March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Alert – Mars Malware – Active IOCs

April 12, 2022

Rewterz Threat Advisory – CVE-2022-28339 – Trend Micro Vulnerability

April 13, 2022

Rewterz Threat Alert – APT DPRK-Nexus Group – Active IOCs

April 12, 2022

Severity

High

Analysis Summary

DPRK-nexus is a threat actor group that compromises its victims by sending spear-phishing emails containing Korean-based malicious documents with different lures. The lures utilized in their recent efforts are quite diverse. These lures varied from the impersonation of the Korea Internet Information Center (KRNIC) to the impersonation of numerous South Korean Internet Security companies or Cryptocurrency companies. This effort appears to have a broad goal of stealing data from South Korean individuals. The victims of the majority of the infections were users who had an email address registered on naver dot com, a South Korean web platform that offers free email boxes, news, and search engine capabilities.

Impact

Information Theft
Exposure of Sensitive Data

Indicators of Compromise

Filename

유사수신고소장-1[.]docx 202203_BTC_ETH추가계정정보[.]docx

MD5

277de31debc234414aa16252b1ae5106
ce00749c908de017010055a83ac0654f
5144a35d9f120339b8374177714e199e
bb9ee3a6504fbf6a5486af04dbbb5da5
2677f9871cb340750e582cb677d40e81
d47f7fcbe46369c70147a214c8189f8a
9775ef6514916977d73e39a6b09029bc
a2aca7b66f678b85fc7b4015af21c5ee
1a536709554860fcc2c147374556205d

SHA-256

ab01143169a142b246441b778b7865532ec88fd37e19f690efd00ee5302f0683
f265a04e08a79ea6a4eeacd8294b3af2e1a08ae131018dd1ca195ae900437767
6ed3447bb9fcb5abfe78a628ebcd1a0987c75b18eac5673a3a90a4bbe745b527
96754f46e1ce19a337c3a4368e63ad1135405b383f3d3bd77beefe20926cf89d
a7c17e5fa55bcc60d4cff64dd37d0a1f0cc93f4f44b3cebd5633ca5af413e5cc
dfb4270fb6dc92fdfd9903b4b12bf67897e86a626925f76e4336af60c14683be
a7976205ce8a0e1859df40eb6479fe90cd479644862cdcc8ad99082be0f1d5a1
d2b32b233489eb120c50d7f862e2d20b89c8bb89e595086f85728e69668533e0
ae7275988753fffb29bdb254babdf46773daf935b2721006fe66a1747af3d1d4

SHA-1

6eaca4e57c78af7fccd5799593cc0b770a984040
d12a92c4b41349ca76d0a44c2fd50cb1fd0b1f35
ca0051815ceae216e467e25d7a6189e3b9a114cf
b0f2fb3744c84634b30620910943e7d3dfe8d99c
c5ae757463b2015ef2d472fa26aec0f6aac1fa3f
22fdd547cca436f15d48b15cf988f5785ba49fd8
e6c1379789291c24b7bb52ad402f1358af283c96
33e3019cb515586b031e513c1305287193973dd9
bb3a0dc01309162971ad6a11c5cb159fe93fedee

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.
Always be suspicious about emails sent by unknown senders.
Never click on the links/attachments sent by unknown senders

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Mars Malware – Active IOCs

Rewterz Threat Advisory – CVE-2022-28339 – Trend Micro Vulnerability