Contact us
+(562) 2486 3850
Summary
The Computer Security Incident Response Team (CSIRT) has identified a phishing campaign with associated malware, through an email that supposedly comes from the Internal Revenue Service.
Cybercriminals seek to deceive users by informing that this email was generated by an electronic invoice issuance process detected in 2018. The potential victim is offered the possibility of downloading the electronic invoice from a hyperlink in the same email. When downloading the file and being executed, malware infection is triggered.
Commitment Indicators
Url’s:
http[:]//3[.]84[.]242[.]96/trs/contacto[.]php
http[:]//54[.]198[.]30[.]41
http[:]//3[.]84[.]242[.]96/TRS/OsistemaX[.]php
Smtp Host
[79 [.] 143 [.] 187 [.] 144]
[192 [.] 119 [.] 111 [.] 19]
[192 [.] 236 [.] 146 [.] 134]
[192 [.] 236 [.] 147 [.] 28]
Sender
root @ vmi326290 [.] contaboserver [.] net
root @ hwsrv-652688 [.] hostwindsdns [.] com
root @ hwsrv-652153 [.] hostwindsdns [.] com
root @ hwsrv-652169 [.] hostwindsdns [.] com
Subject:
The system detected and generated an alert about a debit
The system detected and generated an alert about a debit of 2018
Attached files.
File: FacturaElectronica-00365698-2019-10_2.zip
MD5: da77ab29f2e5304c8c71412ebc55f56c
SHA256: 88CAE6413D9F51B5BCC151E8826F8B3A7EA9F3FEBF5B37FCF563E01ECF9BA7DD
File: FacturaElectronica-00365698-2019-10_2.vbs
MD5: 5a1f935c30e95b65d8e475b3fb963067
SHA256: 781db34730e6b87b19b581ad4e538551b2697a31a3e2a6a983d2a8164106f522
File: Privacy Policy-2
MD5: 76dfd561e5305c1d3ad2ca63f1eb80f6
SHA256: f711d08800cb104c79ca3bf9738181c27f9522862ca42a20723c2313d4d6bbed
Other associated IOCs.
F7C427E0A0F059DB601FB38B028BD8B2
E089DB1AB7F228CE40425ED22AD0B32A
BF07173B7F0244C07DB9AAD7A73D8F4D
recommendations
Keep your platforms updated (Office, Windows, Adobe Acrobat, Oracle Java and others)
Evaluate the preventive blocking of commitment indicators
Keep all technology and threat detection platforms updated
Review the security controls of the AntiSpam and SandBoxing
Perform permanent awareness for users about these types of threats