Request a Demo
Rewterz
Rewterz Threat Advisory – PHP-Fusion SQL Injection Vulnerability
June 17, 2020
Rewterz
Rewterz Threat Advisory – CVE-2020-13238 – ICS: Mitsubishi Electric MELSEC iQ-R series
June 17, 2020

Rewterz Threat Alert – Global Malicious Spam Campaign Using Black Lives Matter as a Lure

Severity

Medium

Analysis Summary

A global malicious spam campaign that is targeting users who may be sympathetic to the Black Lives Matter movement that began in the United States and is emerging slowly globally. The ongoing COVID-19 pandemic and the numerous protests in the United States and elsewhere, attackers are leveraging the global news cycle to lure unsuspecting victims to download and open malicious attachments. The campaign uses a variety of subject lines for emails with an attached malicious Microsoft Word document to compel the user into opening the attachment. 

Figure 1. Variants of Black Lives Matter Spam and Subject lines

It is believed that the primary target of the campaign was USA but now it has started to shift it’s tile towards other countries as well since the Black lives matter campaign has impacted globally and people are protesting for it different countries. This campaign has been seen active in Canada, Cyprus, Thailand etc.

Impact

  • Exposure of sensitive data
  • Information theft

Indicators of Compromise

MD5

  • 87fcb42e736e76fd147bf282f2fc621b

SHA-256

  • af1fd845b7488ce9582409fd9a7a8a8e9fca0c4d366966cd3b8dfdffada99f98
  • 50b3d47d816b27f2e57c6bfc9cec866e0a1dfa64226679b3d434443016d1de0a
  • c9d7bdceddc35b22087fbe25b31226941a85d45ff942cc057de4077131ba2fad
  • 153179d234d351c03908fdf7a8d5ae208d7f3cd033931c633f2f376b1c6c1cbb
  • c269cbffec913fe22458ebaf05a0b70fdd339f39123c9809c4997bb40107a73f
  • 17fff7062c525cc1f0293fc9693982d793f44e483bab57fd2330ca5769cf4bf1
  • 35e1f022861474407246f0c66218a83019381e8745e4c6b294cf150f401c16dc
  • 84e3cfce2b0f54c908eb2e7e0b2732c86d9cddc4a2b1bc59d13d8ffd51f54a53
  • 3c1639044254cf6359062245277f56404d344a21be60f61d0ebd94476140f45f
  • bc0eef72d7b1bf11866e36a9782c353af9fa554278b8a356a7aac825ae752d5d
  • e449fc1ef3c8aa7bb6c3b6c323a9e465f26c05381912f128fde901234c8e5596
  • 024a8f2a3970df1c34f96770122707a6a60c489318355878517c5a0baafc2453
  • 7295626ebb7105fae83c12c0fac28df28f86b534e91f6fb37ea27e75becc8868
  • 67588ae687109031d7d6b428aaa14708110dab5c9f117e3d30d5b0d234cf5dae

SHA1

  • 378be007538fad9640d1724bbce13ccac49d17f

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.