• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – Microsoft PowerShell Core Multiple Vulnerabilities
May 24, 2019
Rewterz Threat Alert – Shade Ransomware Hits High-Tech, Wholesale & Education Sectors in Multiple Countries
May 24, 2019

Rewterz Threat Alert – Shade Ransomware Hits High-Tech, Wholesale & Education Sectors in Multiple Countries

May 24, 2019

Severity

Medium

Analysis Summary

Shade ransomware has been targeting hosts running Microsoft Windows, since 2014. It is also known as Troldesh. Distributed through Russian language as well as English language malspam campaigns and exploit kits, Shade ransomware encrypts files on your computer and appends an extension .crypted000007 with the name of each encrypted file.

image-1558692283.png

When a Windows host is infected with Shade ransomware, its desktop background announces the infection, and ten text files appear on the desktop named README1.txt through README10.txt as shown in Figure 1.

image-1558692388.png
fig. 1

These readme text files are the ransom notes as shown below:

image-1558692828.png

The Malspam-based infections for Shade ransomware involve a JavaScript (.js) or other type of script-based file disguised as an invoice or bill. In some cases, Shade malspam has links for these script-based files. In other cases, the files are directly attached to the emails within a zip file or other type of archive.

Shade ransomware’s favorite victims fall under High Tech category in many countries including U.S, Japan, India, Thailand, Canada.

