• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Dragonfly Targets ICS Systems Using Man on the Side Attacks
July 25, 2019
Rewterz Threat Alert – Phobos Ransomware Threat Indicators
July 26, 2019

Rewterz Threat Alert – TA505 Impersonates Airlines

July 26, 2019

Severity

Medium

Analysis Summary

Threat actor TA505 is impersonating Airlines disguising as domestic e-ticket (e-ticket) certificates from the morning of July 25, ahead of the summer vacation season.

image-1564126182.png

The attacker is the ‘** Airline e-Ticket Certificate.’ , And using the sophisticated Korean language in the body of the e-mail content, the e-mail recipient is encouraged to open the attached file.

Attached file is’ e-ticket (random number) .iso ‘file name is attached to the compressed file, the icon and extension when decompressed as a PDF document disguised as a screen saver file’ e-ticket certificate _66016630.pdf. scr ‘or’ L207123.lnk ‘will be downloaded.

The ‘e-ticket voucher _66016630.pdf.scr’ file is malicious code based on .Net. The C2 server acts as an additional payload download.

999063345D392FBD02

Impact

  • System Access
  • Exposure of sensitive information

Indicators of Compromise

Malware Hash (MD5/SHA1/SH256)

  • 0571bb4ecf3dbf5d5185eabd7d03d455
  • 1d87a127b31c8a67f6902bdc6366374b
  • 22e41b97813c028fd7c4ae6d32572534
  • 279215fc358060825372c2de68dd5c4f
  • 3f45a8fbec15305de1d4a296006c5b01
  • 44215ae4681773954b404ddfae416248
  • 4d0511050aa5e48d3cac0e697e168fb3
  • 57484338303a48dffadf466f74db4bab
  • 5f6c61cccf8cb547a3979e1d49a7ef81
  • 62b1ad72a7cb1699cebe7b71518f65be
  • 7928e36c8a45f98d5adf2016740b77eb
  • 91bce06fe0ee40afb9ba7ea12ae00a77
  • ad78c04d0e7990d32d09becb82426d37
  • c3e961ad583d9c4bd3892456eb6516d5
  • c43496f70be5263a4bab6c853e610951
  • c9ce180f2fa6097798224c7cc3abdfaf
  • cf07da2872c29a4682380a66080fcd61
  • d6438345c12dd000ff2d55a7a3b8ccb6
  • deb3a3d09a656ac14eb83574d2fcd2b3
  • f834018fee0597d8be54b7174bc5048d

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the link/attachments sent by unknown senders.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.