• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Buhtrap backdoor and ransomware distributed via major advertising platform
April 30, 2019
Rewterz Threat Advisory – CVE-2019-2725 – WebLogic Server Remote Code Execution Vulnerability
May 2, 2019

Rewterz Threat Alert – Tech Support Scam Employs New Trick by Using Iframe to Freeze Browsers

April 30, 2019

Severity

Medium

Analysis Summary


A new technical support scam (TSS) campaign surfaced using iframe in combination with basic pop-up authentication to freeze a user’s browser. This new technique also serves as a tool for evading detection for the threat actors. Just like other TSS campaigns disguising themselves as legitimate or well-known brand’s service providers, this campaign in particular uses Microsoft to lure victims and to establish a fake legitimacy. Following is a preview of the pop-up authentication on a spoofed Microsoft webpage.

image-1556623431.jpg

Indicators of Compromise

URLs

  • hxxp[:]//140[.]82[.]36[.]155/assests/eng_edge_new[.]html
  • hxxp[:]//140[.]82[.]38[.]211/assests/eng_edge_new[.]html
  • hxxp[:]//140[.]82[.]42[.]6/assests/eng_edge_new[.]html
  • hxxp[:]//140[.]82[.]46[.]46/assests/eng_edge_new[.]html
  • hxxp[:]//140[.]82[.]9[.]45/assests/eng_edge_new[.]html
  • hxxp[:]//149[.]28[.]36[.]182/assests/eng_edge_new[.]html
  • hxxp[:]//149[.]28[.]45[.]200/assests/eng_edge_new[.]html
  • hxxp[:]//149[.]28[.]56[.]4/assests/eng_edge_new[.]html
  • hxxp[:]//18[.]206[.]159[.]176/assests/eng_edge_new[.]html
  • hxxp[:]//199[.]247[.]3[.]159/assests/eng_edge_new[.]html
  • hxxp[:]//207[.]246[.]127[.]175/assests/eng_edge_new[.]html
  • hxxp[:]//216[.]155[.]135[.]180/assests/eng_edge_new[.]html
  • hxxp[:]//45[.]32[.]156[.]135/assests/eng_edge_new[.]html
  • hxxp[:]//45[.]32[.]205[.]54/assests/eng_edge_new[.]html
  • hxxp[:]//45[.]76[.]166[.]173/assests/eng_edge_new[.]html
  • hxxp[:]//45[.]76[.]166[.]231/assests/eng_edge_new[.]html
  • hxxp[:]//45[.]76[.]2[.]215/assests/eng_edge_new[.]html
  • hxxp[:]//45[.]76[.]4[.]128/assests/eng_edge_new[.]html
  • hxxp[:]//45[.]76[.]6[.]92/assests/eng_edge_new[.]html
  • hxxp[:]//45[.]77[.]109[.]221/assests/eng_edge_new[.]html
  • hxxp[:]//45[.]77[.]149[.]225/assests/eng_edge_new[.]html
  • hxxp[:]//45[.]77[.]154[.]214/assests/eng_edge_new[.]html
  • hxxp[:]//45[.]77[.]218[.]239/assests/eng_edge_new[.]html
  • hxxp[:]//45[.]77[.]64[.]207/assests/eng_edge_new[.]html
  • hxxp[:]//45[.]77[.]67[.]129/assests/eng_edge_new[.]html
  • hxxp[:]//80[.]240[.]16[.]81/assests/eng_edge_new[.]html
  • hxxp[:]//80[.]240[.]19[.]216/assests/eng_edge_new[.]html
  • hxxp[:]//95[.]179[.]167[.]173/assests/eng_edge_new[.]html
  • hxxp[:]//95[.]179[.]168[.]138/assests/eng_edge_new[.]html

Remediation

  • Block the threat indicators at their respective controls.
  • Do not respond to pop-ups that raise panic and alarm. Instead, contact a legitimate source to confirm the security status of your computer.
  • Always check for errors or spelling mistakes in the URLs to ensure its legitimacy.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.