Impact

  • Files Encryption
  • Loss of Information
  • Financial Loss

Indicators of Compromise

URLs

  • hxxp[:]//333media[.]co[.]uk/[.]tmb/inf[.]inf
  • hxxp[:]//abcstudio[.]sk/wp-content/themes/fusion-base/fonts/msg[.]jpg
  • hxxp[:]//abyaz[.]ir/wp-content/themes/woodstock/js/1[.]pdf
  • hxxp[:]//acffiorentina[.]ru/assets/1[.]pdf
  • hxxp[:]//actinix[.]com/wp-content/themes/ultra/images/msg[.]jpg
  • hxxp[:]//adelekeoluwakemiandco[.]com/wp-content/themes/twentyseventeen/inc/inf[.]inf
  • hxxp[:]//agava[.]ee/wp-content/themes/graphene/bootstrap-rtl/1[.]pdf
  • hxxp[:]//alpadegra[.]pe/wp-content/themes/mesmerize/customizer/css/hp[.]gf
  • hxxp[:]//ambulatorium[.]sk/wp-admin/css/colors/blue/hp[.]gf
  • hxxp[:]//amsr[.]ma/templates/businessplan/html/com_contact/categories/msg[.]jpg
  • hxxp[:]//andyburkholder[.]com/wordpress/wp-admin/css/colors/blue/hp[.]gf
  • hxxp[:]//andyliotta[.]com/wp-content/themes/musicpro/js/cookie/msg[.]jpg
  • hxxp[:]//anselmi[.]at/templates/rt_hadron/css-compiled/hp[.]gf
  • hxxp[:]//anyadavidson[.]com/wordpress/wp-admin/css/colors/blue/hp[.]gf
  • hxxp[:]//app[.]expalglobal[.]com/upload/items/img/1[.]pdf
  • hxxp[:]//arbanstore[.]com/wp-admin/css/colors/blue/hp[.]gf
  • hxxp[:]//arbanstore[.]com/wp-admin/css/colors/blue/inf[.]inf
  • hxxp[:]//archiaidbd[.]com/templates/shaper_helix3/css/presets/inf[.]inf
  • hxxp[:]//ascentprint[.]ru/scripts/1[.]pdf
  • hxxp[:]//auroradx[.]com/adxwp/wp-content/backups-dup-pro/tmp/gr[.]mpwq
  • hxxp[:]//auroradx[.]com/adxwp/wp-content/nfwlog/cache/hp[.]gf
  • hxxp[:]//automodernshop[.]com/[.]quarantine/inf[.]inf
  • hxxp[:]//b-compu[.]de/templates/conext/content_images_source/msg[.]jpg
  • hxxp[:]//b-compu[.]de/templates/conext/html/com_contact/contact/msg[.]jpg
  • hxxp[:]//balloflightning[.]com/wp-content/themes/vigilance/css/msg[.]jpg
  • hxxp[:]//bamferproductions[.]com/GeneratedItems/1[.]pdf
  • hxxp[:]//banzay[.]com/wp-content/themes/di-blog/languages/msg[.]jpg
  • hxxp[:]//bbbrown[.]com/wp-content/themes/twentyten/languages/msg[.]jpg
  • hxxp[:]//berkaytulpar[.]com[.]tr/inf[.]inf
  • hxxp[:]//bitcoinqrgen[.]com/wp-content/ai1wm-backups/hp[.]gf
  • hxxp[:]//bjlaser[.]com/templates/outsourcing-fjt/html/com_contact/contact/msg[.]jpg
  • hxxp[:]//britishcollege[.]edu[.]lk/[.]well-known/acme-challenge/inf[.]inf
  • hxxp[:]//bursabowling[.]com/templates/rt_myriad/custom/1[.]pdf
  • hxxp[:]//canadianpricespharmacy[.]xyz/wp-content/themes/maxshop/images/hp[.]gf
  • hxxp[:]//capablecanines[.]org/wp-content/themes/Divi/css/hp[.]gf
  • hxxp[:]//clubdelideres[.]org/font-awesome/css/hp[.]gf
  • hxxp[:]//coastalcrestgroup[.]com/wp-content/themes/betheme/assets/animations/hp[.]gf
  • hxxp[:]//conozcatlanta[.]com/[.]well-known/acme-challenge/hp[.]gf
  • hxxp[:]//consultantlegality[.]com/wp-content/themes/llorix-one-lite/css/hp[.]gf
  • hxxp[:]//costiran[.]com/wp-admin/css/colors/blue/inf[.]inf
