cf5a807790e4d
04957fe15f8d9df2bf03f6660a55dbf57570416cdb4c225203b99a4e5c7d632b
de963c011fad513f8ced3e2911b02bfe514ca8991be31b4338262e76939a5dfa
f446e1c58cd7d8ebbfdfeaa2ae1eabf361e75ecd92dd5b9d9c09fa085949baf7
c92c09e4aaf9c3f9531a92964077d6fa6b118f87f106ee1b7f430a43c783a7f6
28c864aa54ab9c4f2b254258f3db807638becdacd11d23f793978f03863f065d
931d011f1343979f233ec9767005a492e76c5434cf4fd863c9969e8b461c04dd
cccb82d3b9f98b34678333c7f4e3e9fcf00cc2515a2c731965074af2c9f85f00
a70210a109aa4bd9eec9f495378027e9aadd83dc65d5344e26739e98b2e3aa7d
13776897f46add32b1dda3f7862c53bb069ce839334f9b1d7cd7e93cc4b9a3b6
ba3ecf85544e09d4e31b912b19d47728767933ccdc4e1b7c337a7a18ade7aa7d
77d88c936db100e77290abc4131cf41fdc092f77c8fcb488dfc1d08a3937b94c
8c3ac248e798e6f1fb5e349cc558f0b62ed9a23393b4bf11117c1d9de19e57a6
3fcec3bda7d044848a3aaf5f893a319982b545a7736adde036eb47c3bb4ea0d5
2903067271823697876b4c153e0bbc222cb8fdbd1b936fb8cfd5f35ae8401dfa
50c82f9ed9e91a1e10997cc707aec1587c8488c35e7dc76ac3d3d25eb60753b4
bd9ef6aa820164ea76def200f47abad38edbb4a1df13aa602ee8673af85f6aea
00a5f79d610759c6dd88e1c6108be24daad5b18187f0abde7bd9056e0d513ee2
9ff5dc79a6d7d1369ee113b0250a75a5ce3ce9caeb66fc46f602564086c525b5
45c7feeca4784dd6c5bc91d4e02a81d36f9ee56a954730ccc66c7e36671f1c3c
9706ca42aa8fef8a8c9463d647e5ecf7671180024e78988c4e5a36c1d86e0615
d36b04ae800000300c351cee1ee0f708340f9cb5b5da5a9a97799e8368a6a3c4
513c649370052ee0934175854037eac7c2cf5eb147414fa61df42b35530babaf
8fb1f54434f2966751d7ae221466c50e5deb5f51ed6e2a042fd71e3d2a53cf5b
e2e8a472b3bdf1ba785d5e78bb12ecb31f14bfcb43d4d0043b6116fd197f6e33
4f0e801a6d0f4898b0874da31d63d2dda0620e347d72b35f5086fb22cde9a9cd
5f216ae10a3972b5a90d6178f4d6f0d2c995b4248a9f329edbc854ead89ce904
2ba2a567c91086112c63f09ace11d725537dceba1cc56c14fc86d63d1c6585c8
e8bf2615d8d9c3d768f687cd05d0f9305fd3118168d2b94eabdfc365fafc9d06

Remediation

Avoid downloading APKs from third-party sites.
Only install apps from Google Play.
Update your device when prompted.
Backup your personal data regularly.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Multi-Step Hijacking Campaign Targets Systems Using Cobalt Strike and SSLoad – Active IOCs

CVE-2024-20358 – Cisco Adaptive Security Appliance and Firepower Threat Defense Software Vulnerability

Two Cisco Zero-Day Vulnerabilities Used for Espionage by State-Sponsored Threat Actors – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us