• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – ICS: Medtronic Conexus Radio Frequency Telemetry Protocol
February 7, 2020
Rewterz Threat Alert – Emotet/TrickBot Malware Recent Samples – IoCs
February 10, 2020

Rewterz Threat Alert – MINEBRIDGE Targets Finance Sector

February 7, 2020

Severity

Medium

Analysis Summary

The financial services sector in the U.S. found itself under a barrage of cyberattacks last month, all bent on delivering a powerful backdoor called Minebridge. The attack chain employed a known method called “VBS Stomping” to avoid detection. the campaigns, aimed at enabling further malware infections and espionage efforts, were initiated via phishing emails with attached documents containing malicious macros. The emails were coming from fake domains that were geared to add legitimacy to the messages, resulting in a convincing theme running throughout the proceedings.

The Minebridge Payload

The ultimate goal of the document is to infect victims with the Minebridge backdoor. It’s a powerful piece of malware that gives attackers full control of the target environment. Its C2 commands include downloading and executing other malware, downloading arbitrary files, self-deletion and updating, process listing, shutting down and rebooting the system, executing arbitrary shell commands, process elevation, turning on/off TeamViewer’s microphone and gathering system information.

Picture1a.png
Picture2.png

Impact

Complete takeover of the target environment

Indicators of Compromise

MD5

  • 05432fc4145d56030f6dd6259020d16c
  • 0be9911c5be7e6dfeaeca0a7277d432b
  • 0dd556bf03ecb42bf87d5ea7ce8efafe
  • 15edac65d5b5ed6c27a8ac983d5b97f6
  • 1e9c836f997ddcbd13de35a0264cf9f1
  • 21aa1066f102324ccc4697193be83741
  • 22b7ddf4983d6e6d84a4978f96bc2a82
  • 2333fbadeea558e57ac15e51d55b041c
  • 2b9961f31e0015cbcb276d43b05e4434
  • 2c3cb2132951b63036124dec06fd84a8
  • 4de9d6073a63a26180a5d8dcaffb9e81
  • 505ff4b9ef2b619305d7973869cd1d2b
  • 52d6654fe3ac78661689237a149a710b
  • 53e044cd7cea2a6239d8411b8befb4b7
  • 5624c985228288c73317f2fa1be66f32
  • 598940779363d9f4203fbfe158d6829b
  • 60bdea2c493c812428a8db21b29dd402
  • 681a77eba0734c0a17b02a81564ae73f
  • 6b7d9268c7000c651473f33d088a16bd
  • 6d6f50f7bba4ae0225e9754e9053edc0
  • 6de77c1b4e8abaaf304b43162252f022
  • 7004fadfa572d77e24b33d2458f023d1
  • 71988460fd87b6bff8e8fc0f442c934b
  • 722981703148fa78d41abbae8857f7a2
  • 818f7af373d1ec865d6c1b7f59dc89e5
  • 832052b0f806f44b92f6ef150573af81
  • 836125ae2bed57be93a93d18e0c600e8
  • 86d60bce47c9bb6017e3da26cab50dcf
  • 8919458aec3dcc90563579a76835fc54
  • 8d7e220af48fceee515eb5e56579a709
  • 91b8ec04d8b96b90ea406c7b98cc0ad6
  • 959eb0696c199cbf60ec8f12fcf0ea3c
  • 95ec5e8d87111f7f6b2585992e460b52
  • 9606cf0f12d6a00716984b5b4fa49d7d
  • 9f7fed305c6638d0854de0f4563abd62
  • a11c0b9f3e7fedfe52b1fc0fc2d4f6d1
  • a47915a2684063003f09770ba92ccef2
  • a917b2ec0ac08b5cde3678487971232a
  • ad06205879edab65ed99ed7ff796bd09
  • ad910001cb57e84148ef014abc61fa73
  • b1ce55fca928cf66eaa9407246399d2c
  • b9249e9f1a92e6b3359c35a8f2a1e804
  • bd6880fb97faceecf193a745655d4301
  • be2597a842a7603d7eb990a2135dab5e
  • cf5470bfe947739e0b4527d8adb8486a
  • d593b7847ec5d18a7dba6c7b98d9aebf
  • d7ee4ffce21325dfe013b6764d0f8986
  • de4d7796006359d60c97a6e4977e4936
  • e0069cd3b5548f9fd8811adf4b24bf2e
  • e1ea93fa74d160c67a9ff748e5254fe0
  • ea15d7944c29f944814be14b25c2c2b1
  • f22a4abd5217fa01b56d064248ce0cc5
  • f3cb175e725af7f94533ecc3ff62fa12
  • f6533e09a334b9f28136711ea8e9afca
  • f7daaea04b7fe4251b6b8dabb832ee3a
  • fb1555210d04286c7bcb73ca57e8e430
  • 01067c8e41dae72ce39b28d85bf923ee
  • 1601137b84d9bebf21dcfb9ad1eaa69d
  • 1c883a997cbf2a656869f6e69ffbd027
  • 2ed49bd499c9962e115a66665a6944f6
  • 3b948368fe1a296f5ed18b11194ce51c
  • 4148281424ff3e85b215cd867746b20c
  • 54f22fbc84f4d060fcbf23534a02e5f6
  • 5a3d8348f04345f6687552e6b7469ac1
  • 607d28ae6cf2adb87fcb7eac9f9e09ab
  • 9ba3275ac0e65b9cd4d5afa0adf401b4
  • 9becd2fd73aa4b36ad9cd0c95297d40b
  • 9cce3c9516f0f15ce18f37d707931775
  • 9faf9e0c5945876c8bad3c121c91ea15
  • a37e6eeb06729b6108649f21064b16ef
  • ab8dc4ba75aad317abb8ee38c8928db0
  • b8817253288b395cb33ffe36e0072dc9
  • cb5e5d29f844eb22fecaa45763750c27
  • cffda37453e1a1389840ed6ebaef1b0d
  • dc0e1e4ec757a777a4d4cc92a8d9ef33
  • e5c7e82670372e3cf8e8cab2c1e6bc17
  • f93062f6271f20649e61a09c501c6c92

