Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
July 11, 2022Rewterz Threat Alert – APT29 Cozy Bear – Active IOCs
July 11, 2022Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
July 11, 2022Rewterz Threat Alert – APT29 Cozy Bear – Active IOCs
July 11, 2022Severity
Medium
Analysis Summary
Since 2016, FormBook has been active as a data-stealing malware that affects 4% of enterprises in 2020. It tracks and monitors keystrokes, finds and accesses files, takes screenshots, harvests passwords from various browsers, drops files, downloads, and executes stealthier malware in response to orders from a command-and-control server (C2). The cybercriminals behind these email campaigns used a variety of distribution techniques to deliver this malware, including PDFs, Office Documents, ZIP, RAR, etc.
Impact
- Credential Theft
- Sensitive Data Theft
- Keystroke Logging
Indicators of Compromise
MD5
- e4fda7c2756d51e47d615f9f3aaa9cf4
- 450d6269eb6932fbe8fa770bd343f417
- baafb92c268ddbb38311dac028b5bdc3
- 6d667b0b0e82b0b49e774a6972e52ca6
SHA-256
- 8bafe32e293e946fb3ba3f2ae6923daf04dd6a244cbe769a63e4d431ef53aeff
- 372bf21a05576bc8c406135b8e768cacab2b795002ea2dd031c19f1712f09ab6
- cd7ae77c347203839dafecec1e80dd8468e7780a76fe961062f277370c45b9e4
- f16639e73703fd9b3ee2ae0723c9e423184d1b9efabddc69a2a7ef56726ae8e9
SHA-1
- 63207a624ccae99fbdcbf6afd92e5bd06c58d6a4
- c613aadf4684a7fc8bee34f339b63dfc9ae77990
- de2d78cac4db5ea037e9ee62c7de69721d20026e
- 579708ee6bdbe2f08aa80b6d558c4325b87e0c1e
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.