April 21, 2025

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Medium
Attackers are launching thematic email campaigns using COVID fear to lure people into clicking malicious documents. APT27 has launched a similar campaign. The first stage is a fake PDF file. It looks like a real PDF, it has a hidden extension and a nice PDF icon, but it really isn’t a PDF, it’s actually a .lnk file, or in other words a “Microsoft Linking File”. Opening up the .lnk file there are two main sections: one is a kind of header where it is possible to observe commands, and the other section is a big encoded payload. Stage 1 carved Stage 2 from its body by extracting bytes and decoding them using base64 encoding. The new stage is a Microsoft compressed CAB file. Stage 1 executes the Javascript included in the CAB file. 9sOXN6Ltf0afe7.js performs an ActiveXObject call to WScript.Shell in order to execute Windows command lists. Once ”deobfuscated” and beautified the command line looks like (9sOXN6Ltf0afe7.js payload beautified). The attacker creates a folder that looks like a “file” by calling it cscript.exe trying to cheat the analyst. Then the attacker populates that folder with the needed files to follow the infection chain. |
Hostname
MD5
SHA-256
URL