April 23, 2024

April 23, 2024

MeterPreter Malware – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

April 23, 2024

Industrial-Scale Data Theft by ToddyCat Threat Group Using Sophisticated Tools – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

April 23, 2024

APT28 Propagates ‘GooseEgg’ Malware by Leveraging Windows Print Spooler Vulnerability – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

April 23, 2024

MeterPreter Malware – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

April 23, 2024

Industrial-Scale Data Theft by ToddyCat Threat Group Using Sophisticated Tools – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

April 23, 2024

APT28 Propagates ‘GooseEgg’ Malware by Leveraging Windows Print Spooler Vulnerability – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

Rewterz Threat Alert – Malicious IPs and Domains

March 19, 2019

Rewterz Threat Alert – CEO Fraud Themed Phishing Email

March 20, 2019

Rewterz Threat Alert – Multiple Phishing Campaigns – Indicators of Compromise

March 19, 2019

Severity

Medium

Analysis Summary

Following threat indicators have been retrieved from multiple malware and phishing campaigns. These malicious IPs and domains are involved in dropping various Trojans and malware.

Impact

Olympic Destroyer
AutoIT malware

Indicators of Compromise

IP(s) / Hostname(s)	159.148.186[.]116 5.133.12[.]224 86.96.193[.]134
URLs	accountservice[.]org ilmuniversityonline[.]com newage[.]minernewage[.]com newage[.]newminersage[.]com newage[.]radnewage[.]com
Filename	verclsid.exe streamer.exe stream.txt
Malware Hash (MD5/SHA1/SH256)	02017a5216d0726471de5ecca0610fa25d946148476b6af172c786b29b87c88e 09fa321c109450dba8b97f8b8e268e9a8e996b3febc0f02127927a8a3d314269 51a32b51cd38c043944c85095e518f33685f68125e1bd388fcdaee6b12a696d5 893b978f47cd4c2f30e1f5e3bb75bee9aa996ddb12e79f882bfbb2f5d53d1a64 aac65773727c6eb86accd7b3905da6d2dbfc945fe57101f86bb5ceba12db1496 ac17114be068f1cdfe1e660ddbe78dd73f8d7259be0fcd5a64cb4df8b9611daf b85027de6871e2ed1a2154edb645fd016807989b44107fc2804eb6e9acce3b9d c0137e41f9d1b165c57e76714bb44e4ca4de2f8f83f6fd4bd34c90ed01553764 77c2372364b6dd56bc787fda46e6f4240aaa0353ead1e3071224d454038a545e b4d8d7cbec7fe4c24dcb9b38f6036a58b765efda10c42fce7bbe2b2bf79cd53e

Block the threat indicators at their respective controls.
Keep operating system patches up-to-date.
Never click on the links/attachments sent by unknown senders.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

MeterPreter Malware – Active IOCs

Industrial-Scale Data Theft by ToddyCat Threat Group Using Sophisticated Tools – Active IOCs

APT28 Propagates ‘GooseEgg’ Malware by Leveraging Windows Print Spooler Vulnerability – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

MeterPreter Malware – Active IOCs

Industrial-Scale Data Theft by ToddyCat Threat Group Using Sophisticated Tools – Active IOCs

APT28 Propagates ‘GooseEgg’ Malware by Leveraging Windows Print Spooler Vulnerability – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Malicious IPs and Domains

Rewterz Threat Alert – CEO Fraud Themed Phishing Email