March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2020-4662 – IBM Event Streams privilege escalation
August 17, 2020Rewterz Threat Alert – Emotet Malware – IOCs
August 17, 2020Rewterz Threat Advisory – CVE-2020-4662 – IBM Event Streams privilege escalation
August 17, 2020Rewterz Threat Alert – Emotet Malware – IOCs
August 17, 2020
Severity
Medium
Analysis Summary
An alert warning of an unknown threat actor spoofing the Small Business Administration’s COVID-19 loan relief webpage. Using phishing emails, the actor includes a link to the spoofed webpage which is actually used for credential theft and malicious redirects. Analysts have stated the emails are targeting state, local, tribal, and territorial government recipients. Upon clicking the link, victims are prompted to enter their SBA Economic Injury Disaster Loan Portal Account information to review application and check on loan status.
Impact
- Credential theft
- Exposure of sensitive data
Indicators of Compromise
IP
- 162[.]214[.]104[.]246
URL
- hxxps[:]//leanproconsulting[[.]]com[.]br/gov/covid19relief/sba[.]gov
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.