March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Advisory – CVE-2019-6974 – Linux Kernel KVM “kvm_ioctl_create_device()” Use-AfterFree Vulnerability

February 27, 2019

Rewterz Threat Advisory – CVE-2019-1674 – New Elevation of Privilege Vulnerability Found in Cisco WebEx Meetings

February 28, 2019

Rewterz Threat Alert -WARZONE RAT ( aka Ave Maria RAT) Malware

February 27, 2019

Severity

Medium

Analysis Summary

Malspam WARZONE RAT (aka Ave_Maria Stealer aka Ave Maria RAT) malware has been spread through different phishing campaigns. Threat indicators are provided.

Indicators of Compromise

IP(s) / Hostname(s)

5.206.225[.]104
146.255.88[.]214

URLs

warzonedns[.]com
hxxp://5.206.225[.]104/dll/vcruntime140.dll
hxxp://5.206.225[.]104/dll/softokn3.dll
hxxp://5.206.225[.]104/dll/msvcp140.dll
hxxp://5.206.225[.]104/dll/mozglue.dll
hxxp://5.206.225[.]104/dll/freebl3.dll hxxp://5.206.225[.]104/dll/nss3.dll
hxxp://5.206.225[.]104/dll/upnp.exe

Email Address

manarnasr[@]madeinaudio[.]com
tou013[@]efx.net[.]nz

Email Subject

Important Process form Regarding fraud Adjustment Refund
TD Bank Secure Mail
Transaction receipt for eInvoice 4596
ACH Credit Transaction

Malware Hash (MD5/SHA1/SH256)

4e56a44a29a1f6038f2f0c1909aa02846e61a3b9
8662cce96988085e2e35f80c0d9a3e7bb9022b22
708c6af4b82bd6913709fe6ed17c766e2585b3b4
1f8080cd046576290f28e1e22c2daf7843d72642
b3892eef846c044a2b0785d54a432b3e93a968c8
ffcdc87572815d4801094dd7fa7df5f5868d0b3e
153b601dd6780f1a532f68444f92aeed2c7971b58547aaf2b9d5165c0c14623d
27a855a5b954c4a2415b5f49cd798872a5bc6a08878ba5eea010b0a27718a987
49027f9a9bf07e48b40512aab3c06d5dcdf7a50bfd7019bf32182a1f2ffacf16
cfe14dc4f408f1d1cbabf5b05cde303a8c8ff6a600d98b3ef4b12ab1d2f73ba0
798af20db39280f90a1d35f2ac2c1d62124d1f5218a2a0fa29d87a13340bd3e4
0244cbf1fbf8809c335b9bbd8142c72e3bbb36881e0aacfba6000e0aaa048ba9
a2681b18b9e0d0a449cc9fd018d503cc
2cb663a749b8f07054e8ffc29564f78e
469209838a2ae561997998debabac084
b74a28a008ea01c409392dbeb15a078a
461ade40b800ae80a40985594e1ac236
ee03ca33712e4ee518cb7b046d0f64ec

Remediation

Block the threat indicators at their respective controls.
Always be suspicious of unsolicited email.
Never click/ download any attachments sent from unrecognized senders.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – CVE-2019-6974 – Linux Kernel KVM “kvm_ioctl_create_device()” Use-AfterFree Vulnerability

Rewterz Threat Advisory – CVE-2019-1674 – New Elevation of Privilege Vulnerability Found in Cisco WebEx Meetings