April 26, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – EvilGnome Rare Malware Spying on Linux Desktop Users
July 18, 2019Rewterz Threat Advisory – CVE-2019-1917 – Cisco Vision Dynamic Signage Director REST API Authentication Bypass Vulnerability
July 18, 2019Rewterz Threat Alert – EvilGnome Rare Malware Spying on Linux Desktop Users
July 18, 2019Rewterz Threat Advisory – CVE-2019-1917 – Cisco Vision Dynamic Signage Director REST API Authentication Bypass Vulnerability
July 18, 2019
Severity
High
Analysis Summary
“Sea Turtle” DNS hijacking campaign and their continuing efforts to compromise victims. The operators behind the campaign have adopted a new DNS hijacking technique that involves modifying the target domain’s name server records to point legitimate users to the actor-controlled server. Once in control of the victim’s DNS, the attackers redirect their traffic to malicious websites and email servers. This would facilitate a man-in-the-middle attack against the victim or potentially allow the attacker to harvest credentials.
Impact
DNS hijacking
Indicators of Compromise
IP(s) / Hostname(s)
- 185[.]64[.]105[.]100
- 178[.]17[.]167[.]51
- 95[.]179[.]131[.]225
- 140[.]82[.]58[.]253
- 95[.]179[.]156[.]61
- 196[.]29[.]187[.]100
- 188[.]226[.]192[.]35
- 45[.]32[.]100[.]62
- 95[.]179[.]150[.]101
URLs
- ns1[.]intersecdns[.]com
- ns2[.]intersecdns[.]com
- ns1[.]rootdnservers[.]com
- ns2[.]rootdnservers[.]com
Remediation
- Search for these IOC’s in your respective environment.
- Block all threat indicators at your respective controls.