April 19, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – HTML Phishing Leading to Trickbot
June 28, 2019Rewterz Threat Alert – Hidden Bee Malware Targeting Asia-Pacific Region
July 1, 2019Rewterz Threat Alert – HTML Phishing Leading to Trickbot
June 28, 2019Rewterz Threat Alert – Hidden Bee Malware Targeting Asia-Pacific Region
July 1, 2019
Severity
Medium
Analysis Summary
A malware sample from the recent compromise of a North American hospitality merchant and identified the malware as a variant of the Alina Point-of-Sale (POS) malware family. Alina dates back to at least 2013, and is one of many malware strains that possesses a Random Access Memory (RAM) scraper, which is specifically designed to steal payment account information from the memory, or RAM, of the targeted system.
Impact
Exposure of sensitive information
Indicators of Compromise
Malware Hash (MD5/SHA1/SH256)
- 176633d74a4a93fe0a76d59175ce54bc
- 02783a013d8d65e38c13dcc02f3e689e3c7f2c71
- 0ae4740e74f7350adb13b23e5a2094b2821aafb49ec122a789b1e98ee93458fd
- b62b0a7907bec6f7dd0cc88854fbd407
- 1f62704a9f9ea87d3f8dd0f296bd602294168632
- c0b4ab7a897102ceea5ce82a36018cb5d20806dd47db61484c4ea8e331a423c7
- 3b016d76fc60cc9c46da6fa10efd0315
- 93c33ae5035bee6da2bf10784df1b8d32db416f9
- 804559ea57381bd6c2301d0c9393cf3768e54455ece74acdb99bb307f80494eb
- 97a95075ec7dc0edac17864cb1ba5a5d
- 985bff8d5a8346fc514048fd25920811f602adb0
- 83e3df5ec961ce9b24588ba95025ce94e34c319a8afa30fab2b7cca10c0ef904
- f49c6afd16afcc5507e0aa7acb64f06f
- 43d80e5f8416185473dcaf83cb7f160d1eceefd2
- c7d23247432db58196e46661d9abe440a36d478fe9142da1ed73c37978e905c0
- 17777257e2bf877c5490619354b8116b
- 6fdd747d03ac7d52fcb9f9e05c7d96214426ae4d
- da4f5802f333e96e2263080e8b8cf50db25aaab98d883f85724df63ce7111e12
- dca7c29a79d21bfe9081e4c227bdad79
- 7ad0c94e3eeab05b5add22d9b1cf614848b06a13
- 30feb4ec6cab08452f5fa15e6c07df09777b90c4557f23e5be56eed433278800
- c84b393b2628ecd4df1b4f10913c6370
- 1e3d0d2f7bc06aeda6a61a13e33013e025daa1aa
- 6c6166c356ee2f92b32ad597edcdb34309ba4e7b281801b85fab95a6543a97db
- cfba66f4ccdb5a0502ba90411c29803d
- ada32f0903829e64ebd2dd57da5c5f34cb83183d
- fd0e0f20ba1408080d0ff055aaac416a4ac53e958c0d2ec53de076787c125272
- dd6e1bc77e1b0ad291126ed4175ba48d
- 968b8b8926ec1514dc053d8a29b41bcabada6825
- c01a7be3a05a1971acffea1e8399f18ed627277321236a497700bbf32c08ec3c
- 07420893a9136686d9040b9c3fe7249d
- edf27025d326ea84fae1ef3925823d7a91f5b9d6
- 23668f38b9a10859302070a606cabd313e1b84ed5be81bd26c2d9bda29ebffa9
- d000bd7c56811eec4067a4b7401bcb38
- f5e89c72f62ea9a51161b2e1407c719903308e41
- c55b2f3b67108a58c4cb81c3550115956cb07139e39a37ce9eb57ff4fb41d832
Remediation
Block all threat indicators at your respective controls.