SHA-256

  • 182ccc7f2d703ad732ffee0e1d9ae4ae5cf6b8817cc33fd44f203d31868b1e97
  • 65ead629a55e953b31668aac3bd373e229c45eb1871d8466f278f39ebcd5d26b
  • 48f6810e50d08c2631f63aae307a7724dba830430f5edd4b90b4b6a5b3c3ca85
  • 03ff2b3067aa73ecd8830b6b0ea4f7cfa1c7476452b26227fb433265e7206525
  • 23da418912119a1358c9a1a4671ba60c396fff4c4de225fe6a225330147549a7
  • 86d839e1d741445f194965eee60d18bd292bec73e4889089e6caf9877581db12
  • fc39cb08cae90c661e00718e2a0051b5de3dcb7cddde919b9ffd2d79bf923d1f
  • 57671d5154e707da0ee6139485f45a50fa9221852ebb65781d45a2660da7d0cb
  • e41b89869c2b510c88acd1ed9fd4a6dfe89222a81c6c1241a69af3b7f812f712
  • b6dbb902125e7bf6f6701b654cbff4abaf2e853441cf34045ac19eff5ed8ce84
  • 7b1d4774176976ffcb2075889557f91a43c05fb13f3bc262bbaec4d7a0a827e6
  • abb05ba50f45742025dd4ebff2310325783da00fb7bc885783e60a88c5157268
  • d6a0e62fe53116c9b5bccd2a584381e2ca86e35490d809ce1900603d5e6b53eb
  • 6e76d648d446e6a70acdd491f04c52d17f9f0e1ef34890c6628c4f48725b47c8
  • 99559a5f06b0279ed893d2799b735dae450a620f6cea2ea58426d8b67d598add
  • 1358b0ccae9dbb493228dc94eb5722c8d34c12227a438766be83df8c1c92a621
  • 383c86deed8797e0915acf3e0c1b6a4142c2c5ecb5d482517ed2ade4df6f36fd
  • 0aaa66dc983179bffdb181079f3b786b6cd587c38c67ba68b560db0bd873278a
  • 6e39ffecab4ca0bd7835a2e773ebfc3f6d909a0a680f898e55f85ed00728666d
  • ddf33eff293ffc268dfd0a33dddef97aefe9e010ec869dc22c221d197eb85740
  • 8f50ddc1519e587597882a6bd0667653c36a8064b56ee5ff77665db2faf24710
  • cccd6b46f950caec5effdd07af339be78691974fec5f25d923932b35edb95c4a
  • 8167d41ad30f5d451791878815e479965b2f5213231f26819ecaf4fcc774ab12
  • a3070ee10dd5bcd65a45b72848c926db2602e5297641452edff66e7133cdce9c
  • cbe4b73c0c95c207ccde9d9bd80f541cf90cad18ba5abc3fe66a811ead1601c2
  • e162a70a6e27fe23379d3a17a3a727d85a94b79416d81ec3b4ea80d329e96830
  • 0fbde653bef4642626f2996a41a15a635eb52cd31eacce133d28301b902d67df
  • 6c134908ad74dfa1468a1166e7d9244695f1ffeff68bfd4eec4b35820b542b8a
