March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Analysis on Sidewinder APT Group – COVID-19
June 22, 2020Rewterz Threat Alert – PowerBrace Malware Targets Financial Organizations
June 23, 2020Analysis on Sidewinder APT Group – COVID-19
June 22, 2020Rewterz Threat Alert – PowerBrace Malware Targets Financial Organizations
June 23, 2020
Severity
Medium
Analysis Summary
Recently, there has been an increase in malicious e-mails with PDF attachments explaining the benefits of using GPI CODE. These emails are targeting corporate sector (mainly small institutions which are not connected to SWIFT) and banks. These e-mails usually come from senders who represent small companies that offer an interesting business proposal if the recipient can do business using a “GPI CODE”. To make the emails appear legitimate, the emails contain operating procedures and documentation attached as files. Attached below are the screenshots.
Impact
Unknown
Indicators of Compromise
Filename
- GPI CODE FEATURES updated[.]pdf
MD5
- 4513d091c86a464b4d95c75f874ab561
SHA-256
- cb0165a3bfade6ff0286069ba2100427c76dcdd71c976514f02fb3527e3cda11
SHA1
- 16e619ce78d3ef66ffb26f5cc5b5a0506661b129
Remediation
- Block the threat indicators at respective controls.
- Be vigilant when receiving new business opportunities from unknown sources.