Rewterz Threat Advisory – CVE-2021-40131 – Cisco Common Services Platform Collector Stored
November 18, 2021Rewterz Threat Alert – FormBook Malware – Active IOCs
November 18, 2021Rewterz Threat Advisory – CVE-2021-40131 – Cisco Common Services Platform Collector Stored
November 18, 2021Rewterz Threat Alert – FormBook Malware – Active IOCs
November 18, 2021Severity
Medium
Analysis Summary
A new AgentTesla campaign is seen targeting victims with malspam. AgentTesla is known for stealing data from different applications on victim machines, such as browsers, FTP clients, and file downloaders. Agent Tesla collects personal information from the victim’s machine, steals data from the victim’s clipboard, can log keystrokes, capture screenshots, and access the victim’s webcam. It can kill running analysis processes and AVsoftware. The spyware also performs basic actions to check whether it is running on a virtual machine or in debug mode, in an attempt to hide its capabilities and actions from researchers. All the data it obtains is sent in encrypted form via SMTP protocol.
Impact
- Credential Theft
- Data Exfiltration
- Information Theft
Indicators of Compromise
MD5
- 9ff29fd59f3ac0010cba4da238cd48c3
- f8c97e6f6236cde1ba17f90005908a04
- 5daf04bda9ff387f6d21c334c58a866f
- a192f0b48a46890b35370723150eaf39
- 619f8ccd0bd2187518c8c53eb5719058
SHA-256
- 0f96b02d380a0b99d4ba89716e3d2a04b8996d70b3c79c0da3c8d6426d973b1b
- 8d3ce7000835474fe760b962dafed1655422b712735ae6fc660755e5ea64c78f
- 7646f318ea4a1625cb2e7ed06aa9d0da7bf869e8412f9bacda48055084247aa1
- 1cf22420a396d9602d5028670b9e175550da36e8fe4c3bbe85a4de01419d8f2f
- 2ce59667fd45c61f031085058709cb4532af062827c15044d2fa340e6a465c23
SHA-1
- f2aa6abfe3991afabbcf431edd7c9c4e6a272a62
- 2992734d265e470dbf6ef609bde4874895392518
- 034e3e2ac199c499f7fda50bbb6b854ed72f45ee
- d658215eee2fa1b2451a0da6114c25daec0bcb78
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.