March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Google Chrome Multiple Vulnerabilities
April 25, 2019Rewterz Threat Alert – DNSpionage Threat Actors Resurface With “Karkoff” Malware
April 25, 2019Rewterz Threat Advisory – Google Chrome Multiple Vulnerabilities
April 25, 2019Rewterz Threat Alert – DNSpionage Threat Actors Resurface With “Karkoff” Malware
April 25, 2019
Severity
Medium
Analysis Summary
A phishing email was reported which falsely appears to be coming from Standard Chartered bank, having a malicious DOC file as attachment. The sender’s email address is spoofed and the email subject is “Advice from Standard Chartered Bank”. Indicators of Compromise are given below.
Indicators of Compromise
IP(s) / Hostname(s)
- 23.106.215[.]82
- 185.94.98[.]201
- 45.67.14[.]61
URLs
hxxp[:]//45.67.14[.]61/H/262614
Filename
26261.DOC
Email Address
AdvicesIN[@]sc[.]com
Email Subject
Advice from Standard Chartered Bank
Malware Hash (MD5/SHA1/SH256)
- 8a97f60ce666d5e4edd0b27ad796b5f2
- dac0195dd0e26ea7ab8b4b2eb70582519c4151c8
- 0df4bf73c687e29bdb8b45af44a414f37f239164ad340d19a593a28f0b5c0222
Remediation
Consider blocking access to the threat indicators at their respective controls.