Rewterz

Rewterz Threat Alert – EvilGnome Rare Malware Spying on Linux Desktop Users

July 18, 2019
Rewterz

Rewterz Threat Advisory – CVE-2019-1917 – Cisco Vision Dynamic Signage Director REST API Authentication Bypass Vulnerability

July 18, 2019

Rewterz Threat Alert – Sea Turtle Adopts New DNS Hijacking Techniques

Severity

High

Analysis Summary

“Sea Turtle” DNS hijacking campaign and their continuing efforts to compromise victims. The operators behind the campaign have adopted a new DNS hijacking technique that involves modifying the target domain’s name server records to point legitimate users to the actor-controlled server. Once in control of the victim’s DNS, the attackers redirect their traffic to malicious websites and email servers. This would facilitate a man-in-the-middle attack against the victim or potentially allow the attacker to harvest credentials.

Impact

DNS hijacking

Indicators of Compromise

IP(s) / Hostname(s)

  • 185[.]64[.]105[.]100
  • 178[.]17[.]167[.]51
  • 95[.]179[.]131[.]225
  • 140[.]82[.]58[.]253
  • 95[.]179[.]156[.]61
  • 196[.]29[.]187[.]100
  • 188[.]226[.]192[.]35
  • 45[.]32[.]100[.]62
  • 95[.]179[.]150[.]101


URLs

  • ns1[.]intersecdns[.]com
  • ns2[.]intersecdns[.]com
  • ns1[.]rootdnservers[.]com
  • ns2[.]rootdnservers[.]com

Remediation

  • Search for these IOC’s in your respective environment.
  • Block all threat indicators at your respective controls.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.