Rewterz Threat Alert – ProtonVPN Scam Campaign

Rewterz Threat Alert – XLS HTML Phishing Campaign – Active IOCs

August 16, 2021

Rewterz Threat Alert –Phobos Ransomware – Active IOCs

August 16, 2021

Rewterz Threat Alert – ProtonVPN Scam Campaign – Active IOCs

Severity

High

Analysis Summary

ProtonVPN is the latest vendor in a list of cybersecurity software providers that have had their names abused by threat actors in order to spread malware.There is an ongoing campaign to trick customers to access a cloned site for ProtonVPN and download a fake installer instead of legitimate software.

Impact

Credential Theft
Data Encryption
Unauthorized Access

Indicators of Compromise

IP

68[.]183[.]222[.]4

MD5

b2cdc95b3cf3086d6ddb44661c3a82fe
73c28c781d7305acdff908fad795f7b8

SHA-256

45db8949527cc2cc123a09dc475099f5be409e95add854b0c9b166e1249b3371
58451e8b528cc0b052070d2b0837a3d9fb80892517ba94f5196b2d63e63f1d52

SHA-1

f013f1029071dac5b250c15b5afec3346df84310
f4e9bf4e8aa94b11d8d1a9c0e6455b2e2134c93c

URL

http[:]//68[.]183[.]222[.]4
http[:]//freeprotonvpn[.]com

Remediation

Block all threat indicators at their respective controls
Search for IOCs in your environment.