March 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – SLOTHFULMEDIA RAT Used to Target Organizations in Multiple Countries
October 2, 2020Rewterz Threat Alert – APT Group Palmerworm Wages Cyber Espionage Campaign
October 2, 2020Rewterz Threat Alert – SLOTHFULMEDIA RAT Used to Target Organizations in Multiple Countries
October 2, 2020Rewterz Threat Alert – APT Group Palmerworm Wages Cyber Espionage Campaign
October 2, 2020
Severity
High
Analysis Summary
A new squatting campaign is detected, which is being used by threat actors to target the finance and insurance sector. The campaign has a global scope assumingly luring users into giving away their login credentials. The campaign is likely to cause financial damage to a victim whose credentials are successfully stolen.
Impact
- Credential Theft
- Financial Loss
Indicators of Compromise
Domain Name
- check48paypal[.]com
- delete48paypal[.]com
- delete72paypal[.]com
- locked72paypal[.]com
- preview48paypal[.]com
- solve72paypal[.]com
- view72paypal[.]com
- check72paypal[.]com
- solve48paypal[.]com
Remediation
- Block the threat indicators at their respective controls.
- Do not click on URLs received in emails. Instead, carefully type a URL when needed.
- Search for existing signs of the indicated IOCs in your environment.