  • hxxp[:]//crlagoa[.]cdecantanhede[.]pt/wp-admin/css/colors/blue/hp[.]gf
  • hxxp[:]//customercarelist[.]info/wp-content/themes/Newspaper/parts/footer/hp[.]gf
  • hxxp[:]//cvpass[.]net/wp-content/themes/twentyseventeen/assets/css/inf[.]inf
  • hxxp[:]//damyo[.]co[.]kr/wp-content/themes/enfold/config-gravityforms/hp[.]gf
  • hxxp[:]//damyo[.]co[.]kr/wp-content/themes/enfold/lang/hp[.]gf
  • hxxp[:]//davanaweb[.]com/wp-content/themes/arras-theme/@eaDir/hp[.]gf
  • hxxp[:]//davidgillettephotography[.]com/wp-content/themes/boilerplate/boilerplate-admin/inf[.]inf
  • hxxp[:]//demo[.]art-of-digital[.]com/yoga/2018/12/24/live-a-perfect-life/feed/inf[.]inf
  • hxxp[:]//dicaconsultores[.]com/wp-content/themes/empowerment/inc/msg[.]jpg
  • hxxp[:]//dnz17[.]in[.]ua/tmp/inf[.]inf
  • hxxp[:]//dongavienthong[.]com/wp-includes/ID3/inf[.]inf
  • hxxp[:]//donmago[.]com/wp-content/themes/betheme/js/parallax/msg[.]jpg
  • hxxp[:]//dresscollection[.]ru/errors/default/css/msg[.]jpg
  • hxxp[:]//ekolog[.]org/687a0eb9e70069aa3c7f5a7bc1b08bf0/msg[.]jpg
  • hxxp[:]//elurnsummit[.]com/wp-content/themes/writee/templates/inf[.]inf
  • hxxp[:]//emfbd[.]org/wp-content/themes/frontier/includes/genericons/hp[.]gf
  • hxxp[:]//enaghsh[.]ir/wp-content/themes/mweb-digiland/dokan/hp[.]gf
  • hxxp[:]//entrepreneurspider[.]com/wp-content/themes/astra/languages/inf[.]inf
  • hxxp[:]//escwireless[.]com/templates/jm-0013/css/gr[.]mpwq
  • hxxp[:]//eurotecheu[.]com/wp-content/themes/skt-solar-energy/js/inf[.]inf
  • hxxp[:]//farmworldtech[.]com/wp-content/themes/generatepress/inc/customizer/controls/css/1[.]pdf
  • hxxp[:]//fcbiolog[.]com/errordocs/style/inf[.]inf
  • hxxp[:]//fenapro[.]org[.]br/templates/ja_edenite/css/colors/msg[.]jpg
  • hxxp[:]//flashsale88[.]com/wp-admin/css/colors/blue/inf[.]inf
  • hxxp[:]//flirtwithclassdemo[.]racevmarketing[.]com/wp-admin/css/colors/blue/1[.]pdf
  • hxxp[:]//foodera[.]co/wp-admin/css/colors/blue/1[.]pdf
  • hxxp[:]//forestandseaclub[.]racevmarketing[.]com/wp-content/cache/et/26/1[.]pdf
  • hxxp[:]//frenchdoitbetter[.]my/wp-includes/ID3/hp[.]gf
  • hxxp[:]//gimnazjum-zawichost[.]pl/dokumenty/mlody_naukowiec/msg[.]jpg
  • hxxp[:]//gpcezhukone[.]org/templates/rt_audacity/html/com_content/archive/hp[.]gf
  • hxxp[:]//greenerpathway[.]info/wp-admin/css/colors/blue/gr[.]mpwq
  • hxxp[:]//grunert[.]biz/wp-content/themes/sydney/languages/hp[.]gf
  • hxxp[:]//hamayeshgroup[.]com/[.]well-known/pki-validation/inf[.]inf
  • hxxp[:]//hitechontheweb[.]com/wp-content/themes/advanced-twenty-seventeen-child/template-parts/footer/inf[.]inf
  • hxxp[:]//importfish[.]ru/dynamic/msg[.]jpg
  • hxxp[:]//inhome[.]theadleaf[.]net/wordpress/inf[.]inf
  • hxxp[:]//innovationsolarinc[.]com/wp-content/themes/isi/bbpress/inf[.]inf
  • hxxp[:]//instanttechnology[.]com[.]au/wp-content/themes/skyline/inc/footers/inf[.]inf
