April 18, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – ICS: Sierra Wireless AirLink ALEOS
April 24, 2020Rewterz Threat Alert – Malicious URLs Using Covid-19
April 24, 2020Rewterz Threat Advisory – ICS: Sierra Wireless AirLink ALEOS
April 24, 2020Rewterz Threat Alert – Malicious URLs Using Covid-19
April 24, 2020
Severity
Medium
Analysis Summary
NanoCore is high-risk trojan, a remote access tool (RAT). In most cases, this malware is proliferated using spam email campaigns. Criminals send thousands of deceptive emails that contain malicious attachments. Once opened, these files immediately infect computers with viruses such as NanoCore. The presence of this malware can cause serious issues, since the malware distributor gains remote access to the infected system.
Impact
- Credential theft
- Exposure of sensitive information
Indicators of Compromise
URL
- http[:]//siwakotimanpower[.]com/fontconfig[.]exe
- http[:]//sarvghamatan[.]ir/zss/hl[.]exe
- http[:]//www[.]apexsruveyors[.]com/date/eat[.]png
- https[:]//13pope[.]com/wrd/receipt[.]exe
- https[:]//13pope[.]com/wrd/order_evoucher[.]exe
- http[:]//zeytinyagisabun[.]com/winx22[.]exe
- http[:]//13pope[.]com/wrd/order_evoucher[.]exe
- http[:]//13pope[.]com/wrd/receipt[.]exe
- https[:]//uctscf[.]co[.]za/Invo[.]exe
- https[:]//uctscf[.]co[.]za/Amo[.]exe
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.