  • aad0537924bacddd0d5872f934723e765dbb182f2804c6f594f9b051937495ec
  • 3eefa7072344e044c0a6abb0030f3f26065bf6a86bb50ea38473dd7ac73904fb
  • 0520e68a4b73c3b41e566cf07be54e1f1cb59c59c303fe3390e0687f9af1a58a
  • ccb5f8734befd6ab218513e16a57679a8fb43b2732e19233ee920d379045e318
  • 3f8e38ccf71f122b65fdc679db13e3de3bb4b4fc04b8ab6f955d02e0bca10fae
  • f4f062fd7b98365ed6db993b1da586dd43e5cdcc2f00a257086734daf88c9abb
  • 6c5f72ddf0262838a921107520cdc12ba8e48dbafab4a66732a350095dd48e9f
  • d35ac29ea6e064b13d56f6a534022f253cf76b98e10a7ea1cbfa086eefd64f4b
  • 7b16ce0d2443b2799e36e18f60fe0603df4383b1a392b0549c3f28159b1ca4d4
  • 8578bff803098bf5ca0d752d0a81f07659688a32cbfc946728e5ab0403f5c4ba
  • d560f8717f4117d011f40c8880081d02d1455a41c93792e1600799d3e5ee9421
  • c9a6f7b0603779690c1d189850403f86608a3c5e1cd91e76fd31c4f119ae256b
  • c6214ec7909ce61d6ec3f46f5a7ec595d8cc8db48965c5baee8a346632cbe16d
  • 0695e5e49a297c980b96f76bf10e5540de188d6a6a162e38f475418d72a50032
  • 23840c587e4e9588b3d0795d4d76a4f3d4d5b2e665ce42dde0abcd1e0a2ba254
  • 6288d3de1f1aa05fa0a5f0c8eb9880d077f034fc79fc20f87cbfcc522aa803cb
  • 6357fdb8f62948d489080b61caf135e6aaba32dcdb7dc49b0efafef178b3b54f
  • 5df3a6afb1a56fa076c6db716d5a050455158941ec962546a8799fc80ccfa573
  • 92e94482dee75261c8ebdcbb7ace382a097cca11bcdc675bbe2d7b3f67525f84
  • ee8ba1c5329d928d542bfa06eec2c0a3e3b97dcc20382ddbc27bc420ceaeb677
  • 6046d6aed3f4ee2564d6be540d46bcdc0bebce11a1ced4b9ddbfa1a41084411c
  • 92c10ef23209e09abb17e41d67301f0e3f7d9e7ddfc7c1a66140c4986d72bee7
  • 5898b41ca4f4777ad04d687f93548129ccb626d2f5e6e100b0a037c3d40a7444
  • 858b4070f8b83aa43fd6a5189a8ed226ce767a64972db893e36550a25b20be94
  • 5a5385df469459cd56f6eecbf4b41b8c75aa17220c773501eaec22731f3a41bb
  • 9136c36ccd0be71725e8720a6cfdbdd38d7eea3998228c69ed4b52e78ba979c4
  • 6abd90d718113482a5bcd36e35b4ea32c469f94fc2cfb9c1c98214efbf64c352
  • 36da56815dc0c274fc8aacdfffbc4d5e500025ccd1147cad513d59b69ab955d

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.