  • hxxp[:]//invokeshop[.]com/wp-content/ai1wm-backups/inf[.]inf
  • hxxp[:]//iqra[.]tn/fbs/hp[.]gf
  • hxxp[:]//iqra[.]tn/wp-admin/css/colors/blue/hp[.]gf
  • hxxp[:]//isfacca[.]ir/IrSans/css/inf[.]inf
  • hxxp[:]//jazarah[.]net/wp-content/themes/truemag/admin/assets/css/msg[.]jpg
  • hxxp[:]//jbrealestategroups[.]com/wp-content/themes/bridge/export/msg[.]jpg
  • hxxp[:]//jgcarpetcleaning[.]com/wp-content/themes/bb-theme/classes/1[.]pdf
  • hxxp[:]//joeksdj[.]nl/VT555/_vti_cnf/msg[.]jpg
  • hxxp[:]//kean3[.]com/[.]well-known/pki-validation/hp[.]gf
  • hxxp[:]//khabbas[.]com/wp-content/themes/twentyseventeen/inc/hp[.]gf
  • hxxp[:]//kokkelering[.]no/wp-content/themes/Divi/core/admin/css/inf[.]inf
  • hxxp[:]//koren[.]cc/wp-content/themes/twentyseventeen/template-parts/footer/inf[.]inf
  • hxxp[:]//languardia[.]ru/wp-content/languages/plugins/msg[.]jpg
  • hxxp[:]//leamoreconstruction[.]com/wp-content/themes/buildplus/admin/1[.]pdf
  • hxxp[:]//liliatomova[.]com/wp-includes/ID3/1[.]pdf
  • hxxp[:]//linetours[.]ru/wp-content/themes/untitled/styles/msg[.]jpg
  • hxxp[:]//louismoreno[.]com/wp-content/themes/asterion/page-templates/msg[.]jpg
  • hxxp[:]//magicsounds[.]net/wp-admin/css/colors/blue/1[.]pdf
  • hxxp[:]//mail[.]333media[.]co[.]uk/public_html/plugins/acl/localization/inf[.]inf
  • hxxp[:]//mail[.]360cleaning[.]co[.]uk/skins/classic/images/buttons/hp[.]gf
  • hxxp[:]//mail[.]360cleaning[.]co[.]uk/wp_caden_package_1[.]3/Licensing/inf[.]inf
  • hxxp[:]//mail[.]creativerentacar[.]com/installer/images/inf[.]inf
  • hxxp[:]//mail[.]creativetravelworld[.]com/plugins/acl/localization/hp[.]gf
  • hxxp[:]//mail[.]zadiaks90[.]com/installer/images/inf[.]inf
  • hxxp[:]//makeupp[.]site/wp-content/themes/twentysixteen/genericons/1[.]pdf
  • hxxp[:]//makeupp[.]site/wp-content/themes/twentysixteen/genericons/inf[.]inf
  • hxxp[:]//mapsu[.]org/awstats/msg[.]jpg
  • hxxp[:]//marathonbuilding[.]com/wp-content/themes/Marathon20140204a/images/msg[.]jpg
  • hxxp[:]//marketingcoachth[.]com/wp-admin/css/colors/blue/msg[.]jpg
  • hxxp[:]//meeweb[.]com/admin/swfupload/css/inf[.]inf
  • hxxp[:]//meurls[.]xyz/wp-content/plugins/ad-ace/assets/css/fonts/iconfont/msg[.]jpg
  • hxxp[:]//miumilkshop[.]com/wp-includes/ID3/hp[.]gf
  • hxxp[:]//mmonteironavegacao[.]com[.]br/blog/category/msg[.]jpg
  • hxxp[:]//montaneproperties[.]co[.]za/cache/1[.]pdf
  • hxxp[:]//musiciansassociationofthephilippines[.]com/wp-includes/ID3/inf[.]inf
  • hxxp[:]//muslimlifestyleexpo[.]info/wp-content/themes/singlepage/languages/1[.]pdf
  • hxxp[:]//myclientsdemo[.]com/cannadyz/css/hp[.]gf
  • hxxp[:]//nest[.]sn/wp-content/themes/education-web/languages/msg[.]jpg
  • hxxp[:]//new4[.]pipl[.]ua/[.]well-known/acme-challenge/inf[.]inf
  • hxxp[:]//noblechild[.]com/wp-content/themes/mt-dark/languages/hp[.]gf
  • hxxp[:]//northernoceanmarine[.]com/wp-content/themes/nom/images/hp[.]gf
