Rewterz Threat Advisory – CVE-2020-14520 – ICS: Inductive Automation Ignition 8
August 3, 2020Rewterz Threat Alert – Agent Tesla Malware – IOCs
August 3, 2020Rewterz Threat Advisory – CVE-2020-14520 – ICS: Inductive Automation Ignition 8
August 3, 2020Rewterz Threat Alert – Agent Tesla Malware – IOCs
August 3, 2020Severity
Medium
Analysis Summary
GuLoader, first reported in March 2020, was by June being widely used in malspam campaigns. Then in late June, GuLoader activity reduced significantly. In mid-July, GuLoader was again appearing in malspam campaigns. Researchers found GuLoader with an Italian company who provide a product named CloudEye which, according to their website, is used to protect windows applications from cracking, tampering, debugging, disassembling, and dumping. The exposure of CloudEye apparently caused the company to pause operations while they investigated the abuse of CloudEye. Around the time researchers began observing the return of GuLoader, the company behind CloudEye announced it had resumed operation with tighter controls to prevent abuse. The recent campaign, used DHL-themed emails with an attached ISO file containing GuLoader. The payload in this case was the FormBook info stealer malware.
Impact
- Information theft
- Exposure of sensitive data
Indicators of Compromise
MD5
- 2733b4b48c0250d25095aed69ace4750
SHA-256
- 7b4d3b6eb50a072d36f6233aeb56352735c59dd54ba54d6e6fbca6b23a1739d5
- 8a13de21c0cb1d10e4ee93394794e0714f4a58994be543ac94592b6f8abc53dc
SHA1
- 5ab0b624e6e4c20847d3e8720b9e8e2b526d319a
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.