Rewterz

Rewterz Threat Alert – Three Phishing Campaigns Dropping the Emotet Malware – IoCs

March 8, 2019
Rewterz

Rewterz Threat Alert – Chase Themed Phishing Campaign

March 8, 2019

Rewterz Threat Alert – Shipping Themed Malspam – IoCs

Severity

Medium

Analysis Summary

Shipping themed Malspam campaign has been observed, dropping malicious files. Threat Indicators are given below.

Indicators of Compromise

IP(s) / Hostname(s) 5.62.58[.]215
105.112.98[.]11
91.192.100[.]54
URLs divinevilla.hopto[.]org
Filename opr
sadesfc[.]lzh
Email Address tmalone[@]americanbuildsupply[.]com
melissa.wooling[@]fairwayfreight[.]com
compras[@]globalpremiumbrands[.]com
Malware Hash (MD5/SHA1/SH256) 9dec9ead4a957458af86db6ca89ddeec
75efc609d8d8b54fef19782e0bc68270

Remediation

Block the threat indicators at their respective controls.

Do not follow links or download files attached in unexpected emails.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.