  • hxxp[:]//northernoceanmarine[.]com/wp-content/themes/nom/images/inf[.]inf
  • hxxp[:]//novotravel[.]ir/wp-snapshots/hp[.]gf
  • hxxp[:]//oestervraafys[.]dk/templates/rt_cygnet/fields/hp[.]gf
  • hxxp[:]//orielliespinoza[.]com/wp-content/themes/rara-business/images/hp[.]gf
  • hxxp[:]//orielliespinoza[.]com/wp-content/themes/rara-business/inc/css/hp[.]gf
  • hxxp[:]//ozemag[.]com/wp-content/themes/emag/template-parts/msg[.]jpg
  • hxxp[:]//panamacitybeachcondosforsale[.]net/wp-content/themes/astra/assets/css/minified/compatibility/woocommerce/hp[.]gf
  • hxxp[:]//pitbullcreative[.]net/wp-content/themes/alyeska/lang/hp[.]gf
  • hxxp[:]//pixonet[.]ir/wp-snapshots/hp[.]gf
  • hxxp[:]//plasticbottle-factory[.]com/wp-content/themes/baiila/fonts/hp[.]gf
  • hxxp[:]//prathmeshbiotech[.]com/templates/jd_miami/css/presets/inf[.]inf
  • hxxp[:]//precision[.]bc[.]ca/wp-content/themes/precision/colors/hp[.]gf
  • hxxp[:]//prigo[.]com/bluewhale/hp[.]gf
  • hxxp[:]//rayaxiaomi[.]com/wp-content/themes/abchlik/widgets/hp[.]gf
  • hxxp[:]//repairinc[.]wsid[.]net/wp-admin/css/colors/blue/inf[.]inf
  • hxxp[:]//rickspringfield[.]jp/PHOTOS/PHOTOS_files/msg[.]jpg
  • hxxp[:]//robinchahal[.]com/ftp/msg[.]jpg
  • hxxp[:]//rockett[.]net/wp-content/themes/simplemag/formats/hp[.]gf
  • hxxp[:]//ryzconstruccionesciviles[.]com/wp-content/themes/spacious/font-awesome/css/inf[.]inf
  • hxxp[:]//sabbath[.]weswesmusic[.]com/wp-includes/ID3/hp[.]gf
  • hxxp[:]//sagami-suisan[.]com/wpBK/msg[.]jpg
  • hxxp[:]//schwimmerforum[.]de/archive/hp[.]gf
  • hxxp[:]//shop[.]albertgrafica[.]com[.]br/vqmod/install/msg[.]jpg
  • hxxp[:]//smarthost[.]kiev[.]ua/templates/sunshine/css/msg[.]jpg
  • hxxp[:]//snowfeel[.]in/wp-admin/css/colors/blue/hp[.]gf
  • hxxp[:]//solutionpc[.]be/modules/php/1[.]pdf
  • hxxp[:]//spidernet[.]comuv[.]com/wp-content/themes/twentyseventeen/inc/inf[.]inf
  • hxxp[:]//standard-cement[.]kz/hp[.]gf
  • hxxp[:]//stilldesigning[.]com/wp-content/themes/stilldesigning-2014/css/hp[.]gf
  • hxxp[:]//subastaomarwheels[.]com/wp-content/themes/revo/css/fancy/hp[.]gf
  • hxxp[:]//szimano[.]org/wordpress/wp-admin/css/colors/blue/1[.]pdf
  • hxxp[:]//tanmoy[.]xyz/wp-content/themes/sility/files/hp[.]gf
  • hxxp[:]//tasooshi[.]com/wp-content/themes/astra/assets/css/minified/compatibility/woocommerce/msg[.]jpg
  • hxxp[:]//tasooshi[.]com/wp-content/themes/astra/inc/addons/transparent-header/assets/js/minified/msg[.]jpg
  • hxxp[:]//taxi-kazan[.]su/administrator/cache/msg[.]jpg
  • hxxp[:]//telebriscom[.]cl/wp-content/themes/fitness-wellness/languages/msg[.]jpg
  • hxxp[:]//thabazimbi[.]net/css/1[.]pdf
  • hxxp[:]//thaisell[.]com/AM/hp[.]gf
  • hxxp[:]//thefourthseasona-1-z[.]com/wp-includes/ID3/1[.]pdf
  • hxxp[:]//thegioibds[.]net/wp-includes/ID3/1[.]pdf
  • hxxp[:]//thelearningcompany[.]com[.]au/templates/eventus2/images/presets/default/inf[.]inf
