Rewterz

Rewterz Threat Advisory – QNAP patches Multiple QTS vulnerabilities

December 8, 2020
Rewterz

Rewterz Threat Alert – Spear-Phishing Email Spoofs Microsoft Domain

December 9, 2020

Rewterz Threat Alert – Spear Phishing Campaign Targeting Finance and Banking Industry

Severity

Medium

Analysis Summary

A spear phishing campaign is found targeting finance and banking industry with malicious emails. The emails carry malicious attachments to drop malware. The targeted victims are found located in Turkey. It is not yet known which kind of malware is being distributed through this campaign.

Impact

Unknown

Indicators of Compromise

Domain Name

  • sdvsrgter[.]gb[.]net
  • u17316837[.]ct[.]sendgrid[.]net

From Email

  • noreply@mymeet[.]dev

MD5

  • 6cb91d0aa0db44cd6c93e1040b875d08
  • d891e51a320673d1548d288e167535ad
  • 3a30cbde3826f7b3bdc0dba708a179f3

SHA-256

  • c897509e8388323345c00d0bd3b7636d84a01ef06393c11878b59c09a46878d9
  • 06ecb0f3f8abf2554590466757f77407869705239e5f9f710b42d5293ef91eff
  • cff2dc33c1772f6500e0e4e1090667c43f4677b1794180d13628e2ed7d898b89

SHA1

  • 95f2ec8d59506bc811a0aec8f67510be81e24e94
  • 24c75d1e7f92baf7b63bf64b6c67773e0dffac93
  • 803bf4454719d649485e7cfbe83d26af88318ba8

Source IP

  • 103[.]153[.]182[.]50
  • 104[.]16[.]19[.]94
  • 209[.]197[.]3[.]24

URL

  • https[:]//sdvsrgter[.]gb[.]net
  • https[:]//sdvsrgter[.]gb[.]net/auth/index2[.]php

Remediation

  • Block the threat indicators at their respective controls.
  • Do not download files attached in untrusted emails.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.