March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Alert – Gh0st RAT Malware – Active IOCs
November 26, 2021
Rewterz Threat Alert – Dark Crystal RAT – Active IOCs
November 26, 2021
Rewterz Threat Alert – Gh0st RAT Malware – Active IOCs
November 26, 2021
Rewterz Threat Alert – Dark Crystal RAT – Active IOCs
November 26, 2021
Severity
Medium
Analysis Summary
Happy Black Friday! Dridex banking Trojan is up and alive and targeting users with spam campaign targeting users with different email subjects. This particular campaign is recently seen in North American region and can shift it’s tilt towards different regions as well as the holiday season approaches. Dridex is a sophisticated strain of banking malware that targets the Windows platform, delivering spam campaigns to infect computers and steal banking credentials and other personal information to facilitate fraudulent money transfers. Through its history and development, Dridex has used several exploits and methods for execution, including modification of directory files, using system recovery to escalate privileges, and modification of firewall rules to facilitate peer-to-peer communication for extraction of data. The malware’s main use is to steal banking credentials and it has been attributed to the TA505 threat group (aka Evil Corp) known to have been active since at least Q3 2014.
Impact
- Credential Theft
- Information Theft
- Financial Loss
Indicators of Compromise
Filename
- Black Friday Netflix coupon is 52803571
- Black Friday Amazon coupon #54767497
- Black Friday Netflix coupon is 5157687
- Black Friday? White Supr! Your freedom vote has a number 89388 Black Friday hunting license #5983005 Black Friday Amazon coupon #24722550 Black Friday Amazon coupon #352866 Black Friday hunting license #9590869 Black Friday hunting license #373708764 Black Friday Netflix coupon is 744247333 Black Friday? White Supr! Your freedom vote has a number 96394
- Black Friday Amazon coupon #72435083
- Black Friday Amazon coupon #3322985
- Black Friday Netflix coupon is 6012313
- Black Friday hunting license #83760140
- Black Friday hunting license #89087815
- Black Friday? White Supr*! Your freedom vote has a number 33930 Black Friday? White Supr! Your freedom vote has a number 155921
- Black Friday Netflix coupon is 689585
- Black Friday Netflix coupon is 28841354
- Black Friday hunting license #0664497
- Black Friday Netflix coupon is 53883
- Black Friday? White Supr! Your freedom vote has a number 931167915 Black Friday? White Supr! Your freedom vote has a number 3477943
- Black Friday hunting license #300802497
- Black Friday Amazon coupon #7791492
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.