• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Agent Telsa Keylogger & NanoCore RAT Malware – Indicators of Compromise
July 1, 2019
Rewterz Threat Alert – Ratsnif – OceanLotus’s New Network Vermin
July 2, 2019

Rewterz Threat Alert – GreenFlash Sundown Exploit Kit Delivered Through Malspam Campaign

July 2, 2019

Severity

Medium

Analysis Summary

A malvertising campaign being used to distribute the GreenFlash Sundown exploit kit. The compromise begins when the user visits a website hosting malvertising ads, in this case, an online video conversion tool. The malicious ad on the website is a gif containing obfuscated JavaScript that redirects a user to a remote site. This site eventually loads a Flash object from the website that performs an additional redirect to a domain associated with the GreenFlash Exploit Kit. It exploits a Flash vulnerability in order to execute PowerShell on a victim system. The PowerShell first performs checks to make sure that the host is not a virtual machine. If the checks pass, the exploit kit drops and executes its payloads on the system. It is found that the SEON ransomware is delivered to encrypt the victim’s files. At the same time, the Pony stealer and a coin miner are also executed on the system. The researchers note that this campaign largely impacted North America and Europe, which is unusual as the GreenFlash Sundown EK had previously only affected Asian countries.

Impact

File encryption

Indicators of Compromise

URLs

  • http[:]//accomplishedsettings[.]cdn-cloud[.]club/
  • http[:]//adsfast[.]site/
  • https[:]//fastimage[.]site/
  • ad4989[.]world
  • adsfast[.]info
  • adsfast[.]site
  • cdn-cloud[.]club
  • fastimage[.]site

Malware Hash (MD5/SHA1/SH256)

  • 58002d0b8acd1a539503d8ea02ff398e7ad079e0b856087f0ca30d767588be4e
  • 591e7f5eb141c22919a406508f63a558e3bd732fe38844cedbbea938d666e78b
  • 9ff00b46b949bd76923137c0b0ed3cd4e252d6e88a55e9b4798525fa40164850
  • a89591555b9acb65353c2b854e582bc41db2fbc0eda2210b89a877d1862084df
  • c772bdf4bd05ab63d90f4399e97a1d7eec2891c221739e3b843f9a8c9eddf4d3
  • aeb073b5ee2e083aba987c7fcaab7265aabe6e5e2cade821db6d46e406e21e95

Remediation

Block all threat indicators at your respective controls.

  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.