• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – AZORult Steals Information – IOCs
April 16, 2020
Rewterz Threat Advisory – CVE-2020-0993 – Windows DNS Denial of Service Vulnerability
April 16, 2020

Rewterz Threat Alert – “Twin Flower” Campaign Downloads Files, Steals Data

April 16, 2020

Severity

Medium

Analysis Summary

A malicious campaign called Twin Flower is found jacking up network traffic, downloading files and stealing data. The files are believed to be downloaded unknowingly by users when visiting malicious sites or dropped into the system by another malware. The files are either a component or the main executable itself of a music downloader that automatically downloads music files without user consent. It drops several files and adds the following processes to the system: The application connects to different links to retrieve MP3 file details, download MP3 files, and retrieve related images, and saves them in the user’s My Music folder. It also communicates with other potentially malicious URLs besides the ones used for MP3-related downloading. The malicious files, Trojan.JS.TWINFLOWER.A and TrojanSpy.JS.TWINFLOWER.A, try to connect to URLs that are related to increasing simulated clicks towards certain video websites. This is done to jack up the sites’ network traffic, thus boosting search engine rankings and advertising revenue from mainstream video sites. Besides these, the malicious files could potentially do more damage since the malware can download code and inject it into systems.

Impact

  • Remote Code Injection
  • Information Theft 

Indicators of Compromise

MD5

  • 82c80eb1812e436bfc0e4fa43c70180c
  • a0d47f4259d55c70ec6b45b89d0c9b3b
  • b13fcf559cde3b1a89bc9deb568d020d

SHA-256

  • 076b8a238c17ea3a0259446ff959fffdb9d20d7cda1ffe544e110f15a39ce479
  • 3c4b81990a3be7196a112598247e10d46a4e5abc47dc80ff45f238694ef2cf95
  • ea73dd57209fd6f744f58af02f09cc416b3341c068aed21540e27f9471860626

Remediation

  • Block the threat indicators at their respective controls.
  • Strictly avoid visiting random websites, as malicious sites will download malware on the device without user’s knowledge. 
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.