March 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Cardinal Data-Themed Domain Observed Delivering AdWare
April 1, 2019Rewterz Threat Advisory – Microsoft Internet Explorer Security Bypass Vulnerability
April 2, 2019Rewterz Threat Alert – Cardinal Data-Themed Domain Observed Delivering AdWare
April 1, 2019Rewterz Threat Advisory – Microsoft Internet Explorer Security Bypass Vulnerability
April 2, 2019
Analysis Summary
Different threat indicators are observed in phishing campaigns dropping malicious url’s. Threat indicators are provided.
Impact
- Andromeda/Gamarue
- Banking Trojan
- Emotet
- Infostealer
- NanoCore
- Nemucod
- Occamy
- Qakbot
- RAT
- Trickbot
- Ursnif
- Worm
- ZeroAccess
Indicators of Compromise
IP (s)/ Hostname(s)
194.5.99[.]152
103.119.144[.]250
69.89.31[.]139
192.185.5[.]208
162.241.218[.]118
208.51.63[.]229
149.56.84[.]195
URLs
- differentia[.]ru
- disorderstatus[.]ru
- cuoxxscrhhvggevhkurnqphigp[.]com
- w40clementinauug[.]com
- ask.excedese[.]xyz
- d2inaklscrgsah.cloudfront[.]net
- gl[.]immereeako[.]info
Remediation
- Block threat indicators at respective controls
- Always be aware of the suspicious emails sent by unknown senders
- Never click on the link/attachments sent by unknown senders