Rewterz

Rewterz Threat Advisory – CVE-2019-0251/ CVE-2019-0259 – SAP BusinessObjects BI Multiple Vulnerabilities

February 21, 2019
Rewterz

Rewterz Threat Alert – Multiple Phishing Campaigns – IoCs

February 22, 2019

Rewterz Threat Alert – Fraudulent Phishing Emails – IoCs

Severity

Medium

Analysis Summary

Another MalSpam campaign has been observed containing malicious file attachments, which also have malicious URLs embedded in them. Following IoCs have been retrieved from this phishing campaign.

Impact

  • Loss of sensitive information
  • Credential theft
  • Malware infection

Indicators of Compromise

URLs

  • googlex.alibobomoneyman[.]xyz
  • hxxps://www.dropbox[.]com/s/yk7m01jp5xq67bz/confirm_invoice.zip?dl=1 voicewaves[.]com/abnow/usa/myway/index2.php.
  • voicewaves[.]com/abnow/
  • voicewaves[.]com/verifyab/
  • voicemail-listen[.]com

Email Address

  • linda[@]alliedmortgage[.]com
  • ap[@]voicemail-listen[.]com

Malware Hash (MD5/SHA1/SH256)

cfd7c140e37c9a6ff608205f087b8325

37210ce95cd3faa0a757d67f06d8e4af

Remediation

Block the threat indicators at their respective controls.

Do not download email attachments and do not click on links attached in emails from unknown sources.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.