Rewterz

Rewterz Threat Advisory – CVE-2020-0674 – Unpatched Internet Explorer Browser Zero-Day

January 20, 2020
Rewterz

Rewterz Threat Advisory – Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

January 20, 2020

Rewterz Threat Alert – Emotet is Back from Holiday

Severity

High

Analysis Summary

Emotet is back from holiday after 3 weeks break and currently targeting 81 countries with spam emails with heavily targeting US and it’s neighboring countries. Threat actors using different email templates to lure users to click on the malicious links which includes subjects like invoices, reports, invite to holiday or even great thunberg climate change support requests.By clicking the malicious links will install emotet trojan.

final-report-spam.jpg
Proof of delivery spam

Every spam email campaign when clicked will be delivered a message will be presented with a message stating that this “document only available for desktop or laptop versions of Microsoft Office Word.” It then prompts the user to click on ‘Enable editing’ or ‘Enable Content’ to view the document.

Malicious Word doc

When a user opens the document, malicious macros will be executed that download the Emotet trojan from a remote server and executes it.

Impact

Exposure of sensitive information

Remediation

  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.