March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Advisory – ICS – Siemens SINEMA Vulnerability

August 22, 2021

Rewterz Threat Alert – Cerberus Banking Trojan – Active IOCs

August 22, 2021

Rewterz Threat Alert –GandCrab Ransomware – Active IOCs

August 22, 2021

Severity

High

Analysis Summary

Fresh IoCs have been retrieved from a campaign distributing the GandCrab ransomware. GandCrab campaigns typically involve emails designed to deceive a potential victim into downloading attached malicious files. The infection process begins once a victim opens the attachment. It is important to note that the malware, in order to be successfully installed, requires the victim to enable macros. As is customary with other ransomware, it aims to lock a victim’s files, and demand that a ransom amount be paid. GandCrab usually targets consumers and businesses with PCs running Microsoft Windows. GandCrab has been involved in some of the biggest ransomware attacks, causing massive monetary loss to victims. GandCrab operators usually attempt to impersonate legitimate services in order to successfully victimize the target. For instance, in January 2020, GandCrab was distributed packed in a word document “Flu pandemic warning.doc” supposedly coming from the Center for Disease Control.

Impact

Files Encryption
Data Exfiltration

Indicators of Compromise

MD5

44c289e415e4c12b883003082194d76c
4afcd3e6be15a9480fa46b9b9b8eb465
95557a29de4b70a25ce62a03472be684
e6714bce3d8d9d0749572bd20ada0d96
2a5926e061c5cf3c6f8bb8908464468a

SHA-256

ce8a3474f1be9d750b5a5d5447e8f66b651d215799c1b5acb261296426542659
143666ebfb967e253ce8d6732aff226c24e44a906ca83e0978b396328322a448
49b769536224f160b6087dc866edf6445531c6136ab76b9d5079ce622b043200
b8b50ac7b9bfc4be19c9dd9b4fdc469773d8e1eee72194f2779c522f953e6adb
c0db3c329592294a81f23c37e701a189110913c17d1371bc625a3eae97f37a94

SHA1

915e5b6ad63ca0115ad8ac41da271e167cb50486
50d74eaa9edaec2cc78a717cf1ba3900fbcee6fd
5baabf2869278e60d4c4f236b832bffddd6cf969
4f2dedc17145ce8ebdee9eff605aa5ad1e87717e
d256701b40efd72f2ed9c0ebacdea162926590cd

Remediation

Block the threat indicators at their respective controls.
Do not download files attached in untrusted emails.
Do not download files from random sources on the internet

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – ICS – Siemens SINEMA Vulnerability

Rewterz Threat Alert – Cerberus Banking Trojan – Active IOCs