  • hxxp[:]//tilmenyoresel[.]com/catalog/controller/account/inf[.]inf
  • hxxp[:]//tntnailswoodlands[.]com/wp-admin/css/colors/blue/hp[.]gf
  • hxxp[:]//tntnailswoodlands[.]com/wp-admin/css/colors/blue/inf[.]inf
  • hxxp[:]//tosama[.]de/templates/jsn_artista_pro/js/inf[.]inf
  • hxxp[:]//tourview[.]ir/wp-includes/ID3/hp[.]gf
  • hxxp[:]//trdesign[.]org/themes/bartik/color/1[.]pdf
  • hxxp[:]//tugaukina[.]com/wp-content/themes/sahifa/framework/admin/images/inf[.]inf
  • hxxp[:]//twosisterstravelco[.]com/wp-content/themes/uncode/languages/hp[.]gf
  • hxxp[:]//tyger[.]ro/wp-content/themes/twentysixteen/inc/inf[.]inf
  • hxxp[:]//varfolomeev[.]ru/cgi-bin/msg[.]jpg
  • hxxp[:]//veganwarrior[.]racevmarketing[.]com/wp-content/cache/et/8/1[.]pdf
  • hxxp[:]//vehiclescanner[.]co[.]uk/[.]quarantine/hp[.]gf
  • hxxp[:]//visionfirst[.]site/wp-admin/css/colors/blue/gr[.]mpwq
  • hxxp[:]//visitjourney[.]org/wp-content/plugins/admin-menu-editor/ajax-wrapper/hp[.]gf
  • hxxp[:]//vlakvarkproductions[.]co[.]za/[.]well-known/acme-challenge/inf[.]inf
  • hxxp[:]//voasi[.]com/wp-content/themes/twentyseventeen/assets/css/msg[.]jpg
  • hxxp[:]//www[.]333media[.]co[.]uk/wp-content/plugins/Plugin/Licensing/inf[.]inf
  • hxxp[:]//www[.]baumont[.]fr/wp-content/themes/dt-the7/languages/hp[.]gf
  • hxxp[:]//www[.]djyan[.]net/administrator/cache/inf[.]inf
  • hxxp[:]//www[.]eliasmetal[.]co[.]il/wp-content/languages/plugins/1[.]pdf
  • hxxp[:]//www[.]glitzygal[.]net/wp-content/themes/FreshClean/includes/msg[.]jpg
  • hxxp[:]//www[.]gran-premio[.]es/wp-content/themes/elastico/functions/css/hp[.]gf
  • hxxp[:]//www[.]gran-premio[.]es/wp-content/themes/elastico/js/hp[.]gf
  • hxxp[:]//www[.]illustr8design[.]co[.]uk/wp-content/themes/illustr8black/font/hp[.]gf
  • hxxp[:]//www[.]insidepoolmag[.]com/wp-content/themes/vidorev/page-templates/msg[.]jpg
  • hxxp[:]//www[.]krayot[.]ru/includes/hp[.]gf
  • hxxp[:]//www[.]krohm[.]net/wp-content/themes/Flexible_old/css/hp[.]gf
  • hxxp[:]//www[.]leamoreconstruction[.]com/wp-content/themes/buildplus/admin/1[.]pdf
  • hxxp[:]//www[.]mashmul[.]ir/components/com_ajax/hp[.]gf
  • hxxp[:]//www[.]phazethree[.]com/wp-content/themes/customizr/inc/admin/css/msg[.]jpg
  • hxxp[:]//www[.]plasticbottle-factory[.]com/wp-content/themes/baiila/fonts/hp[.]gf
  • hxxp[:]//www[.]scottpatton[.]com/birthday/hp[.]gf
  • hxxp[:]//www[.]scottpatton[.]com/img/common/hp[.]gf
  • hxxp[:]//www[.]sey-org[.]com/wp-content/themes/frindle/templ/msg[.]jpg
  • hxxp[:]//www[.]soundtel[.]com/cgi-bin/msg[.]jpg
  • hxxp[:]//www[.]thecustomboxeshelp[.]com/wp-content/themes/Newspaper/mobile/amp/css/inf[.]inf
  • hxxp[:]//www[.]x-ng[.]de/wp-content/themes/my-vcard-resume/vendors/bootstrap/css/hp[.]gf
  • hxxp[:]//www[.]xfreaks[.]at/templates/reinhard4/css/inf[.]inf
  • hxxp[:]//zipcarbahamas[.]com/wp-admin/css/colors/blue/inf[.]inf
  • hxxp[:]//zzb[.]kz/libraries/cms/captcha/hp[.]gf

