April 19, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – MedusaLocker Ransomware Infecting Victims Worldwide
October 23, 2019Rewterz Threat Alert – CES Themed Targeting from Lazarus
October 24, 2019Rewterz Threat Alert – MedusaLocker Ransomware Infecting Victims Worldwide
October 23, 2019Rewterz Threat Alert – CES Themed Targeting from Lazarus
October 24, 2019
Severity
Medium
Analysis Summary
IconDown Downloader used by Attack Group BlackTech targeting different Japanese organizations. Although it has not been confirmed by what means IconDown is installed / executed, according to the blog published by ESET, it has been confirmed that the update function of ASUS WebStorage is exploited. It is said that. This time, details of IconDown confirmed in the Japanese organization.
Indicators of Compromise
Domain Name
panasocin[.]com
Hostname
update[.]panasocin[.]com
SHA256
- 2e789fc5aa1318d0286264d70b2ececa15664689efa4f47c485d84df55231ac4
- 6bf301b26a919f86655e4ccb20237cc3b6b6888f258d96aac4d62df7980e51a5
- 634839b452e43f28561188a476af462c301b47bddd0468dd8c4f452ae80ea0af
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.