• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Subpoena Malspam Campaigns Deliver Predator the Thief Malware
November 8, 2019
Rewterz Threat Alert – Emotet Malware – IoCs
November 11, 2019

Rewterz Threat Alert – Trickbot Launches Personalized Spear Phishing Attacks

November 8, 2019

Severity

High

Analysis Summary

Trickbot operators are launching personalized and targeted spear phishing campaigns to lure victims into downloading Trickbot. The malspam campaign uses YOUR NAME (or Organization name) + PROVOCATIVE ADJECTIVES/VERB that will definitely get your attention. The Tricky tricksters from TrickBot used OSINT (Open-source intelligence) data (full name, their company, phone number, job title) to target professional at medium to large enterprise companies. Below is the email content.

Dear *Name_of_Victim*,

Private and Confidential
One of your workmates at Victim’s Workplace, has lodged a complaint with the Palos Hills division of the Equal Employment Opportunity Commission that you manifested behavior considered as sexual harrassment.

Seeing one’s name and organization’s name in an email doubles the likelihood of victims clicking on the malicious links attached in these malspam campaigns.I

Impact

  • Information Disclosure
  • Credential Theft
  • Website Takeover
  • Financial Loss

Indicators of Compromise

Domain Name

ftpthedocgrp[.]com

Email Subject

Attn: Name_of_Victim – A grievance raised against you.

Filename

Name_of_Victim – Harassment complaint letter (phone 111-222-3333).doc

MD5

  • 71c459ea520c0e55fa144cd5a16a566b
  • 52d3428965a5f9001754a30fa6ea163d
  • 3afbe45c12cbd6e856a1cb23a1ca29ec
  • 363ddb3b8f096161f9162e14b9b97348
  • 10f3c410a07ff5b8ad5fcb6e2c12f675
  • 03e359ba82bcf4dbc2e40fcb78bade7a
  • f524e3256e6ea4fb7c11e5ce6672c0de

SH256

  • 5b08241e83eb4b0188b3052a107bd796b3c32b84b882e23715f4d12ce318368c
  • ddae2b31b8bd170957dd5efc46bd5e9414181277fde2c95c8e792ee762433ebd
  • fb3909076f570782604a67a57f7b50b3a3fde18274a0d59557dded3da6f40dc5
  • 6af150fdbc685171ad222648a6011fa77084b4f26c1c85106f896b98efa24043
  • 6b2ddd65039d42efb0110b8f198d01f0d5abf67cf43b17021486d87396136c32
  • 4533f6a69614dcbb8c1ea9aa48dec41dd935df14d468603bac44c8978f0f91b7
  • 5f24c41aa68951f744c9204344d2cae0f276e57ddd91442e02d1911d7c16d138

Source IP

  • 108.167.140[.]193
  • 195.133.145[.]141

URL

hxxp[:]//ftpthedocgrp[.]com/backup[.]msi%20/q

Remediation

  • Block the threat indicators at their respective controls.
  • Minimize your personally identifiable information available online.
  • Do not respond to emails coming from untrusted email addresses.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.