Rewterz Threat Alert – Indicators of Compomise for Trickbot Qakbot Emotet - Rewterz

Rewterz Threat Alert – Cobalt Group Activity Discovered

Rewterz Threat Alert – American Express Themed Phishing Campaigns

Rewterz Threat Alert – Indicators of Compomise for Trickbot Qakbot Emotet

Severity: Medium

Analysis Summary

Following are the threat indicators that are being sent to users through different phishing campaigns and dropping malicious url’s.

Impact

Trickbot
Qakbot
Emotet

Indicators of Compromise

URLs

piano[.]donjuanbands[.]com
coo11felicitaa[.]com
desaercsed[.]fun
ssenis[.]fun
prorogues[.]pw
decretery[.]host
ygrenevresed[.]fun
store[.]ku4sd[.]com
microsofi[.]org
mci[.]a7c7ac3[.]info
config[.]mars[.]baofeng[.]net
gl[.]immereeako[.]info
mmgstjenifer[.]company
soft[.]doyo[.]cn
stronour[.]host

Email Subject

WE DISC0NNECT Y0U

Notice concerning your Account

Remediation

Block threat indicators at your respective controls.
Always be suspicious of the emails sent by the users that are not known.
Never click on the links/attachments sent by the users that are unknown.