May 8, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Cobalt Group Activity Discovered
March 4, 2019Rewterz Threat Alert – American Express Themed Phishing Campaigns
March 5, 2019Rewterz Threat Alert – Cobalt Group Activity Discovered
March 4, 2019Rewterz Threat Alert – American Express Themed Phishing Campaigns
March 5, 2019
Severity: Medium
Analysis Summary
Following are the threat indicators that are being sent to users through different phishing campaigns and dropping malicious url’s.
Impact
- Trickbot
- Qakbot
- Emotet
Indicators of Compromise
URLs
- piano[.]donjuanbands[.]com
- coo11felicitaa[.]com
- desaercsed[.]fun
- ssenis[.]fun
- prorogues[.]pw
- decretery[.]host
- ygrenevresed[.]fun
- store[.]ku4sd[.]com
- microsofi[.]org
- mci[.]a7c7ac3[.]info
- config[.]mars[.]baofeng[.]net
- gl[.]immereeako[.]info
- mmgstjenifer[.]company
- soft[.]doyo[.]cn
- stronour[.]host
Email Subject
WE DISC0NNECT Y0U
Notice concerning your Account
Remediation
- Block threat indicators at your respective controls.
- Always be suspicious of the emails sent by the users that are not known.
- Never click on the links/attachments sent by the users that are unknown.