Malware Hash (MD5/SHA1/SH256)

  • 1fc2e4c5ff5844410fc7b78c6987cddf
  • 44ff529219044aea635985dbb98b63f1
  • c834c0e071ba81c16ec8093233a268c9
  • d4dd2a704dc4058951b330bf9e72df57
  • 7288d113b95d76bdb5e80040fcded9a4
  • 862ced9771f1d1af136e0b00c9a37496
  • 4efaa45b9e7c58ee04eecbf11c430063
  • fc2d1d2825c42a11b56d6e5fd0ef0317
  • 358f9893f047e1e0e7d4eee13bd4a3b6
  • 17c7cda30096c869c95c50852b4043c9
  • d27974f69100fe36c948f25529a72a2d
  • 21d5abb9977d71918ee1de4e83dc8e84
  • 6cc16cb37135f58895345e3f8cbfdd5d
  • 6f3e147fca1f2c8fe6275082d66e2a30
  • 75e0a3f7fa6853b006b7871be3217e21
  • 588c44f7d45328df605aaa90902f51b4
  • 9cbdc4243bf6b775c17ddae33472d7f0
  • 399602c103cf91b3983742ab89a71918
  • e64ffb9762baa56fca2dcf788e671c19
  • d0b32bcb0d2d3c809dd829d0b4f5e36f
  • f0a70786bc46ef829652208789fb71a8
  • a49becf00b4f784713850c36c93743fd
  • 26e56de629257522119b9c0bf303f178
  • efeef329677779bdce968ad62a4744a6
  • 92b5abef090c538d37aaa4d4220d203c
  • f8f2854a70018b6dc26069bfd677ac65
  • 6050d781f8a9138342195c195354f601
  • 013aae78d326cfb1cc3c1baf924368c1
  • adead6c71c051595f60dbd42919cbfa3
  • b891aa5781114582c27baa0c8029777c
  • d7b1976d623015332b2ff468f385ea69
  • e3b60927db92de73e80813fa24a7c61b
  • a645c3785b9f3ece07bd959631f8fdc0
  • 7382581e63ff4fe62477dd915fa33736
  • 5d5d9dba99e609b34ea040ef7003e444
  • 834e658f1c9206f3dcf1076192ba7256
  • 969305f9f01a46e8eee82885d9bde2bd
  • 2d4f8a97b58382be42c61bacd190a577
  • 024b96c94297855f73d34df614a4baa3
  • 5b6401c25c4db9c6552a24bcf72295b8
  • 66527ee46c0939b508607efab87b352d
  • 4d988338e79cb04cdc1358d49dfdd2e9
  • e1910ce7fa51b3d99c1664c632949cdd
  • 80c87c3b7187bf24ad3e3805c9ceccca
  • e8178a58198d491bd2dbcc2c170fd40d
  • 4a9246917961b64d89d52f812647a4c6
  • 46d391cb2a6c43cee82609ee33fb371b
  • 86cc993b9af22ce2624a6a3d7831e422
  • b82b82beb62ac4eb418482d9bcb517c2
  • 08588913138eae6baec523566ae4131e
  • e5dbf26de67c36360904167fc0d014e7
  • bd2504c9adb62cce7cc148f97f5f9201
  • bb39f3c3bafd9fac9c8cc1b8ed2a6e40
  • b6a294ac8421dfc269e9af7428094063
  • eecc3f8b06d10c937ee2bdda9afdfc03
  • 214139f97f853b7febdf030baba6bafd
  • ee65ebbc954c2ad5a09042d138af0679
  • 91ecfc7bef3e8f2851cd0b3a80e767b4
  • 9c216a7d7e50c0576ca4bdc794db37c8
  • 4dc6394261c4404164c1061deef9afb3
  • 821db42aed5076881f1ccf04fb9f3025
  • 65c7547198528217791e1f0de2788e7d
  • 2507d78dec3de7552c582576ba48865d
  • e704da02579efeb63b16181bdec2b77f
  • cb65cf232455da6e55f9d27339caa4b3
  • cb444d53bc22ef7a48f809801bb06ec7
  • d618bf728cecc3d684fc28c23996a95f
  • f97ff2b608b522b1a6769a87c74af6d4
  • 38af0830c3144800359245d53a8854b5
  • 7e921e11caeb6f9594fa286d217af62e
  • e3cce010a6dd36ea82db065ee92f2c2e
  • eb4a56ff586f6c8efe402a1684c79464
  • 4a56b5573673cc7d2cb3161fbfce5c7c
  • 201e80d06b45399649f453017eb5a4e5
  • 84b8bc2fea52b2090f29857f5d7e467e
  • 73dea1a75637e14f6fcd012fe2815636

Remediation

  • Block the threat indicators at their respective controls.
  • Do not download email attachments coming from untrusted sources.
  • Do not click on URLs received in untrusted emails.
  • Scan all files prior to execution.
  • Closely monitor invoice/bill-themed emails, (They’re also frequently reported in phishing alerts).
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.