• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2018-10902 – IBM Security Guardium Linux Kernel Privilege Escalation Vulnerability
June 28, 2019
Rewterz Threat Advisory – Industrial control Advantech WebAccess/SCADA Multiple Vulnerabilities
June 28, 2019

Rewterz Threat Alert – Riltok Banking Trojan Through Smishing and Social Engineering

June 28, 2019

Severity

Medium

Analysis Summary

A potential victim receives an SMS text containing a malicious link to a fake website (pretending to be a popular ad service). The advertisements attempt to entice the victim into downloading an update for that app. If the victim falls prey to this scheme (allows installation to proceed), they will actually be downloading the banking Trojan. Once installed, the Trojan reaches out to its command and control server in order to receive commands.

Impact

Credential theft

Indicators of Compromise

IP(s) / Hostname(s)

  • 100[.]51[.]100[.]00
  • 108[.]62[.]118[.]131
  • 172[.]81[.]134[.]165
  • 172[.]86[.]120[.]207
  • 185[.]212[.]128[.]152
  • 185[.]212[.]128[.]192
  • 185[.]61[.]000[.]108
  • 185[.]61[.]138[.]108
  • 185[.]61[.]138[.]37
  • 188[.]209[.]52[.]101
  • 5[.]206[.]225[.]57

URLs

  • alr992[.]date
  • avito-app[.]pw
  • backfround2[.]pw
  • background1[.]xyz
  • blacksolider93[.]com
  • blass9g087[.]com
  • brekelter2[.]com
  • broplar3hf[.]xyz
  • buy-youla[.]ru
  • cd78cg210xy0[.]com
  • copsoiteess[.]com
  • farmatefc93[.]org
  • firstclinsop[.]com
  • holebrhuhh3[.]com
  • holebrhuhh45[.]com
  • karambga3j[.]net
  • le22999a[.]pw
  • leboncoin-bk[.]top
  • leboncoin-buy[.]pw
  • leboncoin-cz[.]info
  • leboncoin-f[.]pw
  • leboncoin-jp[.]info
  • leboncoin-kp[.]top
  • leboncoin-ny[.]info
  • leboncoin-ql[.]top
  • leboncoin-tr[.]info
  • myyoula[.]ru
  • sell-avito[.]ru
  • sell-youla[.]ru
  • sentel8ju67[.]com
  • subito-li[.]pw
  • subitop[.]pw
  • web-gumtree[.]com
  • whitehousejosh[.]com
  • whitekalgoy3[.]com
  • youlaprotect[.]ru

Malware Hash (MD5/SHA1/SH256)

  • 0497b6000a7a23e9e9b97472bc2d3799caf49cbbea1627ad4d87ae6e0b7e2a98
  • 417fc112cd0610cc8c402742b0baab0a086b5c4164230009e11d34fdeee7d3fa
  • 54594edbe9055517da2836199600f682dee07e6b405c6fe4b476627e8d184bfe
  • 6e995d68c724f121d43ec2ff59bc4e536192360afa3beaec5646f01094f0b745
  • bbc268ca63eeb27e424fec1b3976bab550da304de18e29faff94d9057b1fa25a
  • dc3dd9d75120934333496d0a4100252b419ee8fcdab5d74cf343bcb0306c9811
  • e3f77ff093f322e139940b33994c5a57ae010b66668668dc4945142a81bcc049
  • ebd0a8043434edac261cb25b94f417188a5c0d62b5dd4033f156b890d150a4c5
  • f51a27163cb0ddd08caa29d865b9f238848118ba2589626af711330481b352df

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about text/emails sent by unknown senders.
  • Never click on the link/ attachments sent by unknown senders.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.