March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Advisory – Nanocore Rat – Active IOCs

November 10, 2021

Rewterz Threat Alert – Remcos RAT – Active IOCs

November 10, 2021

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

November 10, 2021

Severity

Medium

Analysis Summary

A new AgentTesla campaign is seen targeting victims with malspam. AgentTesla is known for stealing data from different applications on victim machines, such as browsers, FTP clients, and file downloaders. Agent Tesla collects personal information from the victim’s machine, steals data from the victim’s clipboard, can log keystrokes, capture screenshots, and access the victim’s webcam. It can kill running analysis processes and AVsoftware. The spyware also performs basic actions to check whether it is running on a virtual machine or in debug mode, in an attempt to hide its capabilities and actions from researchers. All the data it obtains is sent in encrypted form via SMTP protocol.

Impact

Credential Theft
Data Exfiltration
Information Theft

Indicators of Compromise

MD5

4a1da34a18884e895c50840d18da5410
261ee0b190eb806e6b021fbeb8a346fa
b043d45a626ecddf9d79522833d3afb5
ffc9945db60016c79bb411e4c96242e5
e8cd923f317a64dfb8bb80836ec51057
706cca564f802a40a911070ee171fe4e
d37d61e3af928e1d4465ea7e2863f31b
389eac48433850860160584c628bcd19

SHA-256

6993747a36de320da76abd12add5b18ef169afa7f69ef69f6d10f47f8494cdd1
ad3988279308557a80967115232764e878004c80fda39f27d48cd78ad319f552
b6cfa39ccf7fe43bfbb4912ede50cdf7de513440ffa61bbca49bfe1d3d7f2333
81420f42ee455db2a99c1f85b03fb213083e03c2f329f1919b9dc3044de89555
23c589943fbd3d7837f1ddf96cb86c17f62973987f6bac016ebe4dd3c01a1915
d6db1886657d4ec8e9779d26d1550df019f40c3960d2aa6b1cd01381a6d88af8
51995ba05ab2faef9206a16e5732d51b1a470c8f1b3ad8ef72654b967209e088
ffbad515588df376e86216b15b2a092570d1dc91116e787de8648060ef06895c

SHA-1

236d160af9af18e6a8531de5f98ec47e1450f659
967b735e4951775896ccc169ab2963da1b6dbcae
2605001f7759d92c0d4c3dda4be5f30bcf1242fd
36a3f96a0684b3a57c249337f80c4c9a59337324
6018f351a861908e30ace9cc5faad5b57a1ee949
36ce8aabf4cd4fb156484d086682b513939764d3
e77616d2c05ba0bc7d017ea0672eeeb21a96304b
444968e357355379e5c852aa0c4fa9f0d3d28318

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – Nanocore Rat – Active IOCs

Rewterz Threat Alert – Remcos RAT